我正在尝试使用gopacket来解析.pcap文件的数据包并且几乎要获取其中的所有信息,直到现在我得到截断的信息或错误如果我尝试使用过滤器。
package main
import (
"fmt"
"github.com/google/gopacket"
"github.com/google/gopacket/pcap"
//"github.com/google/gopacket/layers"
"log"
)
var (
pcapFile string = "myFile.pcap"
handle *pcap.Handle
err error
)
func main() {
// Open file instead of device
handle, err = pcap.OpenOffline(pcapFile)
if err != nil { log.Fatal(err) }
defer handle.Close()
// Loop through packets in file
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
for packet := range packetSource.Packets() {
fmt.Println
}
}
返回:
PACKET: 122 bytes, wire length 122 cap length 122 @ 2017-06-11 02:57:03.133873 +0100 WEST
- Layer 1 (36 bytes) = RadioTap {Contents=[..36..] Payload=[..86..] Version=0 Length=36 Present=2684370991 TSFT=661956589449 Flags=FCS Rate=1 Mb/s ChannelFrequency=2412 MHz ChannelFlags=CCK,Ghz2 FHSS=0 DBMAntennaSignal=-91 DBMAntennaNoise=0 LockQuality=0 TxAttenuation=0 DBTxAttenuation=0 DBMTxPower=0 Antenna=0 DBAntennaSignal=0 DBAntennaNoise=0 RxFlags= TxFlags= RtsRetries=0 DataRetries=0 MCS= AMPDUStatus=ref#0 VHT=}
- Layer 2 (24 bytes) = Dot11 {Contents=[..24..] Payload=[..58..] Type=DataQOSData Proto=0 Flags=TO-DS,WEP DurationID=0 Address1=11:22:33:44:55:66 Address2=00:11:22:33:44:55 Address3=11:22:33:44:55:66 Address4= SequenceNumber=0 FragmentNumber=0 Checksum=4262477891}
- Layer 3 (58 bytes) = Dot11WEP {Contents=[..58..] Payload=[]}
PACKET: 116 bytes, wire length 116 cap length 116 @ 2017-06-11 02:57:03.243457 +0100 WEST
- Layer 1 (18 bytes) = RadioTap {Contents=[..18..] Payload=[..102..] Version=0 Length=18 Present=18478 TSFT=0 Flags= Rate=1 Mb/s ChannelFrequency=2417 MHz ChannelFlags=CCK,Ghz2 FHSS=0 DBMAntennaSignal=-25 DBMAntennaNoise=0 LockQuality=0 TxAttenuation=0 DBTxAttenuation=0 DBMTxPower=0 Antenna=1 DBAntennaSignal=0 DBAntennaNoise=0 RxFlags= TxFlags= RtsRetries=0 DataRetries=0 MCS= AMPDUStatus=ref#0 VHT=}
- Layer 2 (24 bytes) = Dot11 {Contents=[..24..] Payload=[..74..] Type=DataQOSData Proto=0 Flags=TO-DS,WEP DurationID=314 Address1=00:11:22:33:44:55 Address2=11:22:33:44:55:66 Address3=00:11:22:33:44:55 Address4= SequenceNumber=0 FragmentNumber=0 Checksum=412506031}
- Layer 3 (74 bytes) = Dot11WEP {Contents=[..74..] Payload=[]}
我想看看例如每个图层中的数据包的SSID或更多信息,但每次我尝试深入研究我得到的项目时
RadioTap
Dot11
Dot11WEP
RadioTap
Dot11
Dot11WEP
上述输出代码
package main
import (
"fmt"
"github.com/google/gopacket"
"github.com/google/gopacket/pcap"
//"github.com/google/gopacket/layers"
"log"
)
var (
pcapFile string = "myFile.pcap"
handle *pcap.Handle
err error
)
func main() {
// Open file instead of device
handle, err = pcap.OpenOffline(pcapFile)
if err != nil { log.Fatal(err) }
defer handle.Close()
// Loop through packets in file
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
for packet := range packetSource.Packets() {
for _, p := range packet.Layers() {
for _, b := range p.LayerType() {
fmt.Println(b)
}
}
}
}
但实际上我想知道SSID / BSSID以及Dot11层包内的标志。
答案 0 :(得分:0)
package main
import (
"fmt"
"github.com/google/gopacket"
"github.com/google/gopacket/pcap"
"github.com/google/gopacket/layers"
"log"
)
var (
pcapFile string = "Network_Join_Nokia_Mobile.pcap"
handle *pcap.Handle
err error
)
func main() {
// Open file instead of device
handle, err = pcap.OpenOffline(pcapFile)
if err != nil { log.Fatal(err) }
defer handle.Close()
// Loop through packets in file
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
for packet := range packetSource.Packets() {
fmt.Println(packet.Metadata().CaptureInfo.Timestamp)
dot11 := packet.Layer(layers.LayerTypeDot11)
if nil != dot11 {
dot11, _ := dot11.(*layers.Dot11)
// the flags are empty in many of the packets of this example capture file
fmt.Printf("BSSID: %v Flags: %+v\n", dot11.Address3, dot11.Flags)
}
dot11info := packet.Layer(layers.LayerTypeDot11InformationElement)
// some wlan frames contain these with the SSID, usually beacons, probes and association requests
if nil != dot11info {
dot11info, _ := dot11info.(*layers.Dot11InformationElement)
if dot11info.ID == layers.Dot11InformationElementIDSSID {
fmt.Printf("SSID: %q\n", dot11info.Info)
}
}
fmt.Printf("\n")
}
}
example file Network_Join_Nokia_Mobile.pcap from Wireshark输出的一部分:
2000-01-01 00:05:04.913478 +0000 UTC
BSSID: 00:01:e3:41:bd:6e Flags: Retry
SSID: "martinet3"
请注意,您在问题中使用的捕获文件不包含具有包含SSID的图层的框架。