-
Notifications
You must be signed in to change notification settings - Fork 12
/
capture.go
78 lines (65 loc) · 1.44 KB
/
capture.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
package tescat
import (
"fmt"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcap"
"log"
"net"
"strconv"
)
type Capture struct {
uniques map[[20]byte]bool
}
func NewCapture() (c *Capture, err error) {
c = new(Capture)
c.uniques = make(map[[20]byte]bool)
return
}
func (c *Capture) StartFromUDP(port int) (err error) {
addr, err := net.ResolveUDPAddr("udp4", ":"+strconv.Itoa(port))
if err != nil {
return err
}
conn, err := net.ListenUDP("udp4", addr)
if err != nil {
return err
}
for {
buf := make([]byte, 1024)
n, _, err := conn.ReadFromUDP(buf)
if err == nil {
m := NewRawMessage(buf[0:n])
c.processDefault(m)
} else {
fmt.Println("Error: ", err)
}
}
}
func (c *Capture) StartFromPCAP(file string, port int) (err error) {
handle, err := pcap.OpenOffline(file)
if err != nil {
log.Fatal("PCAP OpenOffline error:", err)
}
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
for packet := range packetSource.Packets() {
udpLayer := packet.Layer(layers.LayerTypeUDP)
udp, ok := udpLayer.(*layers.UDP)
if ok && udp != nil {
if udp.DstPort != layers.UDPPort(port) {
m := NewRawMessage(udp.Payload)
c.processDefault(m)
}
}
}
return
}
func (c *Capture) processDefault(m *Message) {
var key [20]byte
copy(key[0:20], m.Bytes())
exists := c.uniques[key]
if !exists {
c.uniques[key] = true
fmt.Println("UNIQ " + m.String())
}
}