Documentation
¶
Index ¶
- Constants
- Variables
- type ARPPacket
- type CipherSuite
- type DNSFlags
- type DNSMessage
- type EthernetFrame
- type Extension
- type FTPMessage
- type HSTLSParser
- type HTTPMessage
- type ICMPSegment
- type ICMPv6Segment
- type IPv4Flags
- type IPv4Packet
- type IPv6Packet
- type Layer
- type Message
- type QueryEntry
- type RDataA
- type RDataAAAA
- type RDataCNAME
- type RDataHTTPS
- type RDataMX
- type RDataNS
- type RDataOPT
- type RDataSOA
- type RDataTXT
- type RDataUnknown
- type Record
- type RecordClass
- type RecordType
- type ResourceRecord
- type SNMPMessage
- type SSHMessage
- type ServerName
- type TCPFlags
- type TCPSegment
- type TLSClientHello
- type TLSMessage
- type TLSServerHello
- type TLSVersion
- type TrafficClass
- type UDPSegment
Constants ¶
View Source
const ( HandshakeTLSVal = 0x16 // 22 ClientHelloTLSVal = 0x01 ServerHelloTLSVal = 0x02 )
Variables ¶
View Source
var LayerMap = map[string]Layer{ "ETH": &EthernetFrame{}, "IPv4": &IPv4Packet{}, "IPv6": &IPv6Packet{}, "ARP": &ARPPacket{}, "TCP": &TCPSegment{}, "UDP": &UDPSegment{}, "ICMP": &ICMPSegment{}, "ICMPv6": &ICMPv6Segment{}, "DNS": &DNSMessage{}, "FTP": &FTPMessage{}, "HTTP": &HTTPMessage{}, "SNMP": &SNMPMessage{}, "SSH": &SSHMessage{}, "TLS": &TLSMessage{}, }
Functions ¶
This section is empty.
Types ¶
type ARPPacket ¶
type ARPPacket struct {
HardwareType uint16 // Network link protocol type.
ProtocolType uint16 // Internetwork protocol for which the ARP request is intended.
ProtocolTypeDesc string // Internetwork protocol description.
Hlen uint8 // Length (in octets) of a hardware address.
Plen uint8 // Length (in octets) of internetwork addresses.
Op uint16 // Specifies the operation that the sender is performing.
OpDesc string // Operation description.
// Media address of the sender. In an ARP request this field is used to indicate
// the address of the host sending the request. In an ARP reply this field is used
// to indicate the address of the host that the request was looking for.
SenderMAC net.HardwareAddr
SenderIP netip.Addr // Internetwork address of the sender.
// Media address of the intended receiver. In an ARP request this field is ignored.
// In an ARP reply this field is used to indicate the address of the host that originated the ARP request.
TargetMAC net.HardwareAddr
TargetIP netip.Addr // Internetwork address of the intended receiver.
}
The Address Resolution Protocol (ARP) is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. Defined in RFC 826.
type CipherSuite ¶ added in v0.0.3
func (*CipherSuite) String ¶ added in v0.0.3
func (cs *CipherSuite) String() string
type DNSFlags ¶
type DNSFlags struct {
Raw uint16
QR uint8 // Indicates if the message is a query (0) or a reply (1).
QRDesc string // Query (0) or Reply (1)
OPCode uint8 // https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-5
OPCodeDesc string
AA uint8 // Authoritative Answer, in a response, indicates if the DNS server is authoritative for the queried hostname.
TC uint8 // TrunCation, indicates that this message was truncated due to excessive length.
RD uint8 // Recursion Desired, indicates if the client means a recursive query.
RA uint8 // Recursion Available, in a response, indicates if the replying DNS server supports recursion.
Z uint8 // Zero, reserved for future use.
AU uint8 // Indicates if answer/authority portion was authenticated by the server.
NA uint8 // Indicates if non-authenticated data is accepatable.
RCode uint8 // https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6
RCodeDesc string
}
type DNSMessage ¶
type DNSMessage struct {
TransactionID uint16 // Used for matching response to queries.
Flags *DNSFlags // Flags specify the requested operation and a response code.
QDCount uint16 // Count of entries in the queries section.
ANCount uint16 // Count of entries in the answers section.
NSCount uint16 // Count of entries in the authority section.
ARCount uint16 // Count of entries in the additional section.
Questions []*QueryEntry
AnswerRRs []*ResourceRecord
AuthorityRRs []*ResourceRecord
AdditionalRRs []*ResourceRecord
}
func (*DNSMessage) NextLayer ¶
func (d *DNSMessage) NextLayer() (layer string, payload []byte)
func (*DNSMessage) Parse ¶
func (d *DNSMessage) Parse(data []byte) error
Parse parses the given byte data into a DNSMessage struct.
func (*DNSMessage) String ¶
func (d *DNSMessage) String() string
func (*DNSMessage) Summary ¶
func (d *DNSMessage) Summary() string
type EthernetFrame ¶
type EthernetFrame struct {
DstMAC net.HardwareAddr // MAC address of the destination device.
SrcMAC net.HardwareAddr // MAC address of the source device.
EtherType uint16 // The protocol of the upper layer.
EtherTypeDesc string // Protocol description
// contains filtered or unexported fields
}
An Ethernet frame is a data link layer protocol data unit.
func (*EthernetFrame) NextLayer ¶
func (ef *EthernetFrame) NextLayer() (string, []byte)
NextLayer returns the name and payload of the next layer protocol based on the EtherType field of the EthernetFrame.
func (*EthernetFrame) Parse ¶
func (ef *EthernetFrame) Parse(data []byte) error
Parse parses the given byte data into an Ethernet frame.
func (*EthernetFrame) String ¶
func (ef *EthernetFrame) String() string
func (*EthernetFrame) Summary ¶
func (ef *EthernetFrame) Summary() string
type FTPMessage ¶
type FTPMessage struct {
// contains filtered or unexported fields
}
func (*FTPMessage) NextLayer ¶
func (f *FTPMessage) NextLayer() (layer string, payload []byte)
func (*FTPMessage) Parse ¶
func (f *FTPMessage) Parse(data []byte) error
func (*FTPMessage) String ¶
func (f *FTPMessage) String() string
func (*FTPMessage) Summary ¶
func (f *FTPMessage) Summary() string
type HSTLSParser ¶ added in v0.0.3
func HSTLSParserByType ¶ added in v0.0.3
func HSTLSParserByType(hstype uint8) HSTLSParser
type HTTPMessage ¶
https://developer.mozilla.org/en-US/docs/Web/HTTP/Messages port 80
func (*HTTPMessage) IsEmpty ¶ added in v0.0.3
func (h *HTTPMessage) IsEmpty() bool
func (*HTTPMessage) NextLayer ¶
func (h *HTTPMessage) NextLayer() (layer string, payload []byte)
func (*HTTPMessage) Parse ¶
func (h *HTTPMessage) Parse(data []byte) error
func (*HTTPMessage) String ¶
func (h *HTTPMessage) String() string
func (*HTTPMessage) Summary ¶
func (h *HTTPMessage) Summary() string
type ICMPSegment ¶
type ICMPSegment struct {
Type uint8 // ICMP type.
TypeDesc string // ICMP type description.
Code uint8 // ICMP subtype.
CodeDesc string // ICMP subtype description.
// Internet checksum (RFC 1071) for error checking, calculated from the ICMP header
// and data with value 0 substituted for this field.
Checksum uint16
Data []byte // Contents vary based on the ICMP type and code.
}
ICMP is part of the Internet protocol suite as defined in RFC 792.
func (*ICMPSegment) NextLayer ¶
func (i *ICMPSegment) NextLayer() (layer string, payload []byte)
func (*ICMPSegment) Parse ¶
func (i *ICMPSegment) Parse(data []byte) error
Parse parses the given byte data into an ICMP segment struct.
func (*ICMPSegment) String ¶
func (i *ICMPSegment) String() string
func (*ICMPSegment) Summary ¶
func (i *ICMPSegment) Summary() string
type ICMPv6Segment ¶
type ICMPv6Segment struct {
Type uint8
TypeDesc string
Code uint8
CodeDesc string
Checksum uint16
Data []byte
}
ICMPv6 is an integral part of IPv6 and performs error reporting and diagnostic functions.
func (*ICMPv6Segment) NextLayer ¶
func (i *ICMPv6Segment) NextLayer() (layer string, payload []byte)
func (*ICMPv6Segment) Parse ¶
func (i *ICMPv6Segment) Parse(data []byte) error
Parse parses the given byte data into an ICMPv6 segment struct.
func (*ICMPv6Segment) String ¶
func (i *ICMPv6Segment) String() string
func (*ICMPv6Segment) Summary ¶
func (i *ICMPv6Segment) Summary() string
type IPv4Packet ¶
type IPv4Packet struct {
Version uint8 // 4 bits version (for IPv4, this is always equal to 4).
IHL uint8 // 4 bits size of header (number of 32-bit words).
DSCP uint8 // 6 bits specifies differentiated services.
DSCPDesc string // differentiated services description.
ECN uint8 // 2 bits end-to-end notification of network congestion without dropping packets.
TotalLength uint16 // 16 bits defines the entire packet size in bytes, including header and data.
Identification uint16 // 16 bits identifies the group of fragments of a single IP datagram.
Flags *IPv4Flags // 3 bits used to control or identify fragments.
FragmentOffset uint16 // 13 bits offset of a particular fragment.
TTL uint8 // 8 bits limits a datagram's lifetime to prevent network failure.
Protocol uint8 // 8 bits defines the protocol used in the data portion of the IP datagram.
ProtocolDesc string // Protocol description.
HeaderChecksum uint16 // 16 bits used for error checking of the header.
SrcIP netip.Addr // IPv4 address of the sender of the packet.
DstIP netip.Addr // IPv4 address of the receiver of the packet.
Options []byte // if ihl > 5
// contains filtered or unexported fields
}
Internet Protocol version 4 is described in IETF publication RFC 791.
func (*IPv4Packet) NextLayer ¶
func (p *IPv4Packet) NextLayer() (string, []byte)
func (*IPv4Packet) Parse ¶
func (p *IPv4Packet) Parse(data []byte) error
Parse parses the given byte data into an IPv4 packet struct.
func (*IPv4Packet) String ¶
func (p *IPv4Packet) String() string
func (*IPv4Packet) Summary ¶
func (p *IPv4Packet) Summary() string
type IPv6Packet ¶
type IPv6Packet struct {
Version uint8 // 4 bits version field (for IPv6, this is always equal to 6).
TrafficClass *TrafficClass // 6 + 2 bits holds DS and ECN values.
FlowLabel uint32 // 20 bits high-entropy identifier of a flow of packets between a source and destination.
PayloadLength uint16 // 16 bits the size of the payload in octets, including any extension headers.
NextHeader uint8 // 8 bits specifies the type of the next header.
NextHeaderDesc string // next header description
// 8 bits replaces the time to live field in IPv4. This value is decremented by one at each forwarding node
// and the packet is discarded if it becomes 0. However, the destination node should process the packet normally
// even if received with a hop limit of 0.
HopLimit uint8
SrcIP netip.Addr // The unicast IPv6 address of the sending node.
DstIP netip.Addr // The IPv6 unicast or multicast address of the destination node(s).
// contains filtered or unexported fields
}
An IPv6 packet is the smallest message entity exchanged using Internet Protocol version 6 (IPv6). IPv6 protocol defined in RFC 2460.
func (*IPv6Packet) NextLayer ¶
func (p *IPv6Packet) NextLayer() (string, []byte)
func (*IPv6Packet) Parse ¶
func (p *IPv6Packet) Parse(data []byte) error
Parse parses the given byte data into an IPv6 packet struct.
func (*IPv6Packet) String ¶
func (p *IPv6Packet) String() string
func (*IPv6Packet) Summary ¶
func (p *IPv6Packet) Summary() string
type Message ¶
type QueryEntry ¶
type QueryEntry struct {
Name string // Name of the node to which this record pertains.
Type *RecordType // Type of RR in numeric form.
Class *RecordClass // Class code.
}
func (*QueryEntry) String ¶
func (qe *QueryEntry) String() string
type RDataCNAME ¶
type RDataCNAME struct {
CName string
}
func (*RDataCNAME) String ¶
func (d *RDataCNAME) String() string
type RDataHTTPS ¶
type RDataHTTPS struct {
Data string // TODO: add proper parsing
}
func (*RDataHTTPS) String ¶
func (d *RDataHTTPS) String() string
type RDataOPT ¶
type RDataSOA ¶
type RDataUnknown ¶
type RDataUnknown struct {
Data string
}
func (*RDataUnknown) String ¶
func (d *RDataUnknown) String() string
type Record ¶
type Record struct {
ContentType uint8
ContentTypeDesc string
Version *TLSVersion
Length uint16
Data []byte
}
type RecordClass ¶
func (*RecordClass) String ¶
func (c *RecordClass) String() string
type RecordType ¶
func (*RecordType) String ¶
func (rt *RecordType) String() string
type ResourceRecord ¶
type ResourceRecord struct {
Name string // Name of the node to which this record pertains.
Type *RecordType // Type of RR in numeric form.
Class *RecordClass // Class code.
TTL uint32 // Count of seconds that the RR stays valid.
RDLength uint16 // Length of RData field (specified in octets).
RData fmt.Stringer // Additional RR-specific data.
}
func (*ResourceRecord) String ¶
func (rt *ResourceRecord) String() string
type SNMPMessage ¶
type SNMPMessage struct {
Payload []byte
}
https://www.ranecommercial.com/legacy/pdf/ranenotes/SNMP_Simple_Network_Management_Protocol.pdf https://wiki.wireshark.org/SNMP port 161, 162
func (*SNMPMessage) NextLayer ¶
func (s *SNMPMessage) NextLayer() (layer string, payload []byte)
func (*SNMPMessage) Parse ¶
func (s *SNMPMessage) Parse(data []byte) error
func (*SNMPMessage) String ¶
func (s *SNMPMessage) String() string
func (*SNMPMessage) Summary ¶
func (s *SNMPMessage) Summary() string
type SSHMessage ¶
func (*SSHMessage) NextLayer ¶
func (s *SSHMessage) NextLayer() (layer string, payload []byte)
func (*SSHMessage) Parse ¶
func (s *SSHMessage) Parse(data []byte) error
func (*SSHMessage) String ¶
func (s *SSHMessage) String() string
func (*SSHMessage) Summary ¶
func (s *SSHMessage) Summary() string
type ServerName ¶ added in v0.0.3
type ServerName struct {
Type uint16
Length uint16
SNListLength uint16
SNType uint8
SNNameLength uint16
SNName string
}
func (*ServerName) Parse ¶ added in v0.0.3
func (sn *ServerName) Parse(data []byte) error
func (*ServerName) String ¶ added in v0.0.3
func (sn *ServerName) String() string
type TCPFlags ¶
type TCPSegment ¶
type TCPSegment struct {
SrcPort uint16 // Identifies the sending port.
DstPort uint16 // Identifies the receiving port.
// If the SYN flag is set (1), then this is the initial sequence number. The sequence number of the actual
// first data byte and the acknowledged number in the corresponding ACK are then this sequence number plus 1.
// If the SYN flag is unset (0), then this is the accumulated sequence number of the first data byte of this
// segment for the current session.
SeqNumber uint32
// If the ACK flag is set, the value is the next sequence number that the sender of the ACK is expecting.
AckNumber uint32
DataOffset uint8 // 4 bits specifies the size of the TCP header in 32-bit words.
Reserved uint8 // 4 bits reserved for future use and should be set to zero.
Flags *TCPFlags // Contains 8 1-bit flags (control bits)
// The size of the receive window, which specifies the number of window size units[b] that the sender of
// this segment is currently willing to receive.
WindowSize uint16
// The 16-bit checksum field is used for error-checking of the TCP header, the payload and an IP pseudo-header.
Checksum uint16
// If the URG flag is set, then this 16-bit field is an offset from the sequence number
// indicating the last urgent data byte.
UrgentPointer uint16
Options []byte // The length of this field is determined by the data offset field.
// contains filtered or unexported fields
}
TCP protocol is described in RFC 761.
func (*TCPSegment) NextLayer ¶
func (t *TCPSegment) NextLayer() (string, []byte)
func (*TCPSegment) Parse ¶
func (t *TCPSegment) Parse(data []byte) error
Parse parses the given byte data into a TCPSegment struct.
func (*TCPSegment) String ¶
func (t *TCPSegment) String() string
func (*TCPSegment) Summary ¶
func (t *TCPSegment) Summary() string
type TLSClientHello ¶ added in v0.0.3
type TLSClientHello struct {
Type uint8
TypeDesc string
Length int // 3 bytes int(uint(b[2]) | uint(b[1])<<8 | uint(b[0])<<16))
Version *TLSVersion
Random []byte //32 bytes
SessionIDLength uint8 // if 0 no session follows
SessionID string
CipherSuitesLength uint16
CipherSuites []*CipherSuite
CmprMethodsLength uint8 // usually 0x01
CmprMethods []byte // usually 0x00
ExtensionLength uint16
Extensions []*Extension
ServerName *ServerName
ALPN []string
}
https://wiki.osdev.org/TLS_Handshake#Client_Hello_Message
func (*TLSClientHello) ParseHS ¶ added in v0.0.3
func (tch *TLSClientHello) ParseHS(data []byte) error
func (*TLSClientHello) String ¶ added in v0.0.3
func (tch *TLSClientHello) String() string
type TLSMessage ¶
port 443 https://tls12.xargs.org/#client-hello/annotated https://tls13.xargs.org/#client-hello/annotated https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-5
func (*TLSMessage) NextLayer ¶
func (t *TLSMessage) NextLayer() (layer string, payload []byte)
func (*TLSMessage) Parse ¶
func (t *TLSMessage) Parse(data []byte) error
func (*TLSMessage) String ¶
func (t *TLSMessage) String() string
func (*TLSMessage) Summary ¶
func (t *TLSMessage) Summary() string
type TLSServerHello ¶ added in v0.0.3
type TLSServerHello struct {
Type uint8
TypeDesc string
Length int // 3 bytes int(uint(b[2]) | uint(b[1])<<8 | uint(b[0])<<16))
Version *TLSVersion
Random []byte //32 bytes
SessionIDLength uint8 // if 0 no session follows
SessionID string
CipherSuite *CipherSuite
CmprMethod uint8
ExtensionLength uint16
Extensions []*Extension
SupportedVersion *TLSVersion
}
https://wiki.osdev.org/TLS_Handshake#Server_Hello_Message
func (*TLSServerHello) ParseHS ¶ added in v0.0.3
func (tsh *TLSServerHello) ParseHS(data []byte) error
func (*TLSServerHello) String ¶ added in v0.0.3
func (tsh *TLSServerHello) String() string
type TLSVersion ¶ added in v0.0.3
func (*TLSVersion) String ¶ added in v0.0.3
func (tv *TLSVersion) String() string
type TrafficClass ¶
func (*TrafficClass) String ¶
func (p *TrafficClass) String() string
type UDPSegment ¶
type UDPSegment struct {
SrcPort uint16 // Identifies the sending port.
DstPort uint16 // Identifies the receiving port.
UDPLength uint16 // Specifies the length in bytes of the UDP header and UDP data.
Checksum uint16 // The checksum field may be used for error-checking of the header and data.
// contains filtered or unexported fields
}
UDP protocol is defined in RFC 768.
func (*UDPSegment) NextLayer ¶
func (u *UDPSegment) NextLayer() (string, []byte)
func (*UDPSegment) Parse ¶
func (u *UDPSegment) Parse(data []byte) error
Parse parses the given byte data into a UDPSegment struct.
func (*UDPSegment) String ¶
func (u *UDPSegment) String() string
func (*UDPSegment) Summary ¶
func (u *UDPSegment) Summary() string
Source Files
Click to show internal directories.
Click to hide internal directories.