一开始清空map,并根据包进行逐层解析
func NewLayersData(FrameNo int, packet gopacket.Packet) map[string][]string {
for k:=range LayersData{
delete(LayersData,k)
}
PkgInfoBbranch, L0Infos := getPkgInfoData(FrameNo, packet)
layersAll:= []string{}
layersAll = append(layersAll, PkgInfoBbranch)
LayersData[PkgInfoBbranch] = L0Infos
if packet.LinkLayer() != nil {
LinkLayerBranch, L1Infos := getLinkLayerData(packet)
LayersData[LinkLayerBranch] = L1Infos
layersAll = append(layersAll, LinkLayerBranch)
}
if packet.NetworkLayer() != nil {
NetWorkLayerBranch, L2Infos := getNetWorkLayerData(packet)
LayersData[NetWorkLayerBranch] = L2Infos
layersAll = append(layersAll, NetWorkLayerBranch)
}
if packet.TransportLayer() != nil {
TransportLayerBranch, L3Infos := getTransportLayerData(packet)
LayersData[TransportLayerBranch] = L3Infos
layersAll = append(layersAll, TransportLayerBranch)
}
if packet.ApplicationLayer() != nil {
AppLayerBranch, L4Infos := getAppLayerData(packet)
LayersData[AppLayerBranch] = L4Infos
layersAll = append(layersAll, AppLayerBranch)
}
LayersData[""]=layersAll
fmt.Println(LayersData)
return LayersData
}
根据包的metadata进行解析
func getPkgInfoData(FrameNo int, packet gopacket.Packet) (branch string, nodes []string) {
var PkgInfoBuffer, InterfaceBuffer bytes.Buffer
metadata := packet.Metadata()
fmt.Fprintf(&PkgInfoBuffer, "Frame %d: %d bytes on wire (%d bits),%d bytes captured(%d bits) "+
"on interface %s , id:%d", FrameNo, metadata.Length, metadata.Length*8, metadata.CaptureLength, metadata.CaptureLength*8,
DeviceName, metadata.InterfaceIndex)
branch = PkgInfoBuffer.String()
fmt.Fprintf(&InterfaceBuffer, "Interface id: %d (%s)",
metadata.InterfaceIndex, DeviceName) //设备信息
time := metadata.Timestamp.Format("2006-01-02T15:04:05") //时间
No := "Frame Number: " + strconv.Itoa(FrameNo) //No
FrameLength := "Frame Length: " + strconv.Itoa(metadata.Length) + "(" + strconv.Itoa(metadata.Length*8) + "bits)"
CaptureLength := "Capture Length: " + strconv.Itoa(metadata.CaptureLength) + "(" + strconv.Itoa(metadata.CaptureLength*8) + "bits)"
nodes = append(nodes, InterfaceBuffer.String(), "Arrival Time : "+time, No, FrameLength, CaptureLength)
return
}
链路层解析
func getLinkLayerData(packet gopacket.Packet) (branch string, nodes []string) {
linkLayerMetaData := packet.LinkLayer()
var linkLayerInfoBuffer bytes.Buffer
fmt.Fprintf(&linkLayerInfoBuffer, "%s , Src: %s , Dst: %s", linkLayerMetaData.LayerType().String(),
linkLayerMetaData.LinkFlow().Src().String(), linkLayerMetaData.LinkFlow().Dst().String())
branch = linkLayerInfoBuffer.String()
Dst := "Destination: " + linkLayerMetaData.LinkFlow().Dst().String()
Src := "Source: " + linkLayerMetaData.LinkFlow().Src().String()
Type := "Type: IPV6(0x86dd)" //IPV6
if linkLayerMetaData.LayerContents()[12] == 8 {
Type = "Type: IPV4(0x0800)" //IPV4
}
nodes = append(nodes, Dst, Src, Type)
return
}
网际层解析
func getNetWorkLayerData(packet gopacket.Packet) (branch string, nodes []string) {
networkLayerMetaData := packet.NetworkLayer()
src, dst := networkLayerMetaData.NetworkFlow().Src().String(), networkLayerMetaData.NetworkFlow().Dst().String()
var networkLayerInfoBuffer bytes.Buffer
fmt.Fprintf(&networkLayerInfoBuffer, "Internet Protocol Version %d, Src: %s, Dst: %s",
networkLayerMetaData.LayerContents()[0]/16, src, dst)
branch=networkLayerInfoBuffer.String()
Version := hex2(4, networkLayerMetaData.LayerContents()[0]/16) + " .... = Version : " +
strconv.Itoa(int(networkLayerMetaData.LayerContents()[0]/16))
headlengthMetadata := int(networkLayerMetaData.LayerContents()[0] % 16)
HeaderLength := " ...." + hex2(4,networkLayerMetaData.LayerContents()[0] % 16) +
" = Header Length " + strconv.Itoa(headlengthMetadata*4) + " bytes (" + strconv.Itoa(headlengthMetadata) + ")"
TotalLength := "Total Length: " + strconv.Itoa(int(networkLayerMetaData.LayerContents()[2])*256+int(networkLayerMetaData.LayerContents()[3]))
Identification := "Identification: 0x" + byte2HexString(networkLayerMetaData.LayerContents()[4]) + byte2HexString(networkLayerMetaData.LayerContents()[5]) +
" (" + strconv.Itoa(int(networkLayerMetaData.LayerContents()[4])*256+int(networkLayerMetaData.LayerContents()[5])) + ")"
FlagsMetaData := networkLayerMetaData.LayerContents()[6]
Flags := "Flags: 0x" + byte2HexString(FlagsMetaData) + ", Don't fragment"
if FlagsMetaData>>6&1 != 1 {
Flags = "Flags: 0x" + byte2HexString(FlagsMetaData) + ",Set fragment"
}
FragmentOffset := "..." + strconv.Itoa(int(FlagsMetaData)/(1<<4)) + hex2(4, (FlagsMetaData)%(1<<4)) +
hex2(8, networkLayerMetaData.LayerContents()[7])+" = Fragment Offset: "+strconv.Itoa(int(networkLayerMetaData.LayerContents()[7])+int(FlagsMetaData)%(1<<4)*256+int(FlagsMetaData)/(1<<4)*4096)
TimeToLive := "Time to Live: " + strconv.Itoa(int(networkLayerMetaData.LayerContents()[8]))
Protocol := "Protocol: UDP (17)"
if networkLayerMetaData.LayerContents()[9] == 6 {
Protocol = "Protocol: TCP (6)"
} else if networkLayerMetaData.LayerContents()[9] == 1 {
Protocol = "Protocol: ICMP (1)"
}
HeaderChecksum := "0x" + byte2HexString(networkLayerMetaData.LayerContents()[10]) + byte2HexString(networkLayerMetaData.LayerContents()[11]) +
" [validation disabled]"
SourceAddress := "Source Address: " + src
DestinationAddress := "Destination Address: " + dst
nodes = append(nodes, Version, HeaderLength, TotalLength, Identification, Flags, FragmentOffset,
TimeToLive, Protocol, HeaderChecksum, SourceAddress, DestinationAddress)
return
}
部分效果展示: