func (p *processor) getFlow(pkt gopacket.Packet) gopacket.Flow { mu := moldudp64Layer(pkt) //p.flowBufSrc.Reset() //p.flowBufSrc.Write(pkt.NetworkLayer().NetworkFlow().Src().Raw()) //p.flowBufSrc.Write(pkt.TransportLayer().TransportFlow().Src().Raw()) //p.flowBufSrc.Write(mu.Flow().Src().Raw()) p.flowBufDst.Reset() p.flowBufDst.Write(pkt.NetworkLayer().NetworkFlow().Dst().Raw()) p.flowBufDst.Write(pkt.TransportLayer().TransportFlow().Dst().Raw()) p.flowBufDst.Write(mu.Flow().Dst().Raw()) return gopacket.NewFlow(packet.EndpointCombinedSession, p.flowBufSrc.Bytes(), p.flowBufDst.Bytes()) }
func (t *TCP) TransportFlow() gopacket.Flow { return gopacket.NewFlow(EndpointTCPPort, t.sPort, t.dPort) }
func (i *IPv4) NetworkFlow() gopacket.Flow { return gopacket.NewFlow(EndpointIPv4, i.SrcIP, i.DstIP) }
// PPP is the layer for PPP encapsulation headers. type PPP struct { BaseLayer PPPType PPPType } // PPPEndpoint is a singleton endpoint for PPP. Since there is no actual // addressing for the two ends of a PPP connection, we use a singleton value // named 'point' for each endpoint. var PPPEndpoint = gopacket.NewEndpoint(EndpointPPP, nil) // PPPFlow is a singleton flow for PPP. Since there is no actual addressing for // the two ends of a PPP connection, we use a singleton value to represent the // flow for all PPP connections. var PPPFlow = gopacket.NewFlow(EndpointPPP, nil, nil) // LayerType returns LayerTypePPP func (p *PPP) LayerType() gopacket.LayerType { return LayerTypePPP } // LinkFlow returns PPPFlow. func (p *PPP) LinkFlow() gopacket.Flow { return PPPFlow } func decodePPP(data []byte, p gopacket.PacketBuilder) error { ppp := &PPP{} if data[0]&0x1 == 0 { if data[1]&0x1 == 0 { return errors.New("PPP has invalid type") } ppp.PPPType = PPPType(binary.BigEndian.Uint16(data[:2])) ppp.Contents = data[:2]
func (u *UDP) TransportFlow() gopacket.Flow { return gopacket.NewFlow(EndpointUDPPort, u.sPort, u.dPort) }
// TransportFlow returns a flow based on the source and destination SCTP port. func (s *SCTP) TransportFlow() gopacket.Flow { return gopacket.NewFlow(EndpointSCTPPort, s.sPort, s.dPort) }
// scan scans the dst IP address of this scanner. func (s *scanner) scan() error { // First off, get the MAC address we should be sending packets to. hwaddr, err := s.getHwAddr() if err != nil { return err } // Construct all the network layers we need. eth := layers.Ethernet{ SrcMAC: s.iface.HardwareAddr, DstMAC: hwaddr, EthernetType: layers.EthernetTypeIPv4, } ip4 := layers.IPv4{ SrcIP: s.src, DstIP: s.dst, Version: 4, TTL: 64, Protocol: layers.IPProtocolTCP, } tcp := layers.TCP{ SrcPort: 54321, DstPort: 0, // will be incremented during the scan SYN: true, } tcp.SetNetworkLayerForChecksum(&ip4) // Create the flow we expect returning packets to have, so we can check // against it and discard useless packets. ipFlow := gopacket.NewFlow(layers.EndpointIPv4, s.dst, s.src) start := time.Now() for { // Send one packet per loop iteration until we've sent packets // to all of ports [1, 65535]. if tcp.DstPort < 65535 { start = time.Now() tcp.DstPort++ if err := s.send(ð, &ip4, &tcp); err != nil { log.Printf("error sending to port %v: %v", tcp.DstPort, err) } } // Time out 5 seconds after the last packet we sent. if time.Since(start) > time.Second*5 { log.Printf("timed out for %v, assuming we've seen all we can", s.dst) return nil } // Read in the next packet. data, _, err := s.handle.ReadPacketData() if err == pcap.NextErrorTimeoutExpired { continue } else if err != nil { log.Printf("error reading packet: %v", err) continue } // Parse the packet. We'd use DecodingLayerParser here if we // wanted to be really fast. packet := gopacket.NewPacket(data, layers.LayerTypeEthernet, gopacket.NoCopy) // Find the packets we care about, and print out logging // information about them. All others are ignored. if net := packet.NetworkLayer(); net == nil { // log.Printf("packet has no network layer") } else if net.NetworkFlow() != ipFlow { // log.Printf("packet does not match our ip src/dst") } else if tcpLayer := packet.Layer(layers.LayerTypeTCP); tcpLayer == nil { // log.Printf("packet has not tcp layer") } else if tcp, ok := tcpLayer.(*layers.TCP); !ok { // We panic here because this is guaranteed to never // happen. panic("tcp layer is not tcp layer :-/") } else if tcp.DstPort != 54321 { // log.Printf("dst port %v does not match", tcp.DstPort) } else if tcp.RST { log.Printf(" port %v closed", tcp.SrcPort) } else if tcp.SYN && tcp.ACK { log.Printf(" port %v open", tcp.SrcPort) } else { // log.Printf("ignoring useless packet") } } }
func IPFlow(addr *net.UDPAddr) gopacket.Flow { return gopacket.NewFlow(layers.EndpointIPv4, nil, addr.IP.To4()) }
func UDPFlow(addr *net.UDPAddr) gopacket.Flow { portBytes := []byte{byte(addr.Port >> 8), byte(addr.Port)} return gopacket.NewFlow(layers.EndpointUDPPort, nil, portBytes) }
// LinkFlow returns a new flow of type EndpointMAC. func (f *FDDI) LinkFlow() gopacket.Flow { return gopacket.NewFlow(EndpointMAC, f.SrcMAC, f.DstMAC) }
func SubchannelFlow(s int) gopacket.Flow { b := make([]byte, 4) binary.LittleEndian.PutUint32(b, uint32(s)) return gopacket.NewFlow(EndpointSubchannel, nil, b) }
func (r *RUDP) TransportFlow() gopacket.Flow { return gopacket.NewFlow(EndpointRUDPPort, []byte{byte(r.SrcPort)}, []byte{byte(r.DstPort)}) }
func (sll *LinuxSLL) LinkFlow() gopacket.Flow { return gopacket.NewFlow(EndpointMAC, sll.Addr, nil) }
func (m *Mach) Flow() gopacket.Flow { session := []byte{m.SessionNumber} return gopacket.NewFlow(EndpointMachSession, session, session) }
func (m *MoldUDP64) Flow() gopacket.Flow { session := m.Contents[0:10] return gopacket.NewFlow(EndpointMoldUDP64Session, session, session) }
func (e *Ethernet) LinkFlow() gopacket.Flow { return gopacket.NewFlow(EndpointMAC, e.SrcMAC, e.DstMAC) }