本文整理汇总了Golang中github.com/google/gopacket.Packet.Dump方法的典型用法代码示例。如果您正苦于以下问题:Golang Packet.Dump方法的具体用法?Golang Packet.Dump怎么用?Golang Packet.Dump使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类github.com/google/gopacket.Packet的用法示例。
在下文中一共展示了Packet.Dump方法的1个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: gatherPacketLayersInfo
func gatherPacketLayersInfo(event common.MapStr, packet gopacket.Packet) {
// see https://godoc.org/github.com/google/gopacket#hdr-Pointers_To_Known_Layers
// Pointers To Known Layers:
// During decoding, certain layers are stored in the packet as well-known layer types.
// For example, IPv4 and IPv6 are both considered NetworkLayer layers,
// while TCP and UDP are both TransportLayer layers.
// We support 4 layers, corresponding to the 4 layers of the TCP/IP layering scheme
// (roughly anagalous to layers 2, 3, 4, and 7 of the OSI model).
// To access these, you can use the:
// packet.LinkLayer,
// packet.NetworkLayer,
// packet.TransportLayer, and
// packet.ApplicationLayer functions.
// Each of these functions returns a corresponding interface (gopacket.{Link,Network,Transport,Application}Layer).
// The first three provide methods for getting src/dst addresses for that particular layer,
// while the final layer provides a Payload function to get payload data.
// use "packet.Dump()" as a fail-safe to capture all available layers for a packet,
// just in case we encounter something unexpected in the unified2 file or we
// have neglected to handle a particular layer explicitly
event["packet_dump"] = packet.Dump()
// "packet.Dump()" is very verbose, i.e. a large amount of text, but that's ok
// capture the name of the layers found
var packet_layers []string
for _, layer := range packet.Layers() {
packet_layers = append(packet_layers, fmt.Sprintf("%v", layer.LayerType()))
}
event["packet_layers"] = packet_layers
// Ethernet layer?
ethernetLayer := packet.Layer(layers.LayerTypeEthernet)
if ethernetLayer != nil {
ethernetPacket, _ := ethernetLayer.(*layers.Ethernet)
event["ethernet_src_mac"] = fmt.Sprintf("%v", ethernetPacket.SrcMAC)
event["ethernet_dst_mac"] = fmt.Sprintf("%v", ethernetPacket.DstMAC)
// ethernet type is typically IPv4 but could be ARP or other
event["ethernet_type"] = fmt.Sprintf("%v", ethernetPacket.EthernetType)
// Length is only set if a length field exists within this header. Ethernet
// headers follow two different standards, one that uses an EthernetType, the
// other which defines a length the follows with a LLC header (802.3). If the
// former is the case, we set EthernetType and Length stays 0. In the latter
// case, we set Length and EthernetType = EthernetTypeLLC.
event["ethernet_length"] = fmt.Sprintf("%v", ethernetPacket.Length)
}
// IPv4 layer?
ipLayer := packet.Layer(layers.LayerTypeIPv4)
if ipLayer != nil {
ip, _ := ipLayer.(*layers.IPv4)
event["ip_version"] = ip.Version
event["ip_ihl"] = ip.IHL
event["ip_tos"] = ip.TOS
event["ip_length"] = ip.Length
event["ip_id"] = ip.Id
event["ip_flags"] = ip.Flags
event["ip_fragoffset"] = ip.FragOffset
event["ip_ttl"] = ip.TTL
event["ip_protocol"] = ip.Protocol
event["ip_checksum"] = ip.Checksum
event["ip_src_ip"] = ip.SrcIP
event["ip_dst_ip"] = ip.DstIP
event["ip_options"] = ip.Options // maybe? fmt.Sprintf("%v", ip.Options)
event["ip_padding"] = ip.Padding
}
// IPv6 layer?
ip6Layer := packet.Layer(layers.LayerTypeIPv6)
if ip6Layer != nil {
ip6, _ := ip6Layer.(*layers.IPv6)
event["ip6_version"] = ip6.Version
event["ip6_trafficclass"] = ip6.TrafficClass
event["ip6_flowlabel"] = ip6.FlowLabel
event["ip6_length"] = ip6.Length
event["ip6_nextheader"] = ip6.NextHeader
event["ip6_hoplimit"] = ip6.HopLimit
event["ip6_src_ip"] = ip6.SrcIP
event["ip6_dst_ip"] = ip6.DstIP
event["ip6_hopbyhop"] = ip6.HopByHop
}
// see: gopacket/layers folder ... what layers are needed for Snort/Suricata alerts?
// ICMPv4 layer?
// ICMPv6 layer?
// ARP layer?
// UDP layer?
udpLayer := packet.Layer(layers.LayerTypeUDP)
if udpLayer != nil {
udp, _ := udpLayer.(*layers.UDP)
event["udp_src_port"] = udp.SrcPort
event["udp_dst_port"] = udp.DstPort
event["udp_length"] = udp.Length
event["udp_checksum"] = udp.Checksum
}
// TCP layer?
tcpLayer := packet.Layer(layers.LayerTypeTCP)
if tcpLayer != nil {
tcp, _ := tcpLayer.(*layers.TCP)
//.........这里部分代码省略.........