stream

package

v0.9.0 Latest Latest Go to latest Published: Apr 9, 2026 License: BSD-3-Clause, GPL-3.0 Imports: 52 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dreadl0ck/netcap

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func ApplyActionToAbstractDecoders(action func(api core.DecoderAPI))
func ApplyActionToAbstractDecodersAsync(action func(api core.DecoderAPI))
func ApplyActionToStreamDecoders(action func(api core.StreamDecoderAPI))
func ApplyActionToStreamDecodersAsync(action func(api core.StreamDecoderAPI))
func InitAbstractDecoders(c *config.Config) (decoders []core.DecoderAPI, err error)
func InitDecoders(c *config.Config) (decoders []core.StreamDecoderAPI, err error)

Constants ¶

This section is empty.

Variables ¶

View Source

var Debug bool

Debug controls debug log messages and behavior

View Source

var DefaultAbstractDecoders = []core.DecoderAPI{
	file.Decoder,
	service.Decoder,
	exploit.Decoder,
	mail.Decoder,
	software.Decoder,
	vulnerability.Decoder,
	credentials.Decoder,
	alert.Decoder,

} // contains all available abstract decoders

DefaultAbstractDecoders contains decoders for custom abstractions that do not represent a specific network protocol.

View Source

var DefaultStreamDecoders = map[int32]core.StreamDecoderAPI{
	21:    ftp.Decoder,
	22:    ssh.Decoder,
	25:    smtp.Decoder,
	80:    http.Decoder,
	102:   s7comm.Decoder,
	110:   pop3.Decoder,
	143:   imap.Decoder,
	179:   bgp.Decoder,
	443:   tls.Decoder,
	445:   smb.Decoder,
	502:   modbus.Decoder,
	514:   syslog.Decoder,
	1080:  socks.Decoder,
	1883:  mqttsn.Decoder,
	1884:  mqttsn.Decoder,
	2222:  cip.Decoder,
	3389:  rdp.Decoder,
	4840:  opcua.Decoder,
	6667:  irc.Decoder,
	8443:  tls.Decoder,
	20000: dnp3.Decoder,
	2404:  iec62351.Decoder,
	34964: profinet.Decoder,
	44818: cip.Decoder,
	47808: bacnetip.Decoder,

	49:    tacacs.Decoder,
	88:    kerberosaudit.Decoder,
	135:   dcerpc.Decoder,
	631:   ipp.Decoder,
	10050: zabbix.Decoder,
	10051: zabbix.Decoder,
	9090:  protobuf.Decoder,
	50051: protobuf.Decoder,

} // contains all available stream decoders

DefaultStreamDecoders contains stream decoders mapped to their protocols default port int32 is used to avoid casting when looking up values Note: Multiple decoders can share the same port if they use different transports (TCP vs UDP). The Transport() method is checked before CanDecode() to filter appropriately.

View Source

var SortedDecoderPorts []int32

SortedDecoderPorts provides a deterministic iteration order for DefaultStreamDecoders. Go maps have non-deterministic iteration order, which causes the fallback decoder scan (when no port-specific match is found) to select different decoders across runs. This sorted list ensures consistent decoder selection.

View Source

var UDPStreamDecoders = []core.StreamDecoderAPI{
	quic.Decoder,
	kerberosaudit.Decoder,
}

UDPStreamDecoders contains additional stream decoders specifically for UDP protocols. These are checked by the UDP stream processor when no match is found in DefaultStreamDecoders. This is particularly useful for protocols that share port numbers with TCP protocols (e.g., QUIC uses UDP port 443 while TLS uses TCP port 443).

Functions ¶

func ApplyActionToAbstractDecoders ¶

func ApplyActionToAbstractDecoders(action func(api core.DecoderAPI))

ApplyActionToAbstractDecoders can be used to run custom code for all stream decoders.

func ApplyActionToAbstractDecodersAsync ¶

func ApplyActionToAbstractDecodersAsync(action func(api core.DecoderAPI))

ApplyActionToAbstractDecodersAsync can be used to run custom code for all gopacket decoders asynchronously.

func ApplyActionToStreamDecoders ¶

func ApplyActionToStreamDecoders(action func(api core.StreamDecoderAPI))

ApplyActionToStreamDecoders can be used to run custom code for all stream decoders.

func ApplyActionToStreamDecodersAsync ¶

func ApplyActionToStreamDecodersAsync(action func(api core.StreamDecoderAPI))

ApplyActionToStreamDecodersAsync can be used to run custom code for all gopacket decoders asynchronously.

func InitAbstractDecoders ¶

func InitAbstractDecoders(c *config.Config) (decoders []core.DecoderAPI, err error)

InitAbstractDecoders initializes all stream decoders.

func InitDecoders ¶

func InitDecoders(c *config.Config) (decoders []core.StreamDecoderAPI, err error)

InitDecoders initializes all stream decoders.

Types ¶

This section is empty.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
alert
bacnetip
bgp
cip
credentials
dcerpc
discovery
dnp3
exploit
file
ftp
http
iec62351
imap
ipp
irc
kerberosaudit
mail
modbus
mqttsn
network Package network handles network-layer protocol conversations (ICMP, IGMP, GRE, etc.) that don't have a transport layer.	Package network handles network-layer protocol conversations (ICMP, IGMP, GRE, etc.) that don't have a transport layer.
opcua
pop3
profinet
protobuf
quic Package quic implements QUIC protocol analysis for both gQUIC and IETF QUIC.	Package quic implements QUIC protocol analysis for both gQUIC and IETF QUIC.
rdp
s7comm
service
smb
smtp
socks
software
ssh
syslog
tacacs
tcp
tls
udp
utils
vulnerability
zabbix

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL