Coder Social home page Coder Social logo

snoop's Introduction

Go Snoop

This project is now merged into the google/gopacket project. Updates will be done there

A libary for read snoop file format v2 with gopacket integration. See readsnoop for example usage.

Merged into gopacket! This repo is outdated

Header

Here some Header informations of this format. For details see rfc1761. I like to store my notices sry ;-)

Snoop Header (16 byte)
    8 byte magic (0x706f6f6e73000000)
    4 byte version
    4 byte link type

Data Format: All integer values are stored in big-endian order (high-order first)
packet data:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                        Original Length (uint32)               | size captured packet on network
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                        Included Length (uint32                | size Data field (Packet Data)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                      Packet Record Length (uint32)            | size total length rec (24 octets of descriptive information + packet data + pad field)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                        Cumulative Drops (uint32)              | num of packetes that were lost by the system (lack impl. set to 0)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                       Timestamp Seconds (uint32)              | timestamp since 01 01 1970
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                     Timestamp Microseconds (uint32)           | microsecond packet arrival time
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                                                               | variable length holding the packet that was captured, beginning with its datalink header
.                                                               .
.                          Packet Data                          .
.                                                               .
+                                               +- - - - - - - -+
|                                               |     Pad       | variable  length field holding zeros
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Futher Reading

Custom Decoder for Gopacket

Basic Usage of gopacket and pcapgo

Devdungeon Gopacket

snoop's People

Contributors

ripx80 avatar

Stargazers

myGitMaster avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.