tls

package

v0.9.0 Latest Latest Go to latest Published: Apr 9, 2026 License: BSD-3-Clause, GPL-3.0 Imports: 25 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dreadl0ck/netcap

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func AddOrUpdateCertificate(cert *types.TLSCertificate) bool
func GetCertificate(fingerprint string) *types.TLSCertificate
func GetCertificateCount() int
func ResetCertificates()

Constants ¶

This section is empty.

Variables ¶

View Source

var Decoder = &decoder.StreamDecoder{
	Type:        types.Type_NC_TLSCertificate,
	Name:        serviceTLS,
	Description: "Transport Layer Security certificates extracted from TLS handshakes",
	PostInit: func(d *decoder.StreamDecoder) error {
		var err error
		tlsLog, _, err = logging.InitZapLogger(
			decoderconfig.Instance.Out,
			"tls",
			decoderconfig.Instance.Debug,
		)
		return err
	},
	CanDecode: func(client, server []byte) bool {

		if len(client) >= 6 {

			if client[0] == recordTypeHandshake &&
				(client[1] == 0x03 && client[2] <= 0x04) {
				if len(client) >= 6 && client[5] == handshakeTypeClientHello {
					tlsLog.Info("TLS traffic detected - CanDecode matched (ClientHello)",
						zap.Int("clientLen", len(client)),
						zap.Int("serverLen", len(server)),
					)
					return true
				}
			}
		}

		if len(server) >= 6 {
			if server[0] == recordTypeHandshake &&
				(server[1] == 0x03 && server[2] <= 0x04) {
				if len(server) >= 6 && server[5] == handshakeTypeServerHello {
					tlsLog.Info("TLS traffic detected - CanDecode matched (ServerHello)",
						zap.Int("clientLen", len(client)),
						zap.Int("serverLen", len(server)),
					)
					return true
				}
			}
		}

		tlsLog.Debug("TLS CanDecode check failed",
			zap.Int("clientLen", len(client)),
			zap.Int("serverLen", len(server)),
		)
		return false
	},
	DeInit: func(sd *decoder.StreamDecoder) error {

		err := flushCertificates(sd)
		if err != nil {
			tlsLog.Error("Failed to flush certificates", zap.Error(err))
		}
		return tlsLog.Sync()
	},
	Factory: &tlsReader{},
	Typ:     core.TCP,
}

Decoder for protocol analysis and writing audit records to disk.

Functions ¶

func AddOrUpdateCertificate ¶

func AddOrUpdateCertificate(cert *types.TLSCertificate) bool

AddOrUpdateCertificate adds a new certificate or updates an existing one Returns true if this is a new certificate, false if it was updated Exported for testing

func GetCertificate ¶

func GetCertificate(fingerprint string) *types.TLSCertificate

GetCertificate returns a certificate by its SHA256 fingerprint Exported for testing

func GetCertificateCount ¶

func GetCertificateCount() int

GetCertificateCount returns the number of certificates in the cache Exported for testing

func ResetCertificates ¶

func ResetCertificates()

ResetCertificates clears all certificates from memory This should be called when resetting state between processing different files

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL