├── .gitbook.yaml ├── .gitignore ├── .goreleaser.yml ├── AUTHORS ├── LICENSE ├── README.md ├── cmd ├── agent │ ├── README.md │ ├── client.go │ ├── flags.go │ ├── main.go │ └── utils.go ├── capture │ ├── README.md │ ├── flags.go │ ├── main.go │ └── utils.go ├── collect │ ├── README.md │ ├── auditRecordHandle.go │ ├── flags.go │ ├── main.go │ └── utils.go ├── dump │ ├── README.md │ ├── flags.go │ ├── main.go │ └── utils.go ├── export │ ├── README.md │ ├── flags.go │ ├── main.go │ └── utils.go ├── label │ ├── README.md │ ├── flags.go │ ├── main.go │ └── utils.go ├── proxy │ ├── README.md │ ├── config.go │ ├── example_config.yml │ ├── flags.go │ ├── log.go │ ├── main.go │ ├── netcapTransport.go │ ├── reverseProxy.go │ └── utils.go └── util │ ├── README.md │ ├── flags.go │ ├── main.go │ └── utils.go ├── collector ├── atomicPcapGoWriter.go ├── batch.go ├── bpf.go ├── collector.go ├── config.go ├── live.go ├── live_linux.go ├── metrics.go ├── pcap.go ├── pcapNG.go ├── pcapUtils.go ├── pcap_test.go ├── utils.go └── worker.go ├── docker └── Dockerfile ├── docs ├── .gitbook │ └── assets │ │ ├── buffered-workers.svg │ │ ├── data-pipe-sensor.svg │ │ ├── ethernet.svg │ │ ├── flow.svg │ │ ├── http.svg │ │ ├── labels.svg │ │ ├── linkflows.svg │ │ ├── mied18.pdf │ │ ├── mied18_os.pdf │ │ ├── netcap-audit-record.svg │ │ ├── netcap-batch.svg │ │ ├── netcap-cheatsheet.pdf │ │ ├── netcap-collector.svg │ │ ├── netcap-customencoder-connection.svg │ │ ├── netcap-customencoder-http.svg │ │ ├── netcap-customencoder-tls.svg │ │ ├── netcap-delimited.svg │ │ ├── netcap-export.svg │ │ ├── netcap-iot.svg │ │ ├── netcap-layerencoder.svg │ │ ├── netcap-logo-bare.svg │ │ ├── netcap-logov2.jpg │ │ ├── netcap-logov2.svg │ │ ├── netcap-pipe.svg │ │ ├── netcap-sensors.svg │ │ ├── netcap-worker.svg │ │ ├── netcap.svg │ │ ├── networkflows.svg │ │ ├── overview.pdf │ │ ├── screenshot-2019-05-01-at-22.52.40.png │ │ ├── screenshot-2019-05-01-at-22.52.47.png │ │ ├── screenshot-2019-05-01-at-22.52.56 (1).png │ │ ├── screenshot-2019-05-01-at-22.52.56 (2).png │ │ ├── screenshot-2019-05-01-at-22.52.56 (3).png │ │ ├── screenshot-2019-05-01-at-22.52.56.png │ │ ├── screenshot-2019-05-04-at-23.39.19.png │ │ ├── screenshot-2019-05-04-at-23.39.41.png │ │ ├── screenshot-2019-05-04-at-23.40.05.png │ │ ├── screenshot-2019-05-05-at-13.41.40.png │ │ ├── securitcup_slides_philipp_mieden.pdf │ │ ├── tls.svg │ │ └── transportflows.svg ├── NETCAP-CHEATSHEET.md ├── NETCAP-CHEATSHEET.pdf ├── PROTOBUF-DECODING.md ├── README.md ├── SUMMARY.md ├── TODO.md ├── cheatsheets.md ├── contributing.md ├── distributed-collection.md ├── extension.md ├── faq.md ├── filtering-and-export.md ├── graphics │ ├── Netcap-Logo.eps │ ├── Netcap-Logo.graffle │ ├── Netcap-Logo.jpg │ ├── logo.svg │ ├── netcap.graffle │ └── svg │ │ ├── Buffered-Workers.svg │ │ ├── Data-Pipe-Sensor.svg │ │ ├── Ethernet.svg │ │ ├── Flow.svg │ │ ├── HTTP.svg │ │ ├── Labels.svg │ │ ├── LinkFlows.svg │ │ ├── Netcap-Audit-Record.svg │ │ ├── Netcap-Batch.svg │ │ ├── Netcap-Collector.svg │ │ ├── Netcap-CustomEncoder-Connection.svg │ │ ├── Netcap-CustomEncoder-HTTP.svg │ │ ├── Netcap-CustomEncoder-TLS.svg │ │ ├── Netcap-Delimited.svg │ │ ├── Netcap-Export.svg │ │ ├── Netcap-IOT.svg │ │ ├── Netcap-LayerEncoder.svg │ │ ├── Netcap-Logo-Bare.svg │ │ ├── Netcap-Logov2.svg │ │ ├── Netcap-PIpe.svg │ │ ├── Netcap-Sensors.svg │ │ ├── Netcap-Worker.svg │ │ ├── Netcap.svg │ │ ├── NetworkFlows.svg │ │ ├── TLS.svg │ │ └── TransportFlows.svg ├── http-proxy.md ├── installation.md ├── internals.md ├── license.md ├── metrics.md ├── overview.md ├── overview.pdf ├── payload-capture.md ├── protocol-support.md ├── python-integration.md ├── quickstart.md ├── specification.md ├── untitled-1.md ├── untitled.md ├── usb-capture.md └── workers.md ├── encoder ├── arp.go ├── bfd.go ├── ciscoDicoveryInfo.go ├── ciscoDiscovery.go ├── config.go ├── connection.go ├── counters.go ├── customEncoder.go ├── dhcp4.go ├── dhcp6.go ├── dns.go ├── dot11.go ├── dot1q.go ├── eap.go ├── eapol.go ├── eapolkey.go ├── eth.go ├── ethctp.go ├── ethctpr.go ├── fddi.go ├── flow.go ├── geneve.go ├── gre.go ├── http.go ├── httpReader.go ├── icmp4.go ├── icmp6.go ├── icmp6e.go ├── icmp6na.go ├── icmp6ns.go ├── icmp6ra.go ├── icmp6rs.go ├── igmp.go ├── init.go ├── ip4.go ├── ip6.go ├── ip6hop.go ├── ipsecah.go ├── ipsecesp.go ├── ipv6fragment.go ├── layerEncoder.go ├── lcm.go ├── linkFlow.go ├── llc.go ├── lld.go ├── lldi.go ├── modbustcp.go ├── mpls.go ├── networkFlow.go ├── nortelDiscovery.go ├── ntp.go ├── ospfv2.go ├── ospfv3.go ├── sctp.go ├── shared.go ├── sip.go ├── snap.go ├── tcp.go ├── tcpStream.go ├── tls.go ├── transportFlow.go ├── udp.go ├── usb.go ├── usbRequestBlockSetup.go ├── utils.go ├── vrrpv2.go └── vxlan.go ├── go.mod ├── go.sum ├── init.go ├── initWindows.go ├── io ├── atomicDelimitedWriter.go ├── chanWriter.go └── csvWriter.go ├── label ├── connection.go ├── flow.go ├── http.go ├── ipv4.go ├── ipv6.go ├── layer.go ├── linkFlow.go ├── networkFlow.go ├── suricata.go ├── tcp.go ├── tls.go ├── transportFlow.go ├── udp.go └── utils.go ├── metrics └── metrics.go ├── mied18.pdf ├── netcap.go ├── netcap.proto ├── prometheus └── prometheus.yml ├── reader.go ├── types ├── arp.go ├── auditRecord.go ├── bfd.go ├── ciscoDiscovery.go ├── ciscoDiscoveryInfo.go ├── connection.go ├── dhcp4.go ├── dhcp6.go ├── dns.go ├── dot11.go ├── dot1q.go ├── eap.go ├── eapol.go ├── eapolkey.go ├── eth.go ├── ethctp.go ├── ethctpr.go ├── fddi.go ├── flow.go ├── geneve.go ├── gre.go ├── http.go ├── icmp4.go ├── icmp6.go ├── icmp6e.go ├── icmp6na.go ├── icmp6ns.go ├── icmp6ra.go ├── icmp6rs.go ├── igmp.go ├── ip4.go ├── ip6.go ├── ip6hop.go ├── ipsecah.go ├── ipsecesp.go ├── ipv6fragment.go ├── lcm.go ├── linkFlow.go ├── llc.go ├── lld.go ├── lldi.go ├── modbustcp.go ├── mpls.go ├── netcap.pb.go ├── netcap.pb_test.go ├── networkFlow.go ├── nortelDiscovery.go ├── ntp.go ├── ospfv2.go ├── ospfv3.go ├── sctp.go ├── sip.go ├── snap.go ├── tcp.go ├── tls.go ├── transportFlow.go ├── udp.go ├── usb.go ├── usbRequestBlockSetup.go ├── utils.go ├── vrrpv2.go └── vxlan.go ├── utils.go ├── utils ├── utils.go └── utils_test.go ├── version.go ├── writer.go └── zeus ├── commands.yml ├── config.yml ├── data.yml ├── generated ├── install-netcap.sh ├── install-netlabel.sh ├── install-sensor.sh └── install-server.sh └── scripts └── build-all-linux-docker.sh /.gitbook.yaml: -------------------------------------------------------------------------------- 1 | # see: https://docs.gitbook.com/integrations/github/content-configuration 2 | root: ./docs 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | types/python 2 | types/java 3 | types/swift 4 | types/rust 5 | types/cpp 6 | types/csharp 7 | types/js 8 | data/ 9 | __pycache__ 10 | pcaps 11 | .vscode 12 | *.log 13 | *.pcap 14 | *.pcapng 15 | *.ncap* 16 | zeus/.history 17 | zeus/dumps 18 | priv.key 19 | pub.key 20 | 21 | dist/ 22 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | Philipp Mieden -------------------------------------------------------------------------------- /cmd/agent/flags.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package main 15 | 16 | import "flag" 17 | 18 | var ( 19 | flagInterface = flag.String("iface", "en0", "interface") 20 | flagMaxSize = flag.Int("max", 10*1024, "max size of packet") // max 65,507 bytes 21 | 22 | flagBPF = flag.String("bpf", "", "supply a BPF filter to use for netcap collection") 23 | flagInclude = flag.String("include", "", "include specific encoders") 24 | flagExclude = flag.String("exclude", "", "exclude specific encoders") 25 | flagEncoders = flag.Bool("encoders", false, "show all available encoders") 26 | 27 | flagWorkers = flag.Int("workers", 100, "number of encoder routines") 28 | flagPacketBuffer = flag.Int("pbuf", 0, "set packet buffer size") 29 | flagPromiscMode = flag.Bool("promisc", true, "capture live in promisc mode") 30 | flagSnapLen = flag.Int("snaplen", 1024, "configure snaplen for live capture") 31 | 32 | flagServerPubKey = flag.String("pubkey", "", "path to the hex encoded server public key on disk") 33 | flagAddr = flag.String("addr", "127.0.0.1:1335", "specify the address and port of the collection server") 34 | flagBaseLayer = flag.String("base", "ethernet", "select base layer") 35 | flagDecodeOptions = flag.String("opts", "lazy", "select decoding options") 36 | flagPayload = flag.Bool("payload", false, "capture payload for supported layers") 37 | flagVersion = flag.Bool("version", false, "print netcap package version and exit") 38 | ) 39 | -------------------------------------------------------------------------------- /cmd/agent/utils.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package main 15 | 16 | import ( 17 | "flag" 18 | "fmt" 19 | 20 | "github.com/dreadl0ck/netcap" 21 | ) 22 | 23 | func printHeader() { 24 | netcap.PrintLogo() 25 | fmt.Println() 26 | fmt.Println("usage examples:") 27 | fmt.Println(" $ net.agent -pubkey pub.key -addr 127.0.0.1:4200") 28 | fmt.Println() 29 | } 30 | 31 | // usage prints the use 32 | func printUsage() { 33 | printHeader() 34 | flag.PrintDefaults() 35 | } 36 | -------------------------------------------------------------------------------- /cmd/capture/utils.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package main 15 | 16 | import ( 17 | "flag" 18 | "fmt" 19 | 20 | "github.com/dreadl0ck/netcap" 21 | ) 22 | 23 | func printHeader() { 24 | netcap.PrintLogo() 25 | fmt.Println() 26 | fmt.Println("usage examples:") 27 | fmt.Println(" $ net.capture -r dump.pcap") 28 | fmt.Println(" $ net.capture -iface eth0") 29 | fmt.Println() 30 | } 31 | 32 | // usage prints the use 33 | func printUsage() { 34 | printHeader() 35 | flag.PrintDefaults() 36 | } 37 | -------------------------------------------------------------------------------- /cmd/collect/auditRecordHandle.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package main 15 | 16 | import ( 17 | "bufio" 18 | "compress/gzip" 19 | "fmt" 20 | "os" 21 | 22 | "github.com/dreadl0ck/netcap" 23 | "github.com/dreadl0ck/netcap/encoder" 24 | "github.com/dreadl0ck/netcap/types" 25 | "kythe.io/kythe/go/platform/delimited" 26 | ) 27 | 28 | // AuditRecordHandle wraps a file handle of a netcap audit record file 29 | // contains the original file handle and writers to compress and buffer the data 30 | type AuditRecordHandle struct { 31 | gWriter *gzip.Writer 32 | bWriter *bufio.Writer 33 | f *os.File 34 | } 35 | 36 | // NewAuditRecordHandle creates a new netcap audit record file 37 | func NewAuditRecordHandle(b *types.Batch, path string) *AuditRecordHandle { 38 | 39 | err := os.MkdirAll(b.ClientID, 0755) 40 | if err != nil { 41 | panic(err) 42 | } 43 | f, err := os.Create(path) 44 | if err != nil { 45 | panic(err) 46 | } 47 | fmt.Println("new audit record handle", path) 48 | 49 | conf := encoder.Config{ 50 | Source: b.ClientID, 51 | Version: netcap.Version, 52 | IncludePayloads: b.ContainsPayloads, 53 | } 54 | 55 | var ( 56 | // create buffered writer that writes into the file handle 57 | bWriter = bufio.NewWriter(f) 58 | // create gzip writer that writes into the buffered writer 59 | gWriter = gzip.NewWriter(bWriter) 60 | ) 61 | 62 | // add file header 63 | err = delimited.NewWriter(gWriter).PutProto(netcap.NewHeader(b.MessageType, conf.Source, conf.Version, conf.IncludePayloads)) 64 | if err != nil { 65 | fmt.Println("failed to write header") 66 | panic(err) 67 | } 68 | 69 | return &AuditRecordHandle{ 70 | bWriter: bWriter, 71 | gWriter: gWriter, 72 | f: f, 73 | } 74 | } 75 | -------------------------------------------------------------------------------- /cmd/collect/flags.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package main 15 | 16 | import "flag" 17 | 18 | var ( 19 | flagGenKeypair = flag.Bool("gen-keypair", false, "generate keypair") 20 | flagPrivKey = flag.String("privkey", "", "path to the hex encoded server private key") 21 | flagAddr = flag.String("addr", "127.0.0.1:1335", "specify an adress and port to listen for incoming traffic") 22 | flagVersion = flag.Bool("version", false, "print netcap package version and exit") 23 | files = make(map[string]*AuditRecordHandle) 24 | 25 | // not configurable at the moment 26 | // flagCompress = flag.Bool("comp", true, "compress data when writing to disk") 27 | // flagBuffer = flag.Bool("buf", true, "buffer data before writing to disk") 28 | ) 29 | -------------------------------------------------------------------------------- /cmd/collect/utils.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package main 15 | 16 | import ( 17 | "flag" 18 | "fmt" 19 | "os" 20 | "os/signal" 21 | "syscall" 22 | 23 | "github.com/dreadl0ck/netcap" 24 | ) 25 | 26 | func printHeader() { 27 | netcap.PrintLogo() 28 | fmt.Println() 29 | fmt.Println("usage examples:") 30 | fmt.Println(" $ net.collect -privkey priv.key -addr 127.0.0.1:4200") 31 | fmt.Println(" $ net.collect -gen-keypair") 32 | fmt.Println() 33 | } 34 | 35 | // usage prints the use 36 | func printUsage() { 37 | printHeader() 38 | flag.PrintDefaults() 39 | } 40 | 41 | func cleanup() { 42 | 43 | fmt.Println("cleanup") 44 | 45 | // cleanup 46 | for p, a := range files { 47 | 48 | // flush and close gzip writer 49 | err := a.gWriter.Flush() 50 | if err != nil { 51 | panic(err) 52 | } 53 | 54 | err = a.gWriter.Close() 55 | if err != nil { 56 | panic(err) 57 | } 58 | 59 | // flush buffered writer 60 | err = a.bWriter.Flush() 61 | if err != nil { 62 | panic(err) 63 | } 64 | 65 | // sync and close file handle 66 | fmt.Println("closing file", p) 67 | err = a.f.Sync() 68 | if err != nil { 69 | panic(err) 70 | } 71 | err = a.f.Close() 72 | if err != nil { 73 | panic(err) 74 | } 75 | } 76 | } 77 | 78 | func handleSignals() { 79 | sigs := make(chan os.Signal, 1) 80 | signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM) 81 | 82 | // start signal handler and cleanup routine 83 | go func() { 84 | sig := <-sigs 85 | 86 | fmt.Println("received signal:", sig) 87 | 88 | fmt.Println("exiting") 89 | 90 | cleanup() 91 | os.Exit(0) 92 | }() 93 | } 94 | -------------------------------------------------------------------------------- /cmd/dump/README.md: -------------------------------------------------------------------------------- 1 | # NET.DUMP 2 | 3 | *net.dump* is a commandline tool that provides reading netcap files and conversion of the audit records to various formats. 4 | 5 | ## Description 6 | 7 | Output can be formatted as Table or separated by tabs or a custom separator string. 8 | Export to CSV and JSON is possible, for CSV fields can be filtered. 9 | 10 | Read more about this tool in the documentation: https://docs.netcap.io 11 | 12 | ## Usage examples 13 | 14 | Dump all audit records in the specified file to stdout: 15 | 16 | $ net.dump -r TCP.ncap.gz 17 | 18 | Show all fields for the audit record type in the file: 19 | 20 | $ net.dump -fields -r TCP.ncap.gz 21 | 22 | Dump the specified fields in the specified order as CSV: 23 | 24 | $ net.dump -r TCP.ncap.gz -select Timestamp,SrcPort,DstPort > tcp.csv 25 | 26 | ## Help 27 | 28 | $ net.dump -h 29 | -begin string 30 | begin character for a structure in CSV output (default "(") 31 | -csv 32 | print output data as csv with header line 33 | -end string 34 | end character for a structure in CSV output (default ")") 35 | -fields 36 | print available fields for an audit record file and exit 37 | -header 38 | print audit record file header and exit 39 | -r string 40 | read specified file, can either be a pcap or netcap audit record file 41 | -select string 42 | select specific fields of an audit records when generating csv or tables 43 | -sep string 44 | set separator string for csv output (default ",") 45 | -struc 46 | print output as structured objects 47 | -struct-sep string 48 | separator character for a structure in CSV output (default "-") 49 | -table 50 | print output as table view (thanks @evilsocket) 51 | -tsv 52 | print output as tab separated values 53 | -utc 54 | print timestamps as UTC when using select csv 55 | -------------------------------------------------------------------------------- /cmd/dump/flags.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package main 15 | 16 | import "flag" 17 | 18 | var ( 19 | // dump 20 | flagSelect = flag.String("select", "", "select specific fields of an audit records when generating csv or tables") 21 | flagFields = flag.Bool("fields", false, "print available fields for an audit record file and exit") 22 | flagSeparator = flag.String("sep", ",", "set separator string for csv output") 23 | flagCSV = flag.Bool("csv", false, "print output data as csv with header line") 24 | flagPrintStructured = flag.Bool("struc", false, "print output as structured objects") 25 | flagTSV = flag.Bool("tsv", false, "print output as tab separated values") 26 | flagHeader = flag.Bool("header", false, "print audit record file header and exit") 27 | flagTable = flag.Bool("table", false, "print output as table view (thanks @evilsocket)") 28 | flagBegin = flag.String("begin", "(", "begin character for a structure in CSV output") 29 | flagEnd = flag.String("end", ")", "end character for a structure in CSV output") 30 | flagStructSeparator = flag.String("struct-sep", "-", "separator character for a structure in CSV output") 31 | flagUTC = flag.Bool("utc", false, "print timestamps as UTC when using select csv") 32 | flagInput = flag.String("r", "", "read specified file, can either be a pcap or netcap audit record file") 33 | flagVersion = flag.Bool("version", false, "print netcap package version and exit") 34 | ) 35 | -------------------------------------------------------------------------------- /cmd/dump/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package main 15 | 16 | import ( 17 | "flag" 18 | "fmt" 19 | "os" 20 | "path/filepath" 21 | "strconv" 22 | 23 | "github.com/dreadl0ck/netcap" 24 | "github.com/dreadl0ck/netcap/types" 25 | "github.com/dreadl0ck/netcap/utils" 26 | "github.com/evilsocket/islazy/tui" 27 | ) 28 | 29 | func main() { 30 | 31 | // parse commandline flags 32 | flag.Usage = printUsage 33 | flag.Parse() 34 | 35 | // print version and exit 36 | if *flagVersion { 37 | fmt.Println(netcap.Version) 38 | os.Exit(0) 39 | } 40 | 41 | // read dumpfile header and exit 42 | if *flagHeader { 43 | 44 | // open input file for reading 45 | r, err := netcap.Open(*flagInput) 46 | if err != nil { 47 | panic(err) 48 | } 49 | 50 | // get header 51 | // this will panic if the header is corrupted 52 | h := r.ReadHeader() 53 | 54 | // print result as table 55 | tui.Table(os.Stdout, []string{"Field", "Value"}, [][]string{ 56 | {"Created", utils.TimeToUTC(h.Created)}, 57 | {"Source", h.InputSource}, 58 | {"Version", h.Version}, 59 | {"Type", h.Type.String()}, 60 | {"ContainsPayloads", strconv.FormatBool(h.ContainsPayloads)}, 61 | }) 62 | os.Exit(0) // bye bye 63 | } 64 | 65 | // set separators for sub structures in CSV 66 | types.Begin = *flagBegin 67 | types.End = *flagEnd 68 | types.Separator = *flagStructSeparator 69 | 70 | // read ncap file and print to stdout 71 | if filepath.Ext(*flagInput) == ".ncap" || filepath.Ext(*flagInput) == ".gz" { 72 | netcap.Dump(*flagInput, *flagSeparator, *flagTSV, *flagPrintStructured, *flagTable, *flagSelect, *flagUTC, *flagFields) 73 | return 74 | } 75 | } 76 | -------------------------------------------------------------------------------- /cmd/dump/utils.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "flag" 5 | "fmt" 6 | 7 | "github.com/dreadl0ck/netcap" 8 | ) 9 | 10 | func printHeader() { 11 | netcap.PrintLogo() 12 | fmt.Println() 13 | fmt.Println("usage examples:") 14 | fmt.Println(" $ net.dump -r TCP.ncap.gz") 15 | fmt.Println(" $ net.dump -fields -r TCP.ncap.gz") 16 | fmt.Println(" $ net.dump -r TCP.ncap.gz -select Timestamp,SrcPort,DstPort > tcp.csv") 17 | fmt.Println() 18 | } 19 | 20 | // usage prints the use 21 | func printUsage() { 22 | printHeader() 23 | flag.PrintDefaults() 24 | } 25 | -------------------------------------------------------------------------------- /cmd/label/README.md: -------------------------------------------------------------------------------- 1 | # NET.LABEL 2 | 3 | *net.label* is a commandline tool to apply classification labels to netcap audit records. 4 | 5 | ## Description 6 | 7 | As a source for the alerts, the source pcap file is scanned with suricata. 8 | *Netcap* parses suricata's output and maps it to the previously generated netcap audit records. 9 | A labeled comma-separated values (CSV) file will be generated for each audit record type. 10 | 11 | Read more about this tool in the documentation: https://docs.netcap.io 12 | 13 | ## Usage examples 14 | 15 | Scan input pcap and create labeled csv files by mapping audit records in the current directory: 16 | 17 | $ net.label -r traffic.pcap 18 | 19 | Scan input pcap and create output files by mapping audit records from the output directory: 20 | 21 | $ net.label -r traffic.pcap -out output_dir 22 | 23 | Abort if there is more than one alert for the same timestamp: 24 | 25 | $ net.label -r taffic.pcap -strict 26 | 27 | Display progress bar while processing input (experimental): 28 | 29 | $ net.label -r taffic.pcap -progress 30 | 31 | Append classifications for duplicate labels: 32 | 33 | $ net.label -r taffic.pcap -collect 34 | 35 | ## Help 36 | 37 | $ net.label -h 38 | -collect 39 | append classifications from alert with duplicate timestamps to the generated label 40 | -debug 41 | toggle debug mode 42 | -description 43 | use attack description instead of classification for labels 44 | -disable-layers 45 | do not map layer types by timestamp 46 | -exclude string 47 | specify a comma separated list of suricata classifications that shall be excluded from the generated labeled csv 48 | -out string 49 | specify output directory, will be created if it does not exist 50 | -progress 51 | use progress bars 52 | -r string 53 | (required) read specified file, can either be a pcap or netcap audit record file 54 | -sep string 55 | set separator string for csv output (default ",") 56 | -strict 57 | fail when there is more than one alert for the same timestamp 58 | -suricata-config string 59 | set the path to the suricata config file (default "/usr/local/etc/suricata/suricata.yaml") -------------------------------------------------------------------------------- /cmd/label/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package main 15 | 16 | import ( 17 | "flag" 18 | "fmt" 19 | "log" 20 | "os" 21 | 22 | "github.com/dreadl0ck/netcap" 23 | "github.com/dreadl0ck/netcap/label" 24 | ) 25 | 26 | func main() { 27 | 28 | // parse commandline flags 29 | flag.Usage = printUsage 30 | flag.Parse() 31 | 32 | // print version and exit 33 | if *flagVersion { 34 | fmt.Println(netcap.Version) 35 | os.Exit(0) 36 | } 37 | 38 | if *flagInput == "" { 39 | log.Fatal("no input file specified. Nothing to do.") 40 | } 41 | 42 | label.Debug = *flagDebug 43 | 44 | // configure 45 | label.SuricataConfigPath = *flagSuricataConfigPath 46 | label.DisableLayerMapping = *flagDisableLayerMapping 47 | label.UseProgressBars = *flagProgressBars 48 | label.StopOnDuplicateLabels = *flagStopOnDuplicateLabels 49 | label.CollectLabels = *flagCollectLabels 50 | label.SetExcluded(*flagExcludeLabels) 51 | 52 | // lets go 53 | log.Fatal(label.Suricata(*flagInput, *flagOutDir, *flagDescription, *flagSeparator, "")) 54 | } 55 | -------------------------------------------------------------------------------- /cmd/label/utils.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "flag" 5 | "fmt" 6 | 7 | "github.com/dreadl0ck/netcap" 8 | ) 9 | 10 | func printHeader() { 11 | netcap.PrintLogo() 12 | fmt.Println() 13 | fmt.Println("usage examples:") 14 | fmt.Println(" $ net.label -r traffic.pcap") 15 | fmt.Println(" $ net.label -r traffic.pcap -out output_dir") 16 | fmt.Println(" $ net.label -r taffic.pcap -progress") 17 | fmt.Println(" $ net.label -r taffic.pcap -collect") 18 | fmt.Println() 19 | } 20 | 21 | // usage prints the use 22 | func printUsage() { 23 | printHeader() 24 | flag.PrintDefaults() 25 | } 26 | -------------------------------------------------------------------------------- /cmd/proxy/README.md: -------------------------------------------------------------------------------- 1 | # NET.PROXY 2 | 3 | *net.proxy* is a commandline tool that offers creation of one or several HTTP reverse proxies, 4 | in order to gather *Netcap* audit records from them. 5 | 6 | ## Description 7 | 8 | A file for each proxy will be created that contains HTTP audit records. 9 | Multiple proxies can be configured with a YAML config file. 10 | 11 | The naming scheme is HTTP[remoteURL].ncap.gz, e.g: HTTP[github.com].ncap.gz 12 | 13 | Read more about this tool in the documentation: https://docs.netcap.io 14 | 15 | ## Usage examples 16 | 17 | Use a single reverse proxy: 18 | 19 | $ net.proxy -local 127.0.0.1:4444 -remote https://github.com 20 | 21 | Specify maximum number of idle connections: 22 | 23 | $ net.proxy -local 127.0.0.1:4444 -remote https://github.com -maxIdle 300 24 | 25 | Dump audit records while capturing: 26 | 27 | $ net.proxy -local 127.0.0.1:4444 -remote https://github.com -dump 28 | 29 | ## Help 30 | 31 | $ net.proxy -h 32 | -config string 33 | set config file path (default "net.proxy-config.yml") 34 | -debug 35 | set debug mode 36 | -dialTimeout int 37 | seconds until dialing to the backend times out (default 30) 38 | -dump 39 | dumps audit record as JSON to stdout 40 | -format 41 | format when dumping JSON (default true) 42 | -idleConnTimeout int 43 | seconds until a connection times out (default 90) 44 | -local string 45 | set local endpoint 46 | -maxIdle int 47 | maximum number of idle connections (default 120) 48 | -remote string 49 | set remote endpoint 50 | -skipTlsVerify 51 | skip TLS verification 52 | -tlsTimeout int 53 | seconds until a TLS handshake times out (default 15) 54 | -trace 55 | trace HTTP requests to retrieve additional information (default true) -------------------------------------------------------------------------------- /cmd/proxy/example_config.yml: -------------------------------------------------------------------------------- 1 | # Proxies map holds all reverse proxies 2 | proxies: 3 | service1: 4 | local: 127.0.0.1:443 5 | remote: http://127.0.0.1:8080 6 | tls: true 7 | 8 | service2: 9 | local: 127.0.0.1:9999 10 | remote: http://192.168.1.20 11 | 12 | service3: 13 | local: 127.0.0.1:7000 14 | remote: https://google.com 15 | 16 | # CertFile for TLS secured connections 17 | certFile: "certs/cert.crt" 18 | 19 | # KeyFile for TLS secured connections 20 | keyFile: "certs/cert.key" 21 | 22 | # Logdir is used as destination for the logfile 23 | logdir: "logs" -------------------------------------------------------------------------------- /cmd/proxy/flags.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package main 15 | 16 | import "flag" 17 | 18 | // flags 19 | var ( 20 | flagDialTimeout = flag.Int("dialTimeout", 30, "seconds until dialing to the backend times out") 21 | flagIdleConnTimeout = flag.Int("idleConnTimeout", 90, "seconds until a connection times out") 22 | flagTLSHandshakeTimeout = flag.Int("tlsTimeout", 15, "seconds until a TLS handshake times out") 23 | flagSkipTLSVerify = flag.Bool("skipTlsVerify", false, "skip TLS verification") 24 | flagMaxIdleConns = flag.Int("maxIdle", 120, "maximum number of idle connections") 25 | flagLocal = flag.String("local", "", "set local endpoint") 26 | flagConfig = flag.String("config", "net.proxy-config.yml", "set config file path") 27 | flagRemote = flag.String("remote", "", "set remote endpoint") 28 | flagDebug = flag.Bool("debug", false, "set debug mode") 29 | flagTrace = flag.Bool("trace", true, "trace HTTP requests to retrieve additional information") 30 | flagDump = flag.Bool("dump", false, "dumps audit record as JSON to stdout") 31 | flagDumpFormatted = flag.Bool("format", true, "format when dumping JSON") 32 | flagVersion = flag.Bool("version", false, "print netcap package version and exit") 33 | ) 34 | -------------------------------------------------------------------------------- /cmd/proxy/log.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package main 15 | 16 | import ( 17 | "log" 18 | 19 | "go.uber.org/zap" 20 | ) 21 | 22 | // LogFileName holds name of the logfile 23 | const LogFileName = "net.proxy.log" 24 | 25 | var ( 26 | // Log instance 27 | Log *zap.Logger 28 | debug bool 29 | ) 30 | 31 | // ConfigureLogger configures the logging instance 32 | func ConfigureLogger(debug bool, outputPath string) { 33 | 34 | var ( 35 | zc zap.Config 36 | err error 37 | ) 38 | 39 | if debug { 40 | // use dev config 41 | zc = zap.NewDevelopmentConfig() 42 | } else { 43 | // use prod config 44 | zc = zap.NewProductionConfig() 45 | } 46 | 47 | // append outputPath 48 | zc.OutputPaths = append(zc.OutputPaths, outputPath) 49 | Log, err = zc.Build() 50 | if err != nil { 51 | log.Fatalf("failed to initialize zap logger: %v", err) 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /cmd/util/README.md: -------------------------------------------------------------------------------- 1 | # NET.UTIL 2 | 3 | *net.util* is a commandline tool that offers utility operations for netcap audit records. 4 | 5 | ## Description 6 | 7 | The tool can be used to check the validity of generated audit records, 8 | as well as converting netcap timestamps to human readable format. 9 | 10 | Read more about this tool in the documentation: https://docs.netcap.io 11 | 12 | ## Usage examples 13 | 14 | Check audit records field count offered by the structure VS emitted CSV: 15 | 16 | $ net.util -r TCP.ncap.gz -check 17 | 18 | Perform check while using a custom separator string: 19 | 20 | $ net.util -r TCP.ncap.gz -check -sep '/' 21 | 22 | Convert a netcap timestamp to UTC time: 23 | 24 | $ net.util -ts2utc 1505839354.197231 25 | 2017-09-19 16:42:34.197231 +0000 UTC 26 | 27 | ## Help 28 | 29 | $ net.util -h 30 | -check 31 | check number of occurences of the separator, in fields of an audit record file 32 | -r string 33 | read specified file, can either be a pcap or netcap audit record file 34 | -sep string 35 | set separator string for csv output (default ",") 36 | -ts2utc string 37 | util to convert seconds.microseconds timestamp to UTC -------------------------------------------------------------------------------- /cmd/util/flags.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package main 15 | 16 | import "flag" 17 | 18 | var ( 19 | // util 20 | flagCheckFields = flag.Bool("check", false, "check number of occurences of the separator, in fields of an audit record file") 21 | flagToUTC = flag.String("ts2utc", "", "util to convert seconds.microseconds timestamp to UTC") 22 | flagInput = flag.String("r", "", "read specified file, can either be a pcap or netcap audit record file") 23 | flagSeparator = flag.String("sep", ",", "set separator string for csv output") 24 | flagVersion = flag.Bool("version", false, "print netcap package version and exit") 25 | ) 26 | -------------------------------------------------------------------------------- /cmd/util/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package main 15 | 16 | import ( 17 | "flag" 18 | "fmt" 19 | "os" 20 | 21 | "github.com/dreadl0ck/netcap" 22 | "github.com/dreadl0ck/netcap/utils" 23 | ) 24 | 25 | func main() { 26 | 27 | // parse commandline flags 28 | flag.Usage = printUsage 29 | flag.Parse() 30 | 31 | // print version and exit 32 | if *flagVersion { 33 | fmt.Println(netcap.Version) 34 | os.Exit(0) 35 | } 36 | 37 | // util to convert netcap timestamp to UTC time 38 | if *flagToUTC != "" { 39 | fmt.Println(utils.TimeToUTC(*flagToUTC)) 40 | os.Exit(1) 41 | } 42 | 43 | // util to check if fields count matches for all generated rows 44 | if *flagCheckFields { 45 | checkFields() 46 | return 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /collector/atomicPcapGoWriter.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Network Capture Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package collector 15 | 16 | import ( 17 | "sync" 18 | "sync/atomic" 19 | 20 | "github.com/google/gopacket" 21 | "github.com/google/gopacket/pcapgo" 22 | ) 23 | 24 | ////////////////////////// 25 | // Atomic PcapGo Writer // 26 | ////////////////////////// 27 | 28 | // AtomicPcapGoWriter is a symchronized PCAP writer 29 | // that counts the number of packets written. 30 | type AtomicPcapGoWriter struct { 31 | count int64 32 | w pcapgo.Writer 33 | sync.Mutex 34 | } 35 | 36 | // WritePacket writes a packet into the writer. 37 | func (a *AtomicPcapGoWriter) WritePacket(ci gopacket.CaptureInfo, data []byte) error { 38 | // sync 39 | a.Lock() 40 | err := a.w.WritePacket(ci, data) 41 | // dont use a defer here for performance 42 | a.Unlock() 43 | 44 | atomic.AddInt64(&a.count, 1) 45 | return err 46 | } 47 | 48 | // NewAtomicPcapGoWriter takes a pcapgo.Writer and returns an atomic version 49 | func NewAtomicPcapGoWriter(w *pcapgo.Writer) *AtomicPcapGoWriter { 50 | return &AtomicPcapGoWriter{ 51 | w: *w, 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /collector/bpf.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package collector 15 | 16 | import ( 17 | "io" 18 | "log" 19 | 20 | "github.com/dreadl0ck/netcap/encoder" 21 | "github.com/google/gopacket" 22 | "github.com/google/gopacket/layers" 23 | "github.com/google/gopacket/pcap" 24 | "github.com/pkg/errors" 25 | ) 26 | 27 | // CollectBPF open the named PCAP file and sets the specified BPF filter. 28 | func (c *Collector) CollectBPF(path string, bpf string) error { 29 | 30 | handle, err := pcap.OpenOffline(path) 31 | if err != nil { 32 | return err 33 | } 34 | defer handle.Close() 35 | 36 | if err = handle.SetBPFFilter(bpf); err != nil { 37 | return err 38 | } 39 | 40 | if err = c.Init(); err != nil { 41 | return err 42 | } 43 | 44 | // read packets 45 | log.Println("decoding packets... ") 46 | for { 47 | 48 | // fetch the next packetdata and packetheader 49 | data, ci, err := handle.ZeroCopyReadPacketData() 50 | if err != nil { 51 | if err == io.EOF { 52 | break 53 | } 54 | return errors.Wrap(err, "Error reading packet data") 55 | } 56 | 57 | c.printProgress() 58 | 59 | p := gopacket.NewPacket(data, layers.LayerTypeEthernet, gopacket.Lazy) 60 | p.Metadata().Timestamp = ci.Timestamp 61 | p.Metadata().CaptureInfo = ci 62 | 63 | // if HTTP capture is desired, tcp stream reassembly needs to be performed. 64 | // the gopacket/reassembly implementation does not allow packets to arrive out of order 65 | // therefore the http decoding must not happen in a worker thread 66 | // and instead be performed here to guarantee packets are being processed sequentially 67 | if encoder.HTTPActive { 68 | encoder.DecodeHTTP(p) 69 | } 70 | c.handlePacket(p) 71 | } 72 | c.cleanup() 73 | return nil 74 | } 75 | -------------------------------------------------------------------------------- /collector/config.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package collector 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/encoder" 18 | "github.com/google/gopacket" 19 | ) 20 | 21 | // Config contains configuration parameters 22 | // for the Collector instance. 23 | type Config struct { 24 | Live bool 25 | WriteUnknownPackets bool 26 | Workers int 27 | NumWorkers int 28 | PacketBufferSize int 29 | SnapLen int 30 | Promisc bool 31 | EncoderConfig encoder.Config 32 | BaseLayer gopacket.LayerType 33 | DecodeOptions gopacket.DecodeOptions 34 | } 35 | -------------------------------------------------------------------------------- /collector/live.go: -------------------------------------------------------------------------------- 1 | // +build !linux 2 | 3 | /* 4 | * NETCAP - Traffic Analysis Framework 5 | * Copyright (c) 2017 Philipp Mieden 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | */ 15 | 16 | package collector 17 | 18 | import ( 19 | "io" 20 | 21 | "github.com/dreadl0ck/netcap/encoder" 22 | "github.com/google/gopacket/pcap" 23 | "github.com/pkg/errors" 24 | ) 25 | 26 | // CollectLive starts collection of data from the given interface 27 | // optionally a bpf can be supplied. 28 | // this is the darwin version that uses the pcap lib with c bindings to fetch packets 29 | // currently there is no other option to do that. 30 | func (c *Collector) CollectLive(i string, bpf string) error { 31 | // open interface in live mode 32 | // timeout is set to 0 33 | // snaplen and promiscous mode can be configured over the collector instance 34 | handle, err := pcap.OpenLive(i, int32(c.config.SnapLen), c.config.Promisc, 0) 35 | if err != nil { 36 | return err 37 | } 38 | // close handle on exit 39 | defer handle.Close() 40 | 41 | // set BPF if requested 42 | if bpf != "" { 43 | err := handle.SetBPFFilter(bpf) 44 | if err != nil { 45 | return err 46 | } 47 | } 48 | 49 | // initialize collector 50 | if err := c.Init(); err != nil { 51 | return err 52 | } 53 | 54 | encoder.LiveMode = true 55 | 56 | // read packets from channel 57 | for { 58 | // read next packet 59 | data, ci, err := handle.ZeroCopyReadPacketData() 60 | if err != nil { 61 | if err == io.EOF { 62 | break 63 | } 64 | return errors.Wrap(err, "Error reading packet data") 65 | } 66 | 67 | c.handleRawPacketData(data, ci) 68 | } 69 | 70 | // run cleanup on channel exit 71 | c.cleanup() 72 | return nil 73 | } 74 | -------------------------------------------------------------------------------- /collector/live_linux.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | /* 4 | * NETCAP - Traffic Analysis Framework 5 | * Copyright (c) 2017 Philipp Mieden 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | */ 15 | 16 | package collector 17 | 18 | import ( 19 | "io" 20 | 21 | "github.com/dreadl0ck/netcap/encoder" 22 | "github.com/google/gopacket/pcapgo" 23 | "github.com/pkg/errors" 24 | ) 25 | 26 | // CollectLive starts collection of data from the given interface. 27 | // optionally a BPF can be supplied. 28 | // this is the linux version that uses the pure go version from pcapgo to fetch packets live. 29 | func (c *Collector) CollectLive(i string, bpf string) error { 30 | // use raw socket to fetch packet on linux live mode 31 | handle, err := pcapgo.NewEthernetHandle(i) 32 | if err != nil { 33 | return err 34 | } 35 | defer handle.Close() 36 | 37 | // set BPF if requested 38 | if bpf != "" { 39 | rb, err := rawBPF(bpf) 40 | if err != nil { 41 | return err 42 | } 43 | if err := handle.SetBPF(rb); err != nil { 44 | return err 45 | } 46 | } 47 | 48 | // initialize collector 49 | if err := c.Init(); err != nil { 50 | return err 51 | } 52 | 53 | encoder.LiveMode = true 54 | 55 | // read packets from channel 56 | for { 57 | 58 | // read next packet 59 | data, ci, err := handle.ReadPacketData() 60 | if err != nil { 61 | if err == io.EOF { 62 | break 63 | } 64 | return errors.Wrap(err, "Error reading packet data") 65 | } 66 | 67 | c.handleRawPacketData(data, ci) 68 | } 69 | 70 | // run cleanup on channel exit 71 | c.cleanup() 72 | return nil 73 | } 74 | -------------------------------------------------------------------------------- /collector/metrics.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package collector 15 | 16 | import ( 17 | "github.com/prometheus/client_golang/prometheus" 18 | ) 19 | 20 | var ( 21 | allProtosTotal = prometheus.NewCounterVec( 22 | prometheus.CounterOpts{ 23 | Name: "nc_protocols_total", 24 | Help: "Counter for all protocols encountered during parsing the network traffic", 25 | }, 26 | []string{"Protocol"}, 27 | ) 28 | unknownProtosTotal = prometheus.NewCounterVec( 29 | prometheus.CounterOpts{ 30 | Name: "nc_unknown_protocols_total", 31 | Help: "Counter for all unknown protocols encountered during parsing the network traffic", 32 | }, 33 | []string{"Protocol"}, 34 | ) 35 | decodingErrorsTotal = prometheus.NewCounterVec( 36 | prometheus.CounterOpts{ 37 | Name: "nc_decoding_errors_total", 38 | Help: "Counter for all decoding errors encountered during parsing the network traffic", 39 | }, 40 | []string{"Protocol", "Error"}, 41 | ) 42 | ) 43 | 44 | func init() { 45 | prometheus.MustRegister(allProtosTotal) 46 | prometheus.MustRegister(unknownProtosTotal) 47 | prometheus.MustRegister(decodingErrorsTotal) 48 | } 49 | -------------------------------------------------------------------------------- /collector/pcap_test.go: -------------------------------------------------------------------------------- 1 | package collector 2 | 3 | import ( 4 | "os" 5 | "testing" 6 | 7 | "github.com/google/gopacket/pcapgo" 8 | ) 9 | 10 | var ngFile = "../pcaps/Monday-WorkingHours.pcapng" 11 | var pcapFile = "../pcaps/maccdc2012_00000.pcap" 12 | 13 | func BenchmarkReadPcapNG(b *testing.B) { 14 | r, f, err := openPcapNG(ngFile) 15 | if err != nil { 16 | b.Fatal(err) 17 | } 18 | defer f.Close() 19 | 20 | b.ReportAllocs() 21 | b.ResetTimer() 22 | for n := 0; n < b.N; n++ { 23 | _, _, err := r.ReadPacketData() 24 | if err != nil { 25 | b.Fatal(err) 26 | } 27 | } 28 | } 29 | 30 | func BenchmarkReadPcapNGZeroCopy(b *testing.B) { 31 | r, f, err := openPcapNG(ngFile) 32 | if err != nil { 33 | b.Fatal(err) 34 | } 35 | defer f.Close() 36 | 37 | b.ReportAllocs() 38 | b.ResetTimer() 39 | for n := 0; n < b.N; n++ { 40 | _, _, err := r.ZeroCopyReadPacketData() 41 | if err != nil { 42 | b.Fatal(err) 43 | } 44 | } 45 | } 46 | 47 | func openPcapFile(file string) (*pcapgo.Reader, *os.File, error) { 48 | // get file handle 49 | f, err := os.Open(file) 50 | if err != nil { 51 | return nil, nil, err 52 | } 53 | 54 | // try to create pcap reader 55 | r, err := pcapgo.NewReader(f) 56 | if err != nil { 57 | return nil, nil, err 58 | } 59 | 60 | return r, f, nil 61 | } 62 | 63 | func BenchmarkReadPcap(b *testing.B) { 64 | r, f, err := openPcapFile(pcapFile) 65 | if err != nil { 66 | b.Fatal(err) 67 | } 68 | defer f.Close() 69 | 70 | b.ReportAllocs() 71 | b.ResetTimer() 72 | for n := 0; n < b.N; n++ { 73 | _, _, err := r.ReadPacketData() 74 | if err != nil { 75 | b.Fatal(err) 76 | } 77 | } 78 | } 79 | -------------------------------------------------------------------------------- /docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.12.4-alpine 2 | 3 | # install libpcap 4 | RUN apk update && apk add libpcap-dev git build-base && rm -rf /var/cache/apk/* 5 | 6 | RUN echo "working dir: $(pwd)" 7 | 8 | # get the NETCAP source 9 | #RUN go get -v -u github.com/dreadl0ck/netcap/... 10 | 11 | RUN mkdir -p $GOPATH/src/github.com/dreadl0ck/netcap 12 | RUN cd $GOPATH/src/github.com/dreadl0ck && git clone https://github.com/dreadl0ck/netcap.git && echo "cloned!" && go get github.com/bradleyfalzon/tlsx && go get ./... && echo "got dependencies!" 13 | 14 | RUN echo GOPATH=$GOPATH 15 | RUN ls /go/src/github.com/dreadl0ck/netcap/cmd 16 | 17 | # build all the things. 18 | RUN go build -o net.capture -i github.com/dreadl0ck/netcap/cmd/capture 19 | RUN go build -o net.label -i github.com/dreadl0ck/netcap/cmd/label 20 | RUN go build -o net.agent -i github.com/dreadl0ck/netcap/cmd/agent 21 | RUN go build -o net.collect -i github.com/dreadl0ck/netcap/cmd/collect 22 | RUN go build -o net.proxy -i github.com/dreadl0ck/netcap/cmd/proxy 23 | RUN go build -o net.export -i github.com/dreadl0ck/netcap/cmd/export 24 | RUN go build -o net.dump -i github.com/dreadl0ck/netcap/cmd/dump 25 | RUN go build -o net.util -i github.com/dreadl0ck/netcap/cmd/util 26 | -------------------------------------------------------------------------------- /docs/.gitbook/assets/mied18.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/.gitbook/assets/mied18.pdf -------------------------------------------------------------------------------- /docs/.gitbook/assets/mied18_os.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/.gitbook/assets/mied18_os.pdf -------------------------------------------------------------------------------- /docs/.gitbook/assets/netcap-cheatsheet.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/.gitbook/assets/netcap-cheatsheet.pdf -------------------------------------------------------------------------------- /docs/.gitbook/assets/netcap-logov2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/.gitbook/assets/netcap-logov2.jpg -------------------------------------------------------------------------------- /docs/.gitbook/assets/overview.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/.gitbook/assets/overview.pdf -------------------------------------------------------------------------------- /docs/.gitbook/assets/screenshot-2019-05-01-at-22.52.40.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/.gitbook/assets/screenshot-2019-05-01-at-22.52.40.png -------------------------------------------------------------------------------- /docs/.gitbook/assets/screenshot-2019-05-01-at-22.52.47.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/.gitbook/assets/screenshot-2019-05-01-at-22.52.47.png -------------------------------------------------------------------------------- /docs/.gitbook/assets/screenshot-2019-05-01-at-22.52.56 (1).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/.gitbook/assets/screenshot-2019-05-01-at-22.52.56 (1).png -------------------------------------------------------------------------------- /docs/.gitbook/assets/screenshot-2019-05-01-at-22.52.56 (2).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/.gitbook/assets/screenshot-2019-05-01-at-22.52.56 (2).png -------------------------------------------------------------------------------- /docs/.gitbook/assets/screenshot-2019-05-01-at-22.52.56 (3).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/.gitbook/assets/screenshot-2019-05-01-at-22.52.56 (3).png -------------------------------------------------------------------------------- /docs/.gitbook/assets/screenshot-2019-05-01-at-22.52.56.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/.gitbook/assets/screenshot-2019-05-01-at-22.52.56.png -------------------------------------------------------------------------------- /docs/.gitbook/assets/screenshot-2019-05-04-at-23.39.19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/.gitbook/assets/screenshot-2019-05-04-at-23.39.19.png -------------------------------------------------------------------------------- /docs/.gitbook/assets/screenshot-2019-05-04-at-23.39.41.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/.gitbook/assets/screenshot-2019-05-04-at-23.39.41.png -------------------------------------------------------------------------------- /docs/.gitbook/assets/screenshot-2019-05-04-at-23.40.05.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/.gitbook/assets/screenshot-2019-05-04-at-23.40.05.png -------------------------------------------------------------------------------- /docs/.gitbook/assets/screenshot-2019-05-05-at-13.41.40.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/.gitbook/assets/screenshot-2019-05-05-at-13.41.40.png -------------------------------------------------------------------------------- /docs/.gitbook/assets/securitcup_slides_philipp_mieden.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/.gitbook/assets/securitcup_slides_philipp_mieden.pdf -------------------------------------------------------------------------------- /docs/NETCAP-CHEATSHEET.md: -------------------------------------------------------------------------------- 1 | # NETCAP Cheatsheet 2 | 3 | > Documentation: docs.netcap.io 4 | 5 | |Command|Description| 6 | |-------|-----------| 7 | |netcap -iface eth0 | Read traffic live from interface, stop with _Ctrl-C_ \(_SIGINT_\) | 8 | |netcap -r traffic.pcap | Read traffic from a dump file \(supports PCAP or PCAPNG\) | 9 | |netcap -r TCP.ncap.gz|Read a netcap dumpfile and print to stdout as CSV| 10 | |netcap -fields -r TCP.ncap.gz|Show the available fields for a specific Netcap dump file| 11 | |netcap -r TCP.ncap.gz -select Timestamp,SrcPort,DstPort|Print only selected fields and output as CSV| 12 | |netcap -r TCP.ncap.gz -select Timestamp,SrcPort,DstPort > tcp.csv|Save CSV output to file| 13 | |netcap -r TPC.ncap.gz -tsv|Print output separated with tabs| 14 | |netcap -workers 24 -buf false -comp false -r traffic.pcapng|Run with 24 workers and disable gzip compression and buffering| 15 | |netcap -r traffic.pcap -out traffic_ncap|Parse pcap and write all data to output directory \(will be created if it does not exist\)| 16 | |netcap -r TCP.ncap.gz -select Timestamp,SrcPort,Dstport -utc|Convert timestamps to UTC| 17 | |netcap -r TCP.ncap.gz -header|Show audit record header| 18 | |netcap -r TCP.ncap.gz -struc|Print structured audit records| 19 | |netcap -r TCP.ncap.gz -tsv|Print audit records as Tab Separated Values| 20 | |netcap -r UDP.ncap.gz -table |Print as table| 21 | |netcap -r TCP.ncap.gz -sep ";"|Print audit records with Custom Separator| 22 | |netcap -r TCP.ncap.gz -check|Check if generated output contains the correct number of separator symbols| 23 | |netcap-server -gen-keypair|generate keypair for distributed collection and write to disk| 24 | |netcap -server -privkey priv.key -addr 127.0.0.1:4200|start collection server| 25 | |netcap -sensor -pubkey pub.key -addr 127.0.0.1:4200|start a sensor agent for exporting data| 26 | |netcap -iface en0 -bpf "host 192.168.1.1"|apply a BPF when capturing traffic live| 27 | |netcap -r traffic.pcap -bpf "host 192.168.1.1"|apply a BPF when parsing a dumpfile| 28 | |netcap -r traffic.pcap -include Ethernet,Dot1Q,IPv4,IPv6,TCP,UDP,DNS|Include specific encoders (only those named will be used)| 29 | |netcap -r traffic.pcap -exclude TCP,UDP|Exclude encoders (this will prevent decoding of layers encapsulated by the excluded ones)| 30 | |netcap -r UDP.ncap.gz -fields|Show available fields for the audit record type| 31 | -------------------------------------------------------------------------------- /docs/NETCAP-CHEATSHEET.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/NETCAP-CHEATSHEET.pdf -------------------------------------------------------------------------------- /docs/PROTOBUF-DECODING.md: -------------------------------------------------------------------------------- 1 | # Notes on decoding protobuf data 2 | 3 | Protobuf: 4 | 5 | message ProtocolBuffer { 6 | repeated string Types = 1; 7 | repeated bytes Fields = 2; 8 | } 9 | 10 | Go: 11 | 12 | type ProtocolBuffer struct { 13 | []string Types 14 | [][]byte Fields 15 | } 16 | 17 | Example: 18 | 19 | message Test { 20 | string Name = 1; 21 | string Stuff = 2; 22 | int32 Number = 3; 23 | bytes Data = 4; 24 | string Version = 5; 25 | } 26 | 27 | Debug with Go: 28 | 29 | 0: t= 1 bytes [6] 41 20 6e 61 6d 65 30 | 8: t= 2 bytes [10] 73 6f 6d .. 75 66 66 31 | 20: t= 3 varint 42 32 | 22: t= 4 bytes [3] 01 02 03 33 | 27: t= 5 bytes [5] 30 2e 31 2e 31 34 | 35 | 36 | Protoc: 37 | 38 | $ protoc --decode_raw < test.bin 39 | 1: "A name" 40 | 2: "some stuff" 41 | 3: 42 42 | 4: "\001\002\003" 43 | 5: "0.1.1" -------------------------------------------------------------------------------- /docs/SUMMARY.md: -------------------------------------------------------------------------------- 1 | # Table of contents 2 | 3 | * [Overview](README.md) 4 | * [Protocol Support](protocol-support.md) 5 | * [Specification](specification.md) 6 | * [Installation](installation.md) 7 | * [Quickstart](quickstart.md) 8 | * [Packet Collection](untitled.md) 9 | * [Audit Record Labeling](untitled-1.md) 10 | * [HTTP Proxy](http-proxy.md) 11 | * [USB Capture](usb-capture.md) 12 | * [Payload Capture](payload-capture.md) 13 | * [Distributed Collection](distributed-collection.md) 14 | * [Workers](workers.md) 15 | * [Filtering and Export](filtering-and-export.md) 16 | * [Downloads](cheatsheets.md) 17 | * [Internals](internals.md) 18 | * [Metrics](metrics.md) 19 | * [Python Integration](python-integration.md) 20 | * [FAQ](faq.md) 21 | * [Extension](extension.md) 22 | * [Contributing](contributing.md) 23 | * [License](license.md) 24 | 25 | -------------------------------------------------------------------------------- /docs/cheatsheets.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: A collection of cheatsheets and useful resources 3 | --- 4 | 5 | # Downloads 6 | 7 | ## Publications 8 | 9 | ### Thesis 10 | 11 | {% file src=".gitbook/assets/mied18.pdf" %} 12 | 13 | ### Thesis Presentation 14 | 15 | {% file src=".gitbook/assets/mied18\_os.pdf" %} 16 | 17 | ### SecurIT Cup 2018 Presentation 18 | 19 | {% file src=".gitbook/assets/securitcup\_slides\_philipp\_mieden.pdf" %} 20 | 21 | ## Cheatsheets 22 | 23 | ### List of all supported protocols and fields 24 | 25 | {% file src=".gitbook/assets/overview.pdf" caption="Netcap - Overview Supported Protocols" %} 26 | 27 | ### Command Cheatsheet 28 | 29 | {% file src=".gitbook/assets/netcap-cheatsheet.pdf" caption="Netcap General Cheatsheet" %} 30 | 31 | -------------------------------------------------------------------------------- /docs/contributing.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: Contributing to the Netcap project 3 | --- 4 | 5 | # Contributing 6 | 7 | ## Issues & Bug Reports 8 | 9 | Please include the Netcap version, the exact error messages and as much log output as possible! 10 | 11 | Try to answer these questions in your Bug Report: 12 | 13 | * What version of Netcap, which OS, which version of OS did you use? 14 | * What did you want to do? 15 | * What happened instead? 16 | * What output did you get? 17 | 18 | ## Pull Requests 19 | 20 | Before submitting your pull request please make sure the unit tests execute without errors. 21 | 22 | ## Feature Requests 23 | 24 | You have an idea for a new feature? Create a feature draft and open an issue to discuss it. 25 | 26 | -------------------------------------------------------------------------------- /docs/extension.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: Implementing new audit records and features 3 | --- 4 | 5 | # Extension 6 | 7 | To add support for a new protocol or custom abstraction the following steps need to be performed. 8 | 9 | ## Protocol Buffer Definitions 10 | 11 | First, a type definition of the new audit record type must be added to the AuditRecord protocol buffers definitions, as well as a **Type enumeration** following the naming convention with the **NC prefix**. 12 | 13 | ## Encoder Implementation 14 | 15 | After recompiling the protocol buffers, a file for the new encoder named after the protocol must be created in the encoder package. The new file must contain a variable created with **CreateLayerEncoder** or **CreateCustomEncoder** depending on the desired encoder type. 16 | 17 | Depending on the choice of the encoder type, the new variable must be added to the customEncoderSlice in **encoder/customEncoder.go** or layerEncoderSlice in **encoder/layerEncoder.go**. 18 | 19 | ## Audit Record Interface Implementation 20 | 21 | Next, the interface for conversion to CSV and JSON and exporting metrics must be implemented in the types package, by creating a new file with the protocol name and implementing the **CSVHeader\(\) \[\]string, CSVRecord\(\) \[\]string** and **NetcapTimestamp\(\) string** functions of the types.AuditRecord interface. 22 | 23 | If the new protocol contains sub-structures, functions to convert them to strings need to be implemented as well. 24 | 25 | ## Add Initializer 26 | 27 | Finally, the **InitRecord\(typ types.Type\) \(record proto.Message\)** function in netcap.go needs to be updated, to initialize the structure for the new type. 28 | 29 | -------------------------------------------------------------------------------- /docs/faq.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: Frequently Asked Questions 3 | --- 4 | 5 | # FAQ 6 | 7 | ## Does the tool work in outer space and under vaccum? 8 | 9 | I have no clue - please try and report the findings :\) 10 | 11 | ## How can I contribute to the project? 12 | 13 | Please see the Contributing page. 14 | 15 | ## I have a question, how can I reach you? 16 | 17 | Contact me by mail: dreadl0ck \[at\] protonmail \[dot\] ch 18 | 19 | -------------------------------------------------------------------------------- /docs/graphics/Netcap-Logo.graffle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/graphics/Netcap-Logo.graffle -------------------------------------------------------------------------------- /docs/graphics/Netcap-Logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/graphics/Netcap-Logo.jpg -------------------------------------------------------------------------------- /docs/graphics/logo.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | Produced by OmniGraffle 7.9.2 17 | 2018-11-15 20:13:00 +0000 18 | 19 | 20 | Canvas 1 21 | 22 | Layer 1 23 | 24 | 25 | NETCAP 26 | 27 | 28 | 29 | 30 | Traffic Analysis Framework 31 | 32 | 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /docs/graphics/netcap.graffle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/graphics/netcap.graffle -------------------------------------------------------------------------------- /docs/installation.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: Setup instructions 3 | --- 4 | 5 | # Installation 6 | 7 | ## Go Get 8 | 9 | Installation via go get: 10 | 11 | ```text 12 | $ go get -u github.com/dreadl0ck/netcap/... 13 | ``` 14 | 15 | ## Development Build 16 | 17 | To install the command-line tool: 18 | 19 | ```text 20 | $ go build -o $(go env GOPATH)/bin/netcap -i github.com/dreadl0ck/netcap/cmd 21 | ``` 22 | 23 | ## Cross Compilation 24 | 25 | To cross compile for other architectures, set the _GOARCH_ and _GOOS_ environment variables. For example to cross compile a binary for _linux amd64_: 26 | 27 | ```text 28 | $ GOARCH=amd64 GOOS=linux go build -o netcap -i github.com/dreadl0ck/netcap/cmd 29 | ``` 30 | 31 | ## Homebrew 32 | 33 | Install the _netcap_ command-line tool with Homebrew: 34 | 35 | ```text 36 | $ brew tap dreadl0ck/formulas 37 | $ brew install netcap 38 | ``` 39 | 40 | ## Buildsystem 41 | 42 | _Netcap_ uses the [zeus](https://github.com/dreadl0ck/zeus) buildsystem, it can be found on github along with installation instructions. 43 | 44 | However, the project can easily be installed without zeus. All shell scripts needed for installation can be found in the _zeus/generated_ directory as standalone versions: 45 | 46 | ```text 47 | zeus/generated/install-netcap.sh 48 | zeus/generated/install-netlabel.sh 49 | zeus/generated/install-sensor.sh 50 | zeus/generated/install-server.sh 51 | ``` 52 | 53 | To install the _Netcap_ and _Netlabel_ command-line tool and the library with zeus, run: 54 | 55 | ```text 56 | $ zeus install 57 | ``` 58 | 59 | ## Tests 60 | 61 | To execute the unit tests, run the following from the project root: 62 | 63 | ```text 64 | $ go test -v -bench=. ./... 65 | ``` 66 | 67 | -------------------------------------------------------------------------------- /docs/license.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: License type and terms 3 | --- 4 | 5 | # License 6 | 7 | ## GNU General Public License v3.0 8 | 9 | Netcap is licensed under the GNU General Public License v3, which is a very permissive open source license, that allows others to do almost anything they want with the project, except to distribute closed source versions. 10 | 11 | Permissions of this strong copyleft license are conditioned on making available complete source code of licensed works and modifications, which include larger works using a licensed work, under the same license. Copyright and license notices must be preserved. Contributors provide an express grant of patent rights. 12 | 13 | This license type was chosen with Netcaps research purpose in mind, and in the hope that it leads to further improvements and new capabilities contributed by other researchers on the long term. 14 | 15 | The license can be found here: [https://github.com/dreadl0ck/netcap/blob/master/LICENSE](https://github.com/dreadl0ck/netcap/blob/master/LICENSE) 16 | 17 | ## Usage Disclaimer 18 | 19 | Netcap was developed in a short timeframe as a research project and thus was neither tested nor developed to run in a production environment. The project may contain bugs, that have not yet been discovered. Error handling is not very graceful, in many cases that could have been handled otherwise, the program panics in order to assist in debugging with a stack trace. Until there are further unit tests and the error handling is more robust, using Netcap for other purposes than research is not recommended! 20 | 21 | -------------------------------------------------------------------------------- /docs/metrics.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: Prometheus Metrics 3 | --- 4 | 5 | # Metrics 6 | 7 | ## Introduction 8 | 9 | Netcap now support exporting prometheus metrics about its go runtime, the collection process and the audit records itself. This feature can be used with the **net.export** tool. 10 | 11 | ## Configuration 12 | 13 | Metrics are served by default on **127.0.0.1:7777/metrics**. Configure a prometheus instance to scrape it: 14 | 15 | ```yaml 16 | # reference: https://prometheus.io/docs/prometheus/latest/configuration/configuration/ 17 | 18 | global: 19 | scrape_interval: 15s 20 | scrape_timeout: 15s 21 | #evaluation_interval: 15s 22 | 23 | scrape_configs: 24 | # process_ metrics 25 | - job_name: netcap 26 | metrics_path: /metrics 27 | scheme: http 28 | static_configs: 29 | - targets: 30 | - 127.0.0.1:7777 31 | ``` 32 | 33 | ## Usage 34 | 35 | Export a PCAP dumpfile and serve metrics . 36 | 37 | ```text 38 | $ net.export -r 2017-09-19-traffic-analysis-exercise.pcap 39 | ``` 40 | 41 | Capture and export traffic live from the named interface: 42 | 43 | ```text 44 | $ net.export -iface en0 45 | ``` 46 | 47 | Export a specific audit record file: 48 | 49 | ```text 50 | $ net.export -r HTTP.ncap.gz 51 | ``` 52 | 53 | Export all audit record files in the current directory: 54 | 55 | ```text 56 | $ net.export . 57 | ``` 58 | 59 | ## Overview Dashboard Preview 60 | 61 | ![Grafana Dashboard Overview](.gitbook/assets/screenshot-2019-05-04-at-23.39.19.png) 62 | 63 | ## TCP Dashboard Preview 64 | 65 | ![Grafana Dashboard TCP](.gitbook/assets/screenshot-2019-05-04-at-23.39.41.png) 66 | 67 | ## HTTP Dashboard Preview 68 | 69 | ![Grafana Dashboard HTTP](.gitbook/assets/screenshot-2019-05-04-at-23.40.05.png) 70 | 71 | -------------------------------------------------------------------------------- /docs/overview.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/docs/overview.pdf -------------------------------------------------------------------------------- /docs/payload-capture.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: Capture full packet payloads 3 | --- 4 | 5 | # Payload Capture 6 | 7 | It is now possible to capture payload data for the following protocols: **TCP, UDP, ModbusTCP, USB** 8 | 9 | This can be enabled with the **-payload** flag: 10 | 11 | ```text 12 | $ net.cap -r traffic.pcap -payload 13 | ``` 14 | 15 | Setting the flag works for both live and offlline capture, afterwards the raw payload bytes are stored in the **Payload** field of the audit records. 16 | 17 | -------------------------------------------------------------------------------- /docs/protocol-support.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: An overview of supported protocols and available fields 3 | --- 4 | 5 | # Protocol Support 6 | 7 | ![](.gitbook/assets/screenshot-2019-05-01-at-22.52.40.png) 8 | 9 | ![](.gitbook/assets/screenshot-2019-05-01-at-22.52.47.png) 10 | 11 | ![](.gitbook/assets/screenshot-2019-05-01-at-22.52.56%20%283%29.png) 12 | 13 | -------------------------------------------------------------------------------- /docs/python-integration.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: Read Netcap Audit records from Python 3 | --- 4 | 5 | # Python Integration 6 | 7 | ## Source Code 8 | 9 | The Python library for interacting with netcap audit records has been published here: 10 | 11 | {% embed url="https://github.com/dreadl0ck/pynetcap" %} 12 | 13 | ## Usage 14 | 15 | ### Read into python dictionary 16 | 17 | Currently it is possible to retrieve the audit records as python dictionary: 18 | 19 | ```python 20 | #!/usr/bin/python 21 | 22 | import pynetcap as nc 23 | 24 | reader = nc.NCReader('pcaps/HTTP.ncap.gz') 25 | 26 | reader.read(dataframe=False) 27 | print("RECORDS:") 28 | print(reader.records) 29 | ``` 30 | 31 | ### Read into pandas dataframe 32 | 33 | Retrieving the audit records as pandas dataframe: 34 | 35 | ```python 36 | #!/usr/bin/python 37 | 38 | import pynetcap as nc 39 | 40 | reader = nc.NCReader('pcaps/HTTP.ncap.gz') 41 | 42 | reader.read(dataframe=True) 43 | print("[INFO] completed reading the audit record file:", reader.filepath) 44 | print("DATAFRAME:") 45 | print(reader.df) 46 | ``` 47 | 48 | -------------------------------------------------------------------------------- /docs/usb-capture.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: Capture traffic sent via Universal Serial Bus (USB) protocol 3 | --- 4 | 5 | # USB Capture 6 | 7 | ## Live Capture 8 | 9 | USB live capture is now possible, currently the following Audit Records exist: USB and USBRequestBlockSetup. 10 | 11 | To capture USB traffic live on macOS, install wireshark and bring up the USB interface: 12 | 13 | ```text 14 | $ sudo ifconfig XHC20 up 15 | ``` 16 | 17 | Now attach netcap and set baselayer to USB: 18 | 19 | ```text 20 | $ net.cap -iface XHC20 -base usb 21 | ``` 22 | 23 | ## Offline from dumpfile 24 | 25 | To read offline USB traffic from a PCAP file use: 26 | 27 | ```text 28 | $ net.cap -r usb.pcap -base usb 29 | ``` 30 | 31 | Don't forget to set the **-payload** flag if you want to preserve the data being transmitted! 32 | 33 | -------------------------------------------------------------------------------- /encoder/arp.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var arpEncoder = CreateLayerEncoder(types.Type_NC_ARP, layers.LayerTypeARP, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if arp, ok := layer.(*layers.ARP); ok { 25 | return &types.ARP{ 26 | Timestamp: timestamp, 27 | AddrType: int32(arp.AddrType), 28 | Protocol: int32(arp.Protocol), 29 | HwAddressSize: int32(arp.HwAddressSize), 30 | ProtAddressSize: int32(arp.ProtAddressSize), 31 | Operation: int32(arp.Operation), 32 | SrcHwAddress: arp.SourceHwAddress, 33 | SrcProtAddress: arp.SourceProtAddress, 34 | DstHwAddress: arp.DstHwAddress, 35 | DstProtAddress: arp.DstProtAddress, 36 | } 37 | } 38 | return nil 39 | }) 40 | -------------------------------------------------------------------------------- /encoder/bfd.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var bfdEncoder = CreateLayerEncoder(types.Type_NC_BFD, layers.LayerTypeBFD, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if bfd, ok := layer.(*layers.BFD); ok { 25 | return &types.BFD{ 26 | Timestamp: timestamp, 27 | Version: int32(bfd.Version), 28 | Diagnostic: int32(bfd.Diagnostic), 29 | State: int32(bfd.State), 30 | Poll: bool(bfd.Poll), 31 | Final: bool(bfd.Final), 32 | ControlPlaneIndependent: bool(bfd.ControlPlaneIndependent), 33 | AuthPresent: bool(bfd.AuthPresent), 34 | Demand: bool(bfd.Demand), 35 | Multipoint: bool(bfd.Multipoint), 36 | DetectMultiplier: int32(bfd.DetectMultiplier), 37 | MyDiscriminator: int32(bfd.MyDiscriminator), 38 | YourDiscriminator: int32(bfd.YourDiscriminator), 39 | DesiredMinTxInterval: int32(bfd.DesiredMinTxInterval), 40 | RequiredMinRxInterval: int32(bfd.RequiredMinRxInterval), 41 | RequiredMinEchoRxInterval: int32(bfd.RequiredMinEchoRxInterval), 42 | AuthHeader: &types.BFDAuthHeader{ 43 | AuthType: int32(bfd.AuthHeader.AuthType), 44 | KeyID: int32(bfd.AuthHeader.KeyID), 45 | SequenceNumber: int32(bfd.AuthHeader.SequenceNumber), 46 | Data: bfd.AuthHeader.Data, 47 | }, 48 | } 49 | } 50 | return nil 51 | }) 52 | -------------------------------------------------------------------------------- /encoder/ciscoDiscovery.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var ciscoDiscoveryEncoder = CreateLayerEncoder(types.Type_NC_CiscoDiscovery, layers.LayerTypeCiscoDiscovery, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if ciscoDiscovery, ok := layer.(*layers.CiscoDiscovery); ok { 25 | var values []*types.CiscoDiscoveryValue 26 | for _, v := range ciscoDiscovery.Values { 27 | values = append(values, &types.CiscoDiscoveryValue{ 28 | Type: int32(v.Type), 29 | Length: int32(v.Length), 30 | Value: []byte(v.Value), 31 | }) 32 | } 33 | return &types.CiscoDiscovery{ 34 | Timestamp: timestamp, 35 | Version: int32(ciscoDiscovery.Version), 36 | TTL: int32(ciscoDiscovery.TTL), 37 | Checksum: int32(ciscoDiscovery.Checksum), 38 | Values: values, 39 | } 40 | } 41 | return nil 42 | }) 43 | -------------------------------------------------------------------------------- /encoder/config.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | // Config contains configuration parameters 17 | // for the encoders 18 | type Config struct { 19 | Buffer bool 20 | Compression bool 21 | CSV bool 22 | IncludeEncoders string 23 | ExcludeEncoders string 24 | Out string 25 | WriteChan bool 26 | Source string 27 | Version string 28 | IncludePayloads bool 29 | Export bool 30 | } 31 | -------------------------------------------------------------------------------- /encoder/counters.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "sync" 18 | ) 19 | 20 | //////////////////////// 21 | // Atomic Counter Map // 22 | //////////////////////// 23 | 24 | // AtomicCounterMap maps strings to integers 25 | type AtomicCounterMap struct { 26 | Items map[string]int64 27 | sync.Mutex 28 | } 29 | 30 | // NewAtomicCounterMap returns a new AtomicCounterMap 31 | func NewAtomicCounterMap() *AtomicCounterMap { 32 | return &AtomicCounterMap{ 33 | Items: map[string]int64{}, 34 | } 35 | } 36 | 37 | // Inc increments a value 38 | func (a *AtomicCounterMap) Inc(val string) { 39 | a.Lock() 40 | a.Items[val]++ 41 | a.Unlock() 42 | } 43 | -------------------------------------------------------------------------------- /encoder/dhcp4.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var dhcpv4Encoder = CreateLayerEncoder(types.Type_NC_DHCPv4, layers.LayerTypeDHCPv4, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if dhcp4, ok := layer.(*layers.DHCPv4); ok { 25 | var opts []*types.DHCPOption 26 | for _, o := range dhcp4.Options { 27 | opts = append(opts, &types.DHCPOption{ 28 | Data: o.Data, 29 | Length: int32(o.Length), 30 | Type: int32(o.Type), 31 | }) 32 | } 33 | 34 | return &types.DHCPv4{ 35 | Timestamp: timestamp, 36 | Operation: int32(dhcp4.Operation), 37 | HardwareType: int32(dhcp4.HardwareType), 38 | HardwareLen: int32(dhcp4.HardwareLen), 39 | HardwareOpts: int32(dhcp4.HardwareOpts), 40 | Xid: uint32(dhcp4.Xid), 41 | Secs: int32(dhcp4.Secs), 42 | Flags: int32(dhcp4.Flags), 43 | ClientIP: dhcp4.ClientIP.String(), 44 | YourClientIP: dhcp4.YourClientIP.String(), 45 | NextServerIP: dhcp4.NextServerIP.String(), 46 | RelayAgentIP: dhcp4.RelayAgentIP.String(), 47 | ClientHWAddr: dhcp4.ClientHWAddr.String(), 48 | ServerName: []byte(dhcp4.ServerName), 49 | File: []byte(dhcp4.File), 50 | Options: opts, 51 | } 52 | } 53 | return nil 54 | }) 55 | -------------------------------------------------------------------------------- /encoder/dhcp6.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var dhcpv6Encoder = CreateLayerEncoder(types.Type_NC_DHCPv6, layers.LayerTypeDHCPv6, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if dhcp6, ok := layer.(*layers.DHCPv6); ok { 25 | 26 | var opts []*types.DHCPv6Option 27 | for _, o := range dhcp6.Options { 28 | opts = append(opts, &types.DHCPv6Option{ 29 | Data: o.Data, 30 | Length: int32(o.Length), 31 | Code: int32(o.Code), 32 | }) 33 | } 34 | return &types.DHCPv6{ 35 | Timestamp: timestamp, 36 | MsgType: int32(dhcp6.MsgType), 37 | HopCount: int32(dhcp6.HopCount), 38 | LinkAddr: dhcp6.LinkAddr.String(), 39 | PeerAddr: dhcp6.PeerAddr.String(), 40 | TransactionID: []byte(dhcp6.TransactionID), 41 | Options: opts, 42 | } 43 | } 44 | return nil 45 | }) 46 | -------------------------------------------------------------------------------- /encoder/dot1q.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var dot1QEncoder = CreateLayerEncoder(types.Type_NC_Dot1Q, layers.LayerTypeDot1Q, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if dot1q, ok := layer.(*layers.Dot1Q); ok { 25 | return &types.Dot1Q{ 26 | Timestamp: timestamp, 27 | Priority: int32(dot1q.Priority), 28 | DropEligible: dot1q.DropEligible, 29 | VLANIdentifier: int32(dot1q.VLANIdentifier), 30 | Type: int32(dot1q.Type), 31 | } 32 | } 33 | return nil 34 | }) 35 | -------------------------------------------------------------------------------- /encoder/eap.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var eapEncoder = CreateLayerEncoder(types.Type_NC_EAP, layers.LayerTypeEAP, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if eap, ok := layer.(*layers.EAP); ok { 25 | return &types.EAP{ 26 | Timestamp: timestamp, 27 | Code: int32(eap.Code), 28 | Id: int32(eap.Id), 29 | Length: int32(eap.Length), 30 | Type: int32(eap.Type), 31 | TypeData: []byte(eap.TypeData), 32 | } 33 | } 34 | return nil 35 | }) 36 | -------------------------------------------------------------------------------- /encoder/eapol.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var eapolEncoder = CreateLayerEncoder(types.Type_NC_EAPOL, layers.LayerTypeEAPOL, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if eapol, ok := layer.(*layers.EAPOL); ok { 25 | return &types.EAPOL{ 26 | Timestamp: timestamp, 27 | Version: int32(eapol.Version), 28 | Type: int32(eapol.Type), 29 | Length: int32(eapol.Length), 30 | } 31 | } 32 | return nil 33 | }) 34 | -------------------------------------------------------------------------------- /encoder/eapolkey.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var eapolkeyEncoder = CreateLayerEncoder(types.Type_NC_EAPOLKey, layers.LayerTypeEAPOLKey, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if eapolkey, ok := layer.(*layers.EAPOLKey); ok { 25 | return &types.EAPOLKey{ 26 | Timestamp: timestamp, 27 | KeyDescriptorType: int32(eapolkey.KeyDescriptorType), 28 | KeyDescriptorVersion: int32(eapolkey.KeyDescriptorVersion), 29 | KeyType: int32(eapolkey.KeyType), 30 | KeyIndex: int32(eapolkey.KeyIndex), 31 | Install: bool(eapolkey.Install), 32 | KeyACK: bool(eapolkey.KeyACK), 33 | KeyMIC: bool(eapolkey.KeyMIC), 34 | Secure: bool(eapolkey.Secure), 35 | MICError: bool(eapolkey.MICError), 36 | Request: bool(eapolkey.Request), 37 | HasEncryptedKeyData: bool(eapolkey.HasEncryptedKeyData), 38 | SMKMessage: bool(eapolkey.SMKMessage), 39 | KeyLength: int32(eapolkey.KeyLength), 40 | ReplayCounter: uint64(eapolkey.ReplayCounter), 41 | Nonce: []byte(eapolkey.Nonce), 42 | IV: []byte(eapolkey.IV), 43 | RSC: uint64(eapolkey.RSC), 44 | ID: uint64(eapolkey.ID), 45 | MIC: []byte(eapolkey.MIC), 46 | KeyDataLength: int32(eapolkey.KeyDataLength), 47 | EncryptedKeyData: []byte(eapolkey.EncryptedKeyData), 48 | } 49 | } 50 | return nil 51 | }) 52 | -------------------------------------------------------------------------------- /encoder/eth.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var ethernetEncoder = CreateLayerEncoder(types.Type_NC_Ethernet, layers.LayerTypeEthernet, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if eth, ok := layer.(*layers.Ethernet); ok { 25 | return &types.Ethernet{ 26 | Timestamp: timestamp, 27 | SrcMAC: eth.SrcMAC.String(), 28 | DstMAC: eth.DstMAC.String(), 29 | EthernetType: int32(eth.EthernetType), 30 | PayloadEntropy: Entropy(eth.Payload), 31 | PayloadSize: int32(len(eth.Payload)), 32 | } 33 | } 34 | return nil 35 | }) 36 | -------------------------------------------------------------------------------- /encoder/ethctp.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var ethernetCTPEncoder = CreateLayerEncoder(types.Type_NC_EthernetCTP, layers.LayerTypeEthernetCTP, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if ethctp, ok := layer.(*layers.EthernetCTP); ok { 25 | return &types.EthernetCTP{ 26 | Timestamp: timestamp, 27 | SkipCount: int32(ethctp.SkipCount), 28 | } 29 | } 30 | return nil 31 | }) 32 | -------------------------------------------------------------------------------- /encoder/ethctpr.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var ethernetCTPReplyEncoder = CreateLayerEncoder(types.Type_NC_EthernetCTPReply, layers.LayerTypeEthernetCTPReply, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if ethctpr, ok := layer.(*layers.EthernetCTPReply); ok { 25 | return &types.EthernetCTPReply{ 26 | Timestamp: timestamp, 27 | Function: int32(ethctpr.Function), 28 | ReceiptNumber: int32(ethctpr.ReceiptNumber), 29 | Data: ethctpr.Data, 30 | } 31 | } 32 | return nil 33 | }) 34 | -------------------------------------------------------------------------------- /encoder/fddi.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var fddiEncoder = CreateLayerEncoder(types.Type_NC_FDDI, layers.LayerTypeFDDI, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if fddi, ok := layer.(*layers.FDDI); ok { 25 | return &types.FDDI{ 26 | Timestamp: timestamp, 27 | FrameControl: int32(fddi.FrameControl), 28 | Priority: int32(fddi.Priority), 29 | SrcMAC: string(fddi.SrcMAC), 30 | DstMAC: string(fddi.DstMAC), 31 | } 32 | } 33 | return nil 34 | }) 35 | -------------------------------------------------------------------------------- /encoder/geneve.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var geneveEncoder = CreateLayerEncoder(types.Type_NC_Geneve, layers.LayerTypeGeneve, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if geneve, ok := layer.(*layers.Geneve); ok { 25 | var opts = []*types.GeneveOption{} 26 | if len(geneve.Options) > 0 { 27 | for _, o := range geneve.Options { 28 | opts = append(opts, &types.GeneveOption{ 29 | Class: int32(o.Class), 30 | Type: int32(o.Type), 31 | Flags: int32(o.Flags), 32 | Length: int32(o.Length), 33 | Data: o.Data, 34 | }) 35 | } 36 | } 37 | return &types.Geneve{ 38 | Timestamp: timestamp, 39 | Version: int32(geneve.Version), 40 | OptionsLength: int32(geneve.OptionsLength), 41 | OAMPacket: bool(geneve.OAMPacket), 42 | CriticalOption: bool(geneve.CriticalOption), 43 | Protocol: int32(geneve.Protocol), 44 | VNI: uint32(geneve.VNI), 45 | Options: opts, 46 | } 47 | } 48 | return nil 49 | }) 50 | -------------------------------------------------------------------------------- /encoder/icmp4.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var icmpv4Encoder = CreateLayerEncoder(types.Type_NC_ICMPv4, layers.LayerTypeICMPv4, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if icmp4, ok := layer.(*layers.ICMPv4); ok { 25 | return &types.ICMPv4{ 26 | Timestamp: timestamp, 27 | TypeCode: int32(icmp4.TypeCode), 28 | Checksum: int32(icmp4.Checksum), 29 | Id: int32(icmp4.Id), 30 | Seq: int32(icmp4.Seq), 31 | } 32 | } 33 | return nil 34 | }) 35 | -------------------------------------------------------------------------------- /encoder/icmp6.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var icmpv6Encoder = CreateLayerEncoder(types.Type_NC_ICMPv6, layers.LayerTypeICMPv6, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if icmp6, ok := layer.(*layers.ICMPv6); ok { 25 | return &types.ICMPv6{ 26 | Timestamp: timestamp, 27 | TypeCode: int32(icmp6.TypeCode), 28 | Checksum: int32(icmp6.Checksum), 29 | } 30 | } 31 | return nil 32 | }) 33 | -------------------------------------------------------------------------------- /encoder/icmp6e.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var icmpv6EchoEncoder = CreateLayerEncoder(types.Type_NC_ICMPv6Echo, layers.LayerTypeICMPv6Echo, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if icmp6e, ok := layer.(*layers.ICMPv6Echo); ok { 25 | return &types.ICMPv6Echo{ 26 | Timestamp: timestamp, 27 | Identifier: int32(icmp6e.Identifier), 28 | SeqNumber: int32(icmp6e.SeqNumber), 29 | } 30 | } 31 | return nil 32 | }) 33 | -------------------------------------------------------------------------------- /encoder/icmp6na.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var icmpv6NeighborAdvertisementEncoder = CreateLayerEncoder(types.Type_NC_ICMPv6NeighborAdvertisement, layers.LayerTypeICMPv6NeighborAdvertisement, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if icmp6na, ok := layer.(*layers.ICMPv6NeighborAdvertisement); ok { 25 | var opts []*types.ICMPv6Option 26 | for _, o := range icmp6na.Options { 27 | opts = append(opts, &types.ICMPv6Option{ 28 | Data: o.Data, 29 | Type: int32(o.Type), 30 | }) 31 | } 32 | return &types.ICMPv6NeighborAdvertisement{ 33 | Timestamp: timestamp, 34 | Flags: int32(icmp6na.Flags), 35 | TargetAddress: icmp6na.TargetAddress.String(), 36 | Options: opts, 37 | } 38 | } 39 | return nil 40 | }) 41 | -------------------------------------------------------------------------------- /encoder/icmp6ns.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var icmpv6NeighborSolicitationEncoder = CreateLayerEncoder( 24 | types.Type_NC_ICMPv6NeighborSolicitation, 25 | layers.LayerTypeICMPv6NeighborSolicitation, 26 | func(layer gopacket.Layer, timestamp string) proto.Message { 27 | if icmp6ns, ok := layer.(*layers.ICMPv6NeighborSolicitation); ok { 28 | var opts []*types.ICMPv6Option 29 | for _, o := range icmp6ns.Options { 30 | opts = append(opts, &types.ICMPv6Option{ 31 | Data: o.Data, 32 | Type: int32(o.Type), 33 | }) 34 | } 35 | return &types.ICMPv6NeighborSolicitation{ 36 | Timestamp: timestamp, 37 | TargetAddress: icmp6ns.TargetAddress.String(), 38 | Options: opts, 39 | } 40 | } 41 | return nil 42 | }) 43 | -------------------------------------------------------------------------------- /encoder/icmp6ra.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var icmpv6RouterAdvertisementEncoder = CreateLayerEncoder( 24 | types.Type_NC_ICMPv6RouterAdvertisement, 25 | layers.LayerTypeICMPv6RouterAdvertisement, 26 | func(layer gopacket.Layer, timestamp string) proto.Message { 27 | if icmp6ra, ok := layer.(*layers.ICMPv6RouterAdvertisement); ok { 28 | var opts []*types.ICMPv6Option 29 | for _, o := range icmp6ra.Options { 30 | opts = append(opts, &types.ICMPv6Option{ 31 | Data: o.Data, 32 | Type: int32(o.Type), 33 | }) 34 | } 35 | return &types.ICMPv6RouterAdvertisement{ 36 | Timestamp: timestamp, 37 | HopLimit: int32(icmp6ra.HopLimit), 38 | Flags: int32(icmp6ra.Flags), 39 | RouterLifetime: int32(icmp6ra.RouterLifetime), 40 | ReachableTime: icmp6ra.ReachableTime, 41 | RetransTimer: icmp6ra.RetransTimer, 42 | Options: opts, 43 | } 44 | } 45 | return nil 46 | }) 47 | -------------------------------------------------------------------------------- /encoder/icmp6rs.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var icmpv6RouterSolicitationEncoder = CreateLayerEncoder( 24 | types.Type_NC_ICMPv6RouterSolicitation, 25 | layers.LayerTypeICMPv6RouterSolicitation, 26 | func(layer gopacket.Layer, timestamp string) proto.Message { 27 | if icmp6rs, ok := layer.(*layers.ICMPv6RouterSolicitation); ok { 28 | var opts []*types.ICMPv6Option 29 | for _, o := range icmp6rs.Options { 30 | opts = append(opts, &types.ICMPv6Option{ 31 | Data: o.Data, 32 | Type: int32(o.Type), 33 | }) 34 | } 35 | return &types.ICMPv6NeighborSolicitation{ 36 | Timestamp: timestamp, 37 | Options: opts, 38 | } 39 | } 40 | return nil 41 | }) 42 | -------------------------------------------------------------------------------- /encoder/init.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | /* 17 | * Package Level Initialization 18 | */ 19 | 20 | func init() { 21 | 22 | // collect all names for layer encoders on startup 23 | for _, e := range layerEncoderSlice { 24 | allEncoderNames[e.Layer.String()] = struct{}{} 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /encoder/ip4.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var ipv4Encoder = CreateLayerEncoder( 24 | types.Type_NC_IPv4, 25 | layers.LayerTypeIPv4, 26 | func(layer gopacket.Layer, timestamp string) proto.Message { 27 | if ip4, ok := layer.(*layers.IPv4); ok { 28 | 29 | var opts []*types.IPv4Option 30 | for _, o := range ip4.Options { 31 | opts = append(opts, &types.IPv4Option{ 32 | OptionData: o.OptionData, 33 | OptionLength: int32(o.OptionLength), 34 | OptionType: int32(o.OptionType), 35 | }) 36 | } 37 | return &types.IPv4{ 38 | Timestamp: timestamp, 39 | Version: int32(ip4.Version), 40 | IHL: int32(ip4.IHL), 41 | TOS: int32(ip4.TOS), 42 | Length: int32(ip4.Length), 43 | Id: int32(ip4.Id), 44 | Flags: int32(ip4.Flags), 45 | FragOffset: int32(ip4.FragOffset), 46 | TTL: int32(ip4.TTL), 47 | Protocol: int32(ip4.Protocol), 48 | Checksum: int32(ip4.Checksum), 49 | SrcIP: ip4.SrcIP.String(), 50 | DstIP: ip4.DstIP.String(), 51 | Padding: ip4.Padding, 52 | Options: opts, 53 | PayloadEntropy: Entropy(ip4.Payload), 54 | PayloadSize: int32(len(ip4.Payload)), 55 | } 56 | } 57 | return nil 58 | }) 59 | -------------------------------------------------------------------------------- /encoder/ip6.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var ipv6Encoder = CreateLayerEncoder( 24 | types.Type_NC_IPv6, 25 | layers.LayerTypeIPv6, 26 | func(layer gopacket.Layer, timestamp string) proto.Message { 27 | if ip6, ok := layer.(*layers.IPv6); ok { 28 | return &types.IPv6{ 29 | Timestamp: timestamp, 30 | Version: int32(ip6.Version), 31 | TrafficClass: int32(ip6.TrafficClass), 32 | FlowLabel: uint32(ip6.FlowLabel), 33 | Length: int32(ip6.Length), 34 | NextHeader: int32(ip6.NextHeader), 35 | HopLimit: int32(ip6.HopLimit), 36 | SrcIP: ip6.SrcIP.String(), 37 | DstIP: ip6.DstIP.String(), 38 | PayloadSize: int32(len(ip6.Payload)), 39 | PayloadEntropy: Entropy(ip6.Payload), 40 | } 41 | } 42 | return nil 43 | }) 44 | -------------------------------------------------------------------------------- /encoder/ip6hop.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var ipv6HopByHopEncoder = CreateLayerEncoder( 24 | types.Type_NC_IPv6HopByHop, 25 | layers.LayerTypeIPv6HopByHop, 26 | func(layer gopacket.Layer, timestamp string) proto.Message { 27 | if ip6hop, ok := layer.(*layers.IPv6HopByHop); ok { 28 | var options []*types.IPv6HopByHopOption 29 | for _, o := range ip6hop.Options { 30 | var a *types.IPv6HopByHopOptionAlignment 31 | if len(o.OptionAlignment) == 2 { 32 | a = &types.IPv6HopByHopOptionAlignment{ 33 | One: int32(o.OptionAlignment[0]), 34 | Two: int32(o.OptionAlignment[1]), 35 | } 36 | } 37 | options = append(options, &types.IPv6HopByHopOption{ 38 | OptionType: int32(o.OptionType), 39 | OptionLength: int32(o.OptionLength), 40 | ActualLength: int32(o.ActualLength), 41 | OptionData: o.OptionData, 42 | OptionAlignment: a, 43 | }) 44 | } 45 | return &types.IPv6HopByHop{ 46 | Timestamp: timestamp, 47 | Options: options, 48 | } 49 | } 50 | return nil 51 | }) 52 | -------------------------------------------------------------------------------- /encoder/ipsecah.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var ipSecAHEncoder = CreateLayerEncoder(types.Type_NC_IPSecAH, layers.LayerTypeIPSecAH, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if ipsecah, ok := layer.(*layers.IPSecAH); ok { 25 | return &types.IPSecAH{ 26 | Timestamp: timestamp, 27 | Reserved: int32(ipsecah.Reserved), // int32 28 | SPI: int32(ipsecah.SPI), // int32 29 | Seq: int32(ipsecah.Seq), // int32 30 | AuthenticationData: ipsecah.AuthenticationData, // []byte 31 | } 32 | } 33 | return nil 34 | }) 35 | -------------------------------------------------------------------------------- /encoder/ipsecesp.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var ipSecESPEncoder = CreateLayerEncoder(types.Type_NC_IPSecESP, layers.LayerTypeIPSecESP, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if ipsecesp, ok := layer.(*layers.IPSecESP); ok { 25 | return &types.IPSecESP{ 26 | Timestamp: timestamp, 27 | SPI: int32(ipsecesp.SPI), // int32 28 | Seq: int32(ipsecesp.Seq), // int32 29 | LenEncrypted: int32(len(ipsecesp.Encrypted)), // int32 30 | } 31 | } 32 | return nil 33 | }) 34 | -------------------------------------------------------------------------------- /encoder/ipv6fragment.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var ip6FragmentEncoder = CreateLayerEncoder(types.Type_NC_IPv6Fragment, layers.LayerTypeIPv6Fragment, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if ip6f, ok := layer.(*layers.IPv6Fragment); ok { 25 | return &types.IPv6Fragment{ 26 | Timestamp: timestamp, 27 | NextHeader: int32(ip6f.NextHeader), 28 | Reserved1: int32(ip6f.Reserved1), 29 | FragmentOffset: int32(ip6f.FragmentOffset), 30 | Reserved2: int32(ip6f.Reserved2), 31 | MoreFragments: bool(ip6f.MoreFragments), 32 | Identification: uint32(ip6f.Identification), 33 | } 34 | } 35 | return nil 36 | }) 37 | -------------------------------------------------------------------------------- /encoder/lcm.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var lcmEncoder = CreateLayerEncoder(types.Type_NC_LCM, layers.LayerTypeLCM, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if lcm, ok := layer.(*layers.LCM); ok { 25 | return &types.LCM{ 26 | Timestamp: timestamp, 27 | Magic: int32(lcm.Magic), 28 | SequenceNumber: int32(lcm.SequenceNumber), 29 | PayloadSize: int32(lcm.PayloadSize), 30 | FragmentOffset: int32(lcm.FragmentOffset), 31 | FragmentNumber: int32(lcm.FragmentNumber), 32 | TotalFragments: int32(lcm.TotalFragments), 33 | ChannelName: string(lcm.ChannelName), 34 | Fragmented: bool(lcm.Fragmented), 35 | } 36 | } 37 | return nil 38 | }) 39 | -------------------------------------------------------------------------------- /encoder/llc.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var llcEncoder = CreateLayerEncoder( 24 | types.Type_NC_LLC, 25 | layers.LayerTypeLLC, 26 | func(layer gopacket.Layer, timestamp string) proto.Message { 27 | if llc, ok := layer.(*layers.LLC); ok { 28 | return &types.LLC{ 29 | Timestamp: timestamp, 30 | DSAP: int32(llc.DSAP), 31 | IG: llc.IG, 32 | SSAP: int32(llc.SSAP), 33 | CR: llc.CR, 34 | Control: int32(llc.Control), 35 | } 36 | } 37 | return nil 38 | }) 39 | -------------------------------------------------------------------------------- /encoder/lld.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var linkLayerDiscoveryEncoder = CreateLayerEncoder( 24 | types.Type_NC_LinkLayerDiscovery, 25 | layers.LayerTypeLinkLayerDiscovery, 26 | func(layer gopacket.Layer, timestamp string) proto.Message { 27 | if lld, ok := layer.(*layers.LinkLayerDiscovery); ok { 28 | var vals []*types.LinkLayerDiscoveryValue 29 | for _, v := range lld.Values { 30 | vals = append(vals, &types.LinkLayerDiscoveryValue{ 31 | Type: int32(v.Type), 32 | Length: int32(v.Length), 33 | Value: v.Value, 34 | }) 35 | } 36 | return &types.LinkLayerDiscovery{ 37 | Timestamp: timestamp, 38 | ChassisID: &types.LLDPChassisID{ 39 | Subtype: int32(lld.ChassisID.Subtype), 40 | ID: lld.ChassisID.ID, 41 | }, 42 | PortID: &types.LLDPPortID{ 43 | Subtype: int32(lld.PortID.Subtype), 44 | ID: lld.PortID.ID, 45 | }, 46 | TTL: int32(lld.TTL), 47 | Values: vals, 48 | } 49 | } 50 | return nil 51 | }) 52 | -------------------------------------------------------------------------------- /encoder/modbustcp.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var modbusTCPEncoder = CreateLayerEncoder(types.Type_NC_ModbusTCP, layers.LayerTypeModbusTCP, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if mtcp, ok := layer.(*layers.ModbusTCP); ok { 25 | var payload []byte 26 | if CapturePayload { 27 | payload = layer.LayerPayload() 28 | } 29 | return &types.ModbusTCP{ 30 | Timestamp: timestamp, 31 | TransactionIdentifier: int32(mtcp.TransactionIdentifier), 32 | ProtocolIdentifier: int32(mtcp.ProtocolIdentifier), 33 | Length: int32(mtcp.Length), 34 | UnitIdentifier: int32(mtcp.UnitIdentifier), 35 | Payload: payload, 36 | } 37 | } 38 | return nil 39 | }) 40 | -------------------------------------------------------------------------------- /encoder/mpls.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var mplsEncoder = CreateLayerEncoder(types.Type_NC_MPLS, layers.LayerTypeMPLS, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if mpls, ok := layer.(*layers.MPLS); ok { 25 | return &types.MPLS{ 26 | Timestamp: timestamp, 27 | Label: int32(mpls.Label), 28 | TrafficClass: int32(mpls.TrafficClass), 29 | StackBottom: bool(mpls.StackBottom), 30 | TTL: int32(mpls.TTL), 31 | } 32 | } 33 | return nil 34 | }) 35 | -------------------------------------------------------------------------------- /encoder/nortelDiscovery.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var nortelDiscoveryEncoder = CreateLayerEncoder(types.Type_NC_NortelDiscovery, layers.LayerTypeNortelDiscovery, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if nortel, ok := layer.(*layers.NortelDiscovery); ok { 25 | return &types.NortelDiscovery{ 26 | Timestamp: timestamp, 27 | IPAddress: string(nortel.IPAddress), 28 | SegmentID: []byte(nortel.SegmentID), 29 | Chassis: int32(nortel.Chassis), 30 | Backplane: int32(nortel.Backplane), 31 | State: int32(nortel.State), 32 | NumLinks: int32(nortel.NumLinks), 33 | } 34 | } 35 | return nil 36 | }) 37 | -------------------------------------------------------------------------------- /encoder/ntp.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | package encoder 14 | 15 | import ( 16 | "github.com/dreadl0ck/netcap/types" 17 | "github.com/golang/protobuf/proto" 18 | "github.com/google/gopacket" 19 | "github.com/google/gopacket/layers" 20 | ) 21 | 22 | var ntpEncoder = CreateLayerEncoder(types.Type_NC_NTP, layers.LayerTypeNTP, func(layer gopacket.Layer, timestamp string) proto.Message { 23 | if ntp, ok := layer.(*layers.NTP); ok { 24 | return &types.NTP{ 25 | Timestamp: timestamp, 26 | LeapIndicator: int32(ntp.LeapIndicator), 27 | Version: int32(ntp.Version), 28 | Mode: int32(ntp.Mode), 29 | Stratum: int32(ntp.Stratum), 30 | Poll: int32(ntp.Poll), 31 | Precision: int32(ntp.Precision), 32 | RootDelay: uint32(ntp.RootDelay), 33 | RootDispersion: uint32(ntp.RootDispersion), 34 | ReferenceID: uint32(ntp.ReferenceID), 35 | ReferenceTimestamp: uint64(ntp.ReferenceTimestamp), 36 | OriginTimestamp: uint64(ntp.OriginTimestamp), 37 | ReceiveTimestamp: uint64(ntp.ReceiveTimestamp), 38 | TransmitTimestamp: uint64(ntp.TransmitTimestamp), 39 | ExtensionBytes: ntp.ExtensionBytes, 40 | } 41 | } 42 | return nil 43 | }) 44 | -------------------------------------------------------------------------------- /encoder/sctp.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var sctpEncoder = CreateLayerEncoder(types.Type_NC_SCTP, layers.LayerTypeSCTP, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if sctp, ok := layer.(*layers.SCTP); ok { 25 | return &types.SCTP{ 26 | Timestamp: timestamp, 27 | Checksum: sctp.Checksum, 28 | DstPort: uint32(sctp.DstPort), 29 | SrcPort: uint32(sctp.SrcPort), 30 | VerificationTag: sctp.VerificationTag, 31 | } 32 | } 33 | return nil 34 | }) 35 | -------------------------------------------------------------------------------- /encoder/shared.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "fmt" 18 | "os" 19 | 20 | "github.com/mgutz/ansi" 21 | ) 22 | 23 | var ( 24 | // LiveMode switch for all encoders 25 | LiveMode bool 26 | 27 | // CapturePayload for encoders that support it 28 | CapturePayload = false 29 | 30 | allEncoderNames = make(map[string]struct{}) 31 | errorMap *AtomicCounterMap 32 | ) 33 | 34 | func SetErrorMap(m *AtomicCounterMap) { 35 | errorMap = m 36 | } 37 | 38 | func invalidEncoder(name string) { 39 | fmt.Println("invalid encoder: " + ansi.Red + name + ansi.Reset) 40 | ShowEncoders() 41 | os.Exit(1) 42 | } 43 | -------------------------------------------------------------------------------- /encoder/sip.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "strings" 18 | 19 | "github.com/dreadl0ck/netcap/types" 20 | "github.com/golang/protobuf/proto" 21 | "github.com/google/gopacket" 22 | "github.com/google/gopacket/layers" 23 | ) 24 | 25 | var sipEncoder = CreateLayerEncoder(types.Type_NC_SIP, layers.LayerTypeSIP, func(layer gopacket.Layer, timestamp string) proto.Message { 26 | if sip, ok := layer.(*layers.SIP); ok { 27 | headers := []string{} 28 | for k, v := range sip.Headers { 29 | headers = append(headers, k+":"+strings.Join(v, ",")) 30 | } 31 | return &types.SIP{ 32 | Timestamp: timestamp, 33 | Version: int32(sip.Version), 34 | Method: int32(sip.Method), 35 | Headers: headers, 36 | IsResponse: bool(sip.IsResponse), 37 | ResponseCode: int32(sip.ResponseCode), 38 | ResponseStatus: string(sip.ResponseStatus), 39 | } 40 | } 41 | return nil 42 | }) 43 | -------------------------------------------------------------------------------- /encoder/snap.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var snapEncoder = CreateLayerEncoder(types.Type_NC_SNAP, layers.LayerTypeSNAP, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if snap, ok := layer.(*layers.SNAP); ok { 25 | return &types.SNAP{ 26 | Timestamp: timestamp, 27 | OrganizationalCode: snap.OrganizationalCode, 28 | Type: int32(snap.Type), 29 | } 30 | } 31 | return nil 32 | }) 33 | -------------------------------------------------------------------------------- /encoder/udp.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var udpEncoder = CreateLayerEncoder(types.Type_NC_UDP, layers.LayerTypeUDP, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if udp, ok := layer.(*layers.UDP); ok { 25 | var payload []byte 26 | if CapturePayload { 27 | payload = layer.LayerPayload() 28 | } 29 | return &types.UDP{ 30 | Timestamp: timestamp, 31 | SrcPort: int32(udp.SrcPort), 32 | DstPort: int32(udp.DstPort), 33 | Length: int32(udp.Length), 34 | Checksum: int32(udp.Checksum), 35 | PayloadEntropy: Entropy(udp.Payload), 36 | PayloadSize: int32(len(udp.Payload)), 37 | Payload: payload, 38 | } 39 | } 40 | return nil 41 | }) 42 | -------------------------------------------------------------------------------- /encoder/usb.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var usbEncoder = CreateLayerEncoder(types.Type_NC_USB, layers.LayerTypeUSB, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if usb, ok := layer.(*layers.USB); ok { 25 | var payload []byte 26 | if CapturePayload { 27 | payload = layer.LayerPayload() 28 | } 29 | return &types.USB{ 30 | Timestamp: timestamp, 31 | ID: uint64(usb.ID), 32 | EventType: int32(usb.EventType), 33 | TransferType: int32(usb.TransferType), 34 | Direction: int32(usb.Direction), 35 | EndpointNumber: int32(usb.EndpointNumber), 36 | DeviceAddress: int32(usb.DeviceAddress), 37 | BusID: int32(usb.BusID), 38 | TimestampSec: int64(usb.TimestampSec), 39 | TimestampUsec: int32(usb.TimestampUsec), 40 | Setup: bool(usb.Setup), 41 | Data: bool(usb.Data), 42 | Status: int32(usb.Status), 43 | UrbLength: uint32(usb.UrbLength), 44 | UrbDataLength: uint32(usb.UrbDataLength), 45 | UrbInterval: uint32(usb.UrbInterval), 46 | UrbStartFrame: uint32(usb.UrbStartFrame), 47 | UrbCopyOfTransferFlags: uint32(usb.UrbCopyOfTransferFlags), 48 | IsoNumDesc: uint32(usb.IsoNumDesc), 49 | Payload: payload, 50 | } 51 | } 52 | return nil 53 | }) 54 | -------------------------------------------------------------------------------- /encoder/usbRequestBlockSetup.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var usbRequestBlockSetupEncoder = CreateLayerEncoder(types.Type_NC_USBRequestBlockSetup, layers.LayerTypeUSBRequestBlockSetup, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if usbR, ok := layer.(*layers.USBRequestBlockSetup); ok { 25 | return &types.USBRequestBlockSetup{ 26 | Timestamp: timestamp, 27 | RequestType: int32(usbR.RequestType), 28 | Request: int32(usbR.Request), 29 | Value: int32(usbR.Value), 30 | Index: int32(usbR.Index), 31 | Length: int32(usbR.Length), 32 | } 33 | } 34 | return nil 35 | }) 36 | -------------------------------------------------------------------------------- /encoder/vrrpv2.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var vrrpv2Encoder = CreateLayerEncoder(types.Type_NC_VRRPv2, layers.LayerTypeVRRP, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if vrrpv2, ok := layer.(*layers.VRRPv2); ok { 25 | var addr []string 26 | for _, a := range vrrpv2.IPAddress { 27 | addr = append(addr, a.String()) 28 | } 29 | return &types.VRRPv2{ 30 | Timestamp: timestamp, 31 | Version: int32(vrrpv2.Version), 32 | Type: int32(vrrpv2.Type), 33 | VirtualRtrID: int32(vrrpv2.VirtualRtrID), 34 | Priority: int32(vrrpv2.Priority), 35 | CountIPAddr: int32(vrrpv2.CountIPAddr), 36 | AuthType: int32(vrrpv2.AuthType), 37 | AdverInt: int32(vrrpv2.AdverInt), 38 | Checksum: int32(vrrpv2.Checksum), 39 | IPAddress: addr, 40 | } 41 | } 42 | return nil 43 | }) 44 | -------------------------------------------------------------------------------- /encoder/vxlan.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package encoder 15 | 16 | import ( 17 | "github.com/dreadl0ck/netcap/types" 18 | "github.com/golang/protobuf/proto" 19 | "github.com/google/gopacket" 20 | "github.com/google/gopacket/layers" 21 | ) 22 | 23 | var vxlanEncoder = CreateLayerEncoder(types.Type_NC_VXLAN, layers.LayerTypeVXLAN, func(layer gopacket.Layer, timestamp string) proto.Message { 24 | if vx, ok := layer.(*layers.VXLAN); ok { 25 | return &types.VXLAN{ 26 | Timestamp: timestamp, 27 | ValidIDFlag: bool(vx.ValidIDFlag), 28 | VNI: uint32(vx.VNI), 29 | GBPExtension: bool(vx.GBPExtension), 30 | GBPDontLearn: bool(vx.GBPDontLearn), 31 | GBPApplied: bool(vx.GBPApplied), 32 | GBPGroupPolicyID: int32(vx.GBPGroupPolicyID), 33 | } 34 | } 35 | return nil 36 | }) 37 | -------------------------------------------------------------------------------- /init.go: -------------------------------------------------------------------------------- 1 | // +build darwin,linux 2 | 3 | package netcap 4 | 5 | import ( 6 | "fmt" 7 | "syscall" 8 | ) 9 | 10 | /* 11 | * Init 12 | */ 13 | 14 | func init() { 15 | 16 | // get system block size for use as the buffer size of the buffered Writers 17 | var stat syscall.Statfs_t 18 | if err := syscall.Statfs("/", &stat); err != nil { 19 | fmt.Println("statfs syscall failed. setting blocksize to", blockSizeDefault) 20 | BlockSize = blockSizeDefault 21 | } 22 | 23 | // set block size 24 | BlockSize = int(stat.Bsize) 25 | } 26 | -------------------------------------------------------------------------------- /initWindows.go: -------------------------------------------------------------------------------- 1 | // +build windows 2 | 3 | package netcap 4 | 5 | /* 6 | * Init 7 | */ 8 | 9 | func init() { 10 | 11 | // set block size 12 | BlockSize = 4096 13 | } 14 | -------------------------------------------------------------------------------- /io/atomicDelimitedWriter.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package io 15 | 16 | import ( 17 | "sync" 18 | 19 | "github.com/golang/protobuf/proto" 20 | "kythe.io/kythe/go/platform/delimited" 21 | ) 22 | 23 | ///////////////////////////// 24 | // Atomic Delimited Writer // 25 | ///////////////////////////// 26 | 27 | // AtomicDelimitedWriter writes delimited proto messages synchronized 28 | type AtomicDelimitedWriter struct { 29 | w delimited.Writer 30 | sync.Mutex 31 | } 32 | 33 | // PutProto writes a protocol buffer into the writer and returns an error 34 | func (a *AtomicDelimitedWriter) PutProto(pb proto.Message) error { 35 | a.Lock() 36 | err := a.w.PutProto(pb) 37 | a.Unlock() 38 | return err 39 | } 40 | 41 | // NewAtomicDelimitedWriter takes a delimited.WriterAtomic and returns an atomic version 42 | func NewAtomicDelimitedWriter(w *delimited.Writer) *AtomicDelimitedWriter { 43 | return &AtomicDelimitedWriter{ 44 | w: *w, 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /io/chanWriter.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package io 15 | 16 | // chanWriter writes into a []byte chan 17 | type ChanWriter struct { 18 | ch chan []byte 19 | } 20 | 21 | // TODO make chan buf size configurable 22 | func NewChanWriter() *ChanWriter { 23 | return &ChanWriter{make(chan []byte, 1024)} 24 | } 25 | 26 | func (w *ChanWriter) Chan() <-chan []byte { 27 | return w.ch 28 | } 29 | 30 | func (w *ChanWriter) Write(p []byte) (int, error) { 31 | w.ch <- p 32 | return len(p), nil 33 | } 34 | 35 | func (w *ChanWriter) Close() error { 36 | close(w.ch) 37 | return nil 38 | } 39 | -------------------------------------------------------------------------------- /io/csvWriter.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package io 15 | 16 | import ( 17 | "io" 18 | "strings" 19 | "sync" 20 | 21 | "github.com/dreadl0ck/netcap/types" 22 | "github.com/golang/protobuf/proto" 23 | ) 24 | 25 | type CSVWriter struct { 26 | w io.Writer 27 | sync.Mutex 28 | } 29 | 30 | func NewCSVWriter(w io.Writer) *CSVWriter { 31 | return &CSVWriter{ 32 | w: w, 33 | } 34 | } 35 | 36 | func (w *CSVWriter) WriteHeader(msg proto.Message) (int, error) { 37 | w.Lock() 38 | defer w.Unlock() 39 | 40 | if csv, ok := msg.(types.AuditRecord); ok { 41 | return w.w.Write([]byte(strings.Join(csv.CSVHeader(), ",") + "\n")) 42 | } 43 | 44 | panic("can not write as CSV" + msg.String()) 45 | } 46 | 47 | func (w *CSVWriter) WriteRecord(msg proto.Message) (int, error) { 48 | 49 | w.Lock() 50 | defer w.Unlock() 51 | 52 | if csv, ok := msg.(types.AuditRecord); ok { 53 | return w.w.Write([]byte(strings.Join(csv.CSVRecord(), ",") + "\n")) 54 | } 55 | 56 | panic("can not write as CSV" + msg.String()) 57 | } 58 | 59 | func (w *CSVWriter) Close() error { 60 | return nil 61 | } 62 | -------------------------------------------------------------------------------- /metrics/metrics.go: -------------------------------------------------------------------------------- 1 | package metrics 2 | 3 | import ( 4 | "fmt" 5 | "log" 6 | "math" 7 | "net/http" 8 | "time" 9 | 10 | "github.com/dreadl0ck/netcap/collector" 11 | "github.com/prometheus/client_golang/prometheus" 12 | "github.com/prometheus/client_golang/prometheus/promhttp" 13 | ) 14 | 15 | const metricsRoute = "/metrics" 16 | 17 | var ( 18 | // Start time 19 | startTime = time.Now() 20 | 21 | // Uptime 22 | upTime = prometheus.NewGaugeVec( 23 | prometheus.GaugeOpts{ 24 | Name: "nc_uptime", 25 | Help: "Number of seconds since the last restart", 26 | }, 27 | []string{}, 28 | ) 29 | // NumPackets 30 | numPackets = prometheus.NewGaugeVec( 31 | prometheus.GaugeOpts{ 32 | Name: "nc_numpackets", 33 | Help: "Number of packets since the last restart", 34 | }, 35 | []string{}, 36 | ) 37 | ) 38 | 39 | func init() { 40 | prometheus.MustRegister(upTime) 41 | prometheus.MustRegister(numPackets) 42 | } 43 | 44 | // ServeMetricsAt exposes the prometheus at the given address 45 | func ServeMetricsAt(addr string, c *collector.Collector) { 46 | 47 | fmt.Println("starting to serve metrics at:", addr+metricsRoute) 48 | 49 | go func() { 50 | metricsHandler := promhttp.Handler() 51 | 52 | // serve prometheus metrics on the /metrics route 53 | http.HandleFunc(metricsRoute, func(w http.ResponseWriter, r *http.Request) { 54 | 55 | upTime.WithLabelValues().Set(math.RoundToEven(time.Since(startTime).Seconds())) 56 | 57 | if c != nil { 58 | numPackets.WithLabelValues().Set(float64(c.GetNumPackets())) 59 | } 60 | 61 | metricsHandler.ServeHTTP(w, r) 62 | }) 63 | log.Fatal("failed to serve metrics: ", http.ListenAndServe(addr, nil)) 64 | }() 65 | } 66 | -------------------------------------------------------------------------------- /mied18.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilsocket/netcap/6bbb8d68e0ace532905b66ebe66bb4a4b7ebf09a/mied18.pdf -------------------------------------------------------------------------------- /prometheus/prometheus.yml: -------------------------------------------------------------------------------- 1 | # reference: https://prometheus.io/docs/prometheus/latest/configuration/configuration/ 2 | 3 | global: 4 | scrape_interval: 15s 5 | scrape_timeout: 15s 6 | #evaluation_interval: 15s 7 | 8 | scrape_configs: 9 | # process_ metrics 10 | - job_name: netcap 11 | metrics_path: /metrics 12 | scheme: http 13 | static_configs: 14 | - targets: 15 | - 127.0.0.1:7777 16 | -------------------------------------------------------------------------------- /types/dot1q.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strconv" 18 | "strings" 19 | 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var fieldsDot1Q = []string{ 24 | "Timestamp", 25 | "Priority", // int32 26 | "DropEligible", // bool 27 | "VLANIdentifier", // int32 28 | "Type", // int32 29 | } 30 | 31 | func (d Dot1Q) CSVHeader() []string { 32 | return filter(fieldsDot1Q) 33 | } 34 | 35 | func (d Dot1Q) CSVRecord() []string { 36 | return filter([]string{ 37 | formatTimestamp(d.Timestamp), 38 | formatInt32(d.Priority), // int32 39 | strconv.FormatBool(d.DropEligible), // bool 40 | formatInt32(d.VLANIdentifier), // int32 41 | formatInt32(d.Type), // int32 42 | }) 43 | } 44 | 45 | func (d Dot1Q) NetcapTimestamp() string { 46 | return d.Timestamp 47 | } 48 | 49 | func (a Dot1Q) JSON() (string, error) { 50 | return jsonMarshaler.MarshalToString(&a) 51 | } 52 | 53 | var dot1qMetric = prometheus.NewCounterVec( 54 | prometheus.CounterOpts{ 55 | Name: strings.ToLower(Type_NC_Dot1Q.String()), 56 | Help: Type_NC_Dot1Q.String() + " audit records", 57 | }, 58 | fieldsDot1Q[1:], 59 | ) 60 | 61 | func init() { 62 | prometheus.MustRegister(dot1qMetric) 63 | } 64 | 65 | func (a Dot1Q) Inc() { 66 | dot1qMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 67 | } 68 | -------------------------------------------------------------------------------- /types/eap.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "encoding/hex" 18 | "strings" 19 | 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var fieldsEAP = []string{ 24 | "Timestamp", 25 | "Code", // int32 26 | "Id", // int32 27 | "Length", // int32 28 | "Type", // int32 29 | "TypeData", // []byte 30 | } 31 | 32 | func (a EAP) CSVHeader() []string { 33 | return filter(fieldsEAP) 34 | } 35 | 36 | func (a EAP) CSVRecord() []string { 37 | return filter([]string{ 38 | formatTimestamp(a.Timestamp), 39 | formatInt32(a.Code), // int32 40 | formatInt32(a.Id), // int32 41 | formatInt32(a.Length), // int32 42 | formatInt32(a.Type), // int32 43 | hex.EncodeToString(a.TypeData), // []byte 44 | }) 45 | } 46 | 47 | func (a EAP) NetcapTimestamp() string { 48 | return a.Timestamp 49 | } 50 | 51 | func (a EAP) JSON() (string, error) { 52 | return jsonMarshaler.MarshalToString(&a) 53 | } 54 | 55 | var eapMetric = prometheus.NewCounterVec( 56 | prometheus.CounterOpts{ 57 | Name: strings.ToLower(Type_NC_EAP.String()), 58 | Help: Type_NC_EAP.String() + " audit records", 59 | }, 60 | fieldsEAP[1:], 61 | ) 62 | 63 | func init() { 64 | prometheus.MustRegister(eapMetric) 65 | } 66 | 67 | func (a EAP) Inc() { 68 | eapMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 69 | } 70 | -------------------------------------------------------------------------------- /types/eapol.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strings" 18 | 19 | "github.com/prometheus/client_golang/prometheus" 20 | ) 21 | 22 | var fieldsEAPOL = []string{ 23 | "Timestamp", 24 | "Version", // int32 25 | "Type", // int32 26 | "Length", // int32 27 | } 28 | 29 | func (a EAPOL) CSVHeader() []string { 30 | return filter(fieldsEAPOL) 31 | } 32 | 33 | func (a EAPOL) CSVRecord() []string { 34 | return filter([]string{ 35 | formatTimestamp(a.Timestamp), 36 | formatInt32(a.Version), // int32 37 | formatInt32(a.Type), // int32 38 | formatInt32(a.Length), // int32 39 | }) 40 | } 41 | 42 | func (a EAPOL) NetcapTimestamp() string { 43 | return a.Timestamp 44 | } 45 | 46 | func (a EAPOL) JSON() (string, error) { 47 | return jsonMarshaler.MarshalToString(&a) 48 | } 49 | 50 | var eapPolMetric = prometheus.NewCounterVec( 51 | prometheus.CounterOpts{ 52 | Name: strings.ToLower(Type_NC_EAPOL.String()), 53 | Help: Type_NC_EAPOL.String() + " audit records", 54 | }, 55 | fieldsEAPOL[1:], 56 | ) 57 | 58 | func init() { 59 | prometheus.MustRegister(eapPolMetric) 60 | } 61 | 62 | func (a EAPOL) Inc() { 63 | eapPolMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 64 | } 65 | -------------------------------------------------------------------------------- /types/ethctp.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strings" 18 | 19 | "github.com/prometheus/client_golang/prometheus" 20 | ) 21 | 22 | var fieldsEthernetCTP = []string{ 23 | "Timestamp", 24 | "SkipCount", // int32 25 | } 26 | 27 | func (i EthernetCTP) CSVHeader() []string { 28 | return filter(fieldsEthernetCTP) 29 | } 30 | 31 | func (i EthernetCTP) CSVRecord() []string { 32 | return filter([]string{ 33 | formatTimestamp(i.Timestamp), 34 | formatInt32(i.SkipCount), 35 | }) 36 | } 37 | 38 | func (i EthernetCTP) NetcapTimestamp() string { 39 | return i.Timestamp 40 | } 41 | 42 | func (a EthernetCTP) JSON() (string, error) { 43 | return jsonMarshaler.MarshalToString(&a) 44 | } 45 | 46 | var ethernetCTPMetric = prometheus.NewCounterVec( 47 | prometheus.CounterOpts{ 48 | Name: strings.ToLower(Type_NC_EthernetCTP.String()), 49 | Help: Type_NC_EthernetCTP.String() + " audit records", 50 | }, 51 | fieldsEthernetCTP[1:], 52 | ) 53 | 54 | func init() { 55 | prometheus.MustRegister(ethernetCTPMetric) 56 | } 57 | 58 | func (a EthernetCTP) Inc() { 59 | ethernetCTPMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 60 | } 61 | -------------------------------------------------------------------------------- /types/ethctpr.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "encoding/hex" 18 | "strings" 19 | 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var fieldsEthernetCTPReply = []string{ 24 | "Timestamp", 25 | "Function", // int32 26 | "ReceiptNumber", // int32 27 | "Data", // bytes 28 | } 29 | 30 | func (i EthernetCTPReply) CSVHeader() []string { 31 | return filter(fieldsEthernetCTPReply) 32 | } 33 | 34 | func (i EthernetCTPReply) CSVRecord() []string { 35 | return filter([]string{ 36 | formatTimestamp(i.Timestamp), 37 | formatInt32(i.Function), 38 | formatInt32(i.ReceiptNumber), 39 | hex.EncodeToString(i.Data), 40 | }) 41 | } 42 | 43 | func (i EthernetCTPReply) NetcapTimestamp() string { 44 | return i.Timestamp 45 | } 46 | 47 | func (a EthernetCTPReply) JSON() (string, error) { 48 | return jsonMarshaler.MarshalToString(&a) 49 | } 50 | 51 | var ethernetCTPReplyMetric = prometheus.NewCounterVec( 52 | prometheus.CounterOpts{ 53 | Name: strings.ToLower(Type_NC_EthernetCTPReply.String()), 54 | Help: Type_NC_EthernetCTPReply.String() + " audit records", 55 | }, 56 | fieldsEthernetCTPReply[1:], 57 | ) 58 | 59 | func init() { 60 | prometheus.MustRegister(ethernetCTPReplyMetric) 61 | } 62 | 63 | func (a EthernetCTPReply) Inc() { 64 | ethernetCTPReplyMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 65 | } 66 | -------------------------------------------------------------------------------- /types/fddi.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strings" 18 | 19 | "github.com/prometheus/client_golang/prometheus" 20 | ) 21 | 22 | var fieldsFDDI = []string{ 23 | "Timestamp", 24 | "FrameControl", // int32 25 | "Priority", // int32 26 | "SrcMAC", // string 27 | "DstMAC", // string 28 | } 29 | 30 | func (a FDDI) CSVHeader() []string { 31 | return filter(fieldsFDDI) 32 | } 33 | 34 | func (a FDDI) CSVRecord() []string { 35 | return filter([]string{ 36 | formatTimestamp(a.Timestamp), 37 | formatInt32(a.FrameControl), // int32 38 | formatInt32(a.Priority), // int32 39 | a.SrcMAC, // string 40 | a.DstMAC, // string 41 | }) 42 | } 43 | 44 | func (a FDDI) NetcapTimestamp() string { 45 | return a.Timestamp 46 | } 47 | 48 | func (a FDDI) JSON() (string, error) { 49 | return jsonMarshaler.MarshalToString(&a) 50 | } 51 | 52 | var fddiMetric = prometheus.NewCounterVec( 53 | prometheus.CounterOpts{ 54 | Name: strings.ToLower(Type_NC_FDDI.String()), 55 | Help: Type_NC_FDDI.String() + " audit records", 56 | }, 57 | fieldsFDDI[1:], 58 | ) 59 | 60 | func init() { 61 | prometheus.MustRegister(fddiMetric) 62 | } 63 | 64 | func (a FDDI) Inc() { 65 | fddiMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 66 | } 67 | -------------------------------------------------------------------------------- /types/http.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strings" 18 | 19 | "github.com/prometheus/client_golang/prometheus" 20 | ) 21 | 22 | var fieldsHTTP = []string{ 23 | "Timestamp", 24 | "Proto", 25 | "Method", 26 | "Host", 27 | "UserAgent", 28 | "Referer", 29 | "ReqCookies", 30 | "ReqContentLength", 31 | "URL", 32 | "ResContentLength", 33 | "ContentType", 34 | "StatusCode", 35 | "SrcIP", 36 | "DstIP", 37 | "ReqContentEncoding", 38 | "ResContentEncoding", 39 | "ServerName", 40 | } 41 | 42 | func (h HTTP) CSVHeader() []string { 43 | return filter(fieldsHTTP) 44 | } 45 | 46 | func (h HTTP) CSVRecord() []string { 47 | return filter([]string{ 48 | formatTimestamp(h.Timestamp), 49 | h.Proto, 50 | h.Method, 51 | h.Host, 52 | h.UserAgent, 53 | h.Referer, 54 | join(h.ReqCookies...), 55 | formatInt32(h.ReqContentLength), 56 | h.URL, 57 | formatInt32(h.ResContentLength), 58 | h.ContentType, 59 | formatInt32(h.StatusCode), 60 | h.SrcIP, 61 | h.DstIP, 62 | h.ReqContentEncoding, 63 | h.ResContentEncoding, 64 | h.ServerName, 65 | }) 66 | } 67 | 68 | func (f HTTP) NetcapTimestamp() string { 69 | return f.Timestamp 70 | } 71 | 72 | func (a HTTP) JSON() (string, error) { 73 | return jsonMarshaler.MarshalToString(&a) 74 | } 75 | 76 | var httpMetric = prometheus.NewCounterVec( 77 | prometheus.CounterOpts{ 78 | Name: strings.ToLower(Type_NC_HTTP.String()), 79 | Help: Type_NC_HTTP.String() + " audit records", 80 | }, 81 | fieldsHTTP[1:], 82 | ) 83 | 84 | func init() { 85 | prometheus.MustRegister(httpMetric) 86 | } 87 | 88 | func (a HTTP) Inc() { 89 | httpMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 90 | } 91 | -------------------------------------------------------------------------------- /types/icmp4.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strings" 18 | 19 | "github.com/prometheus/client_golang/prometheus" 20 | ) 21 | 22 | var fieldsICMPv4 = []string{ 23 | "Timestamp", 24 | "TypeCode", // int32 25 | "Checksum", // int32 26 | "Id", // int32 27 | "Seq", // int32 28 | } 29 | 30 | func (i ICMPv4) CSVHeader() []string { 31 | return filter(fieldsICMPv4) 32 | } 33 | 34 | func (i ICMPv4) CSVRecord() []string { 35 | return filter([]string{ 36 | formatTimestamp(i.Timestamp), 37 | formatInt32(i.TypeCode), 38 | formatInt32(i.Checksum), 39 | formatInt32(i.Id), 40 | formatInt32(i.Seq), 41 | }) 42 | } 43 | 44 | func (i ICMPv4) NetcapTimestamp() string { 45 | return i.Timestamp 46 | } 47 | 48 | func (a ICMPv4) JSON() (string, error) { 49 | return jsonMarshaler.MarshalToString(&a) 50 | } 51 | 52 | var icmp4Metric = prometheus.NewCounterVec( 53 | prometheus.CounterOpts{ 54 | Name: strings.ToLower(Type_NC_ICMPv4.String()), 55 | Help: Type_NC_ICMPv4.String() + " audit records", 56 | }, 57 | fieldsICMPv4[1:], 58 | ) 59 | 60 | func init() { 61 | prometheus.MustRegister(icmp4Metric) 62 | } 63 | 64 | func (a ICMPv4) Inc() { 65 | icmp4Metric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 66 | } 67 | -------------------------------------------------------------------------------- /types/icmp6.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strings" 18 | 19 | "github.com/prometheus/client_golang/prometheus" 20 | ) 21 | 22 | var fieldsICMPv6 = []string{ 23 | "Timestamp", 24 | "TypeCode", // int32 25 | "Checksum", // int32 26 | } 27 | 28 | func (i ICMPv6) CSVHeader() []string { 29 | return filter(fieldsICMPv6) 30 | } 31 | 32 | func (i ICMPv6) CSVRecord() []string { 33 | return filter([]string{ 34 | formatTimestamp(i.Timestamp), 35 | formatInt32(i.TypeCode), 36 | formatInt32(i.Checksum), 37 | }) 38 | } 39 | 40 | func (i ICMPv6) NetcapTimestamp() string { 41 | return i.Timestamp 42 | } 43 | 44 | func (a ICMPv6) JSON() (string, error) { 45 | return jsonMarshaler.MarshalToString(&a) 46 | } 47 | 48 | var icmp6Metric = prometheus.NewCounterVec( 49 | prometheus.CounterOpts{ 50 | Name: strings.ToLower(Type_NC_ICMPv6.String()), 51 | Help: Type_NC_ICMPv6.String() + " audit records", 52 | }, 53 | fieldsICMPv6[1:], 54 | ) 55 | 56 | func init() { 57 | prometheus.MustRegister(icmp6Metric) 58 | } 59 | 60 | func (a ICMPv6) Inc() { 61 | icmp6Metric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 62 | } 63 | -------------------------------------------------------------------------------- /types/icmp6e.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strings" 18 | 19 | "github.com/prometheus/client_golang/prometheus" 20 | ) 21 | 22 | var fieldsICMPv6Echo = []string{ 23 | "Timestamp", 24 | "Identifier", // int32 25 | "SeqNumber", // int32 26 | } 27 | 28 | func (i ICMPv6Echo) CSVHeader() []string { 29 | return filter([]string{ 30 | "Timestamp", 31 | "Identifier", // int32 32 | "SeqNumber", // int32 33 | }) 34 | 35 | } 36 | 37 | func (i ICMPv6Echo) CSVRecord() []string { 38 | return filter([]string{ 39 | formatTimestamp(i.Timestamp), 40 | formatInt32(i.Identifier), 41 | formatInt32(i.SeqNumber), 42 | }) 43 | } 44 | 45 | func (i ICMPv6Echo) NetcapTimestamp() string { 46 | return i.Timestamp 47 | } 48 | 49 | func (a ICMPv6Echo) JSON() (string, error) { 50 | return jsonMarshaler.MarshalToString(&a) 51 | } 52 | 53 | var icmp6eMetric = prometheus.NewCounterVec( 54 | prometheus.CounterOpts{ 55 | Name: strings.ToLower(Type_NC_ICMPv6Echo.String()), 56 | Help: Type_NC_ICMPv6Echo.String() + " audit records", 57 | }, 58 | fieldsICMPv6Echo[1:], 59 | ) 60 | 61 | func init() { 62 | prometheus.MustRegister(icmp6eMetric) 63 | } 64 | 65 | func (a ICMPv6Echo) Inc() { 66 | icmp6eMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 67 | } 68 | -------------------------------------------------------------------------------- /types/icmp6na.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strings" 18 | 19 | "github.com/prometheus/client_golang/prometheus" 20 | ) 21 | 22 | var fieldsICMPv6NeighborAdvertisement = []string{ 23 | "Timestamp", 24 | "Flags", // int32 25 | "TargetAddress", // string 26 | "Options", // []*ICMPv6Option 27 | } 28 | 29 | func (i ICMPv6NeighborAdvertisement) CSVHeader() []string { 30 | return filter(fieldsICMPv6NeighborAdvertisement) 31 | } 32 | 33 | func (i ICMPv6NeighborAdvertisement) CSVRecord() []string { 34 | var opts []string 35 | for _, o := range i.Options { 36 | opts = append(opts, o.ToString()) 37 | } 38 | return filter([]string{ 39 | formatTimestamp(i.Timestamp), 40 | formatInt32(i.Flags), 41 | i.TargetAddress, 42 | strings.Join(opts, ""), 43 | }) 44 | } 45 | 46 | func (i ICMPv6NeighborAdvertisement) NetcapTimestamp() string { 47 | return i.Timestamp 48 | } 49 | 50 | func (a ICMPv6NeighborAdvertisement) JSON() (string, error) { 51 | return jsonMarshaler.MarshalToString(&a) 52 | } 53 | 54 | var icmp6naMetric = prometheus.NewCounterVec( 55 | prometheus.CounterOpts{ 56 | Name: strings.ToLower(Type_NC_ICMPv6NeighborAdvertisement.String()), 57 | Help: Type_NC_ICMPv6NeighborAdvertisement.String() + " audit records", 58 | }, 59 | fieldsICMPv6NeighborAdvertisement[1:], 60 | ) 61 | 62 | func init() { 63 | prometheus.MustRegister(icmp6naMetric) 64 | } 65 | 66 | func (a ICMPv6NeighborAdvertisement) Inc() { 67 | icmp6naMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 68 | } 69 | -------------------------------------------------------------------------------- /types/icmp6ns.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strings" 18 | 19 | "github.com/prometheus/client_golang/prometheus" 20 | ) 21 | 22 | var fieldsICMPv6NeighborSolicitation = []string{ 23 | "Timestamp", 24 | "TargetAddress", // string 25 | "Options", // []*ICMPv6Option 26 | } 27 | 28 | func (i ICMPv6NeighborSolicitation) CSVHeader() []string { 29 | return filter(fieldsICMPv6NeighborSolicitation) 30 | } 31 | 32 | func (i ICMPv6NeighborSolicitation) CSVRecord() []string { 33 | var opts []string 34 | for _, o := range i.Options { 35 | opts = append(opts, o.ToString()) 36 | } 37 | return filter([]string{ 38 | formatTimestamp(i.Timestamp), 39 | i.TargetAddress, 40 | strings.Join(opts, ""), 41 | }) 42 | } 43 | 44 | func (i ICMPv6NeighborSolicitation) NetcapTimestamp() string { 45 | return i.Timestamp 46 | } 47 | 48 | func (a ICMPv6NeighborSolicitation) JSON() (string, error) { 49 | return jsonMarshaler.MarshalToString(&a) 50 | } 51 | 52 | var icmp6nsMetric = prometheus.NewCounterVec( 53 | prometheus.CounterOpts{ 54 | Name: strings.ToLower(Type_NC_ICMPv6NeighborSolicitation.String()), 55 | Help: Type_NC_ICMPv6NeighborSolicitation.String() + " audit records", 56 | }, 57 | fieldsICMPv6NeighborSolicitation[1:], 58 | ) 59 | 60 | func init() { 61 | prometheus.MustRegister(icmp6nsMetric) 62 | } 63 | 64 | func (a ICMPv6NeighborSolicitation) Inc() { 65 | icmp6nsMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 66 | } 67 | -------------------------------------------------------------------------------- /types/icmp6rs.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "encoding/hex" 18 | "strings" 19 | 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var fieldsICMPv6RouterSolicitation = []string{ 24 | "Timestamp", 25 | "Options", 26 | } 27 | 28 | func (i ICMPv6RouterSolicitation) CSVHeader() []string { 29 | return filter(fieldsICMPv6RouterSolicitation) 30 | } 31 | 32 | func (i ICMPv6RouterSolicitation) CSVRecord() []string { 33 | var opts []string 34 | for _, o := range i.Options { 35 | opts = append(opts, o.ToString()) 36 | } 37 | return filter([]string{ 38 | formatTimestamp(i.Timestamp), 39 | strings.Join(opts, ""), 40 | }) 41 | } 42 | 43 | func (i ICMPv6RouterSolicitation) NetcapTimestamp() string { 44 | return i.Timestamp 45 | } 46 | 47 | func (o ICMPv6Option) ToString() string { 48 | 49 | var b strings.Builder 50 | b.WriteString(Begin) 51 | b.WriteString(formatInt32(o.Type)) 52 | b.WriteString(Separator) 53 | b.WriteString(hex.EncodeToString(o.Data)) 54 | b.WriteString(End) 55 | 56 | return b.String() 57 | } 58 | 59 | func (a ICMPv6RouterSolicitation) JSON() (string, error) { 60 | return jsonMarshaler.MarshalToString(&a) 61 | } 62 | 63 | var icmp6rsMetric = prometheus.NewCounterVec( 64 | prometheus.CounterOpts{ 65 | Name: strings.ToLower(Type_NC_ICMPv6RouterSolicitation.String()), 66 | Help: Type_NC_ICMPv6RouterSolicitation.String() + " audit records", 67 | }, 68 | fieldsICMPv6RouterSolicitation[1:], 69 | ) 70 | 71 | func init() { 72 | prometheus.MustRegister(icmp6rsMetric) 73 | } 74 | 75 | func (a ICMPv6RouterSolicitation) Inc() { 76 | icmp6rsMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 77 | } 78 | -------------------------------------------------------------------------------- /types/ipsecah.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "encoding/hex" 18 | "strings" 19 | 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var fieldsIPSecAH = []string{ 24 | "Timestamp", 25 | "Reserved", 26 | "SPI", 27 | "Seq", 28 | "AuthenticationData", 29 | } 30 | 31 | func (a IPSecAH) CSVHeader() []string { 32 | return filter(fieldsIPSecAH) 33 | } 34 | 35 | func (a IPSecAH) CSVRecord() []string { 36 | return filter([]string{ 37 | formatTimestamp(a.Timestamp), 38 | formatInt32(a.Reserved), 39 | formatInt32(a.SPI), 40 | formatInt32(a.Seq), 41 | hex.EncodeToString(a.AuthenticationData), 42 | }) 43 | } 44 | 45 | func (a IPSecAH) NetcapTimestamp() string { 46 | return a.Timestamp 47 | } 48 | 49 | func (a IPSecAH) JSON() (string, error) { 50 | return jsonMarshaler.MarshalToString(&a) 51 | } 52 | 53 | var ipSecAhMetric = prometheus.NewCounterVec( 54 | prometheus.CounterOpts{ 55 | Name: strings.ToLower(Type_NC_IPSecAH.String()), 56 | Help: Type_NC_IPSecAH.String() + " audit records", 57 | }, 58 | fieldsIPSecAH[1:], 59 | ) 60 | 61 | func init() { 62 | prometheus.MustRegister(ipSecAhMetric) 63 | } 64 | 65 | func (a IPSecAH) Inc() { 66 | ipSecAhMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 67 | } 68 | -------------------------------------------------------------------------------- /types/ipsecesp.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strings" 18 | 19 | "github.com/prometheus/client_golang/prometheus" 20 | ) 21 | 22 | var fieldsIPSecESP = []string{ 23 | "Timestamp", 24 | "SPI", 25 | "Seq", 26 | "LenEncrypted", 27 | } 28 | 29 | func (a IPSecESP) CSVHeader() []string { 30 | return filter(fieldsIPSecESP) 31 | } 32 | 33 | func (a IPSecESP) CSVRecord() []string { 34 | return filter([]string{ 35 | formatTimestamp(a.Timestamp), 36 | formatInt32(a.SPI), 37 | formatInt32(a.Seq), 38 | formatInt32(a.LenEncrypted), 39 | }) 40 | } 41 | 42 | func (a IPSecESP) NetcapTimestamp() string { 43 | return a.Timestamp 44 | } 45 | 46 | func (a IPSecESP) JSON() (string, error) { 47 | return jsonMarshaler.MarshalToString(&a) 48 | } 49 | 50 | var ipSecEspMetric = prometheus.NewCounterVec( 51 | prometheus.CounterOpts{ 52 | Name: strings.ToLower(Type_NC_IPSecESP.String()), 53 | Help: Type_NC_IPSecESP.String() + " audit records", 54 | }, 55 | fieldsIPSecESP[1:], 56 | ) 57 | 58 | func init() { 59 | prometheus.MustRegister(ipSecEspMetric) 60 | } 61 | 62 | func (a IPSecESP) Inc() { 63 | ipSecEspMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 64 | } 65 | -------------------------------------------------------------------------------- /types/ipv6fragment.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strconv" 18 | "strings" 19 | 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var fieldsIPv6Fragment = []string{ 24 | "Timestamp", 25 | "NextHeader", 26 | "Reserved1", 27 | "FragmentOffset", 28 | "Reserved2", 29 | "MoreFragments", 30 | "Identification", 31 | } 32 | 33 | func (a IPv6Fragment) CSVHeader() []string { 34 | return filter(fieldsIPv6Fragment) 35 | } 36 | 37 | func (a IPv6Fragment) CSVRecord() []string { 38 | return filter([]string{ 39 | formatTimestamp(a.Timestamp), 40 | formatInt32(a.NextHeader), // int32 41 | formatInt32(a.Reserved1), // int32 42 | formatInt32(a.FragmentOffset), // int32 43 | formatInt32(a.Reserved2), // int32 44 | strconv.FormatBool(a.MoreFragments), // bool 45 | formatUint32(a.Identification), // uint32 46 | }) 47 | } 48 | 49 | func (a IPv6Fragment) NetcapTimestamp() string { 50 | return a.Timestamp 51 | } 52 | 53 | func (a IPv6Fragment) JSON() (string, error) { 54 | return jsonMarshaler.MarshalToString(&a) 55 | } 56 | 57 | var ipv6fragMetric = prometheus.NewCounterVec( 58 | prometheus.CounterOpts{ 59 | Name: strings.ToLower(Type_NC_IPv6Fragment.String()), 60 | Help: Type_NC_IPv6Fragment.String() + " audit records", 61 | }, 62 | fieldsIPv6Fragment[1:], 63 | ) 64 | 65 | func init() { 66 | prometheus.MustRegister(ipv6fragMetric) 67 | } 68 | 69 | func (a IPv6Fragment) Inc() { 70 | ipv6fragMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 71 | } 72 | -------------------------------------------------------------------------------- /types/lcm.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strconv" 18 | "strings" 19 | 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var fieldsLCM = []string{ 24 | "Timestamp", 25 | "Magic", // int32 26 | "SequenceNumber", // int32 27 | "PayloadSize", // int32 28 | "FragmentOffset", // int32 29 | "FragmentNumber", // int32 30 | "TotalFragments", // int32 31 | "ChannelName", // string 32 | "Fragmented", // bool 33 | } 34 | 35 | func (a LCM) CSVHeader() []string { 36 | return filter(fieldsLCM) 37 | } 38 | 39 | func (a LCM) CSVRecord() []string { 40 | return filter([]string{ 41 | formatTimestamp(a.Timestamp), 42 | formatInt32(a.Magic), // int32 43 | formatInt32(a.SequenceNumber), // int32 44 | formatInt32(a.PayloadSize), // int32 45 | formatInt32(a.FragmentOffset), // int32 46 | formatInt32(a.FragmentNumber), // int32 47 | formatInt32(a.TotalFragments), // int32 48 | a.ChannelName, // string 49 | strconv.FormatBool(a.Fragmented), // bool 50 | }) 51 | } 52 | 53 | func (a LCM) NetcapTimestamp() string { 54 | return a.Timestamp 55 | } 56 | 57 | func (a LCM) JSON() (string, error) { 58 | return jsonMarshaler.MarshalToString(&a) 59 | } 60 | 61 | var lcmMetric = prometheus.NewCounterVec( 62 | prometheus.CounterOpts{ 63 | Name: strings.ToLower(Type_NC_LCM.String()), 64 | Help: Type_NC_LCM.String() + " audit records", 65 | }, 66 | fieldsLCM[1:], 67 | ) 68 | 69 | func init() { 70 | prometheus.MustRegister(lcmMetric) 71 | } 72 | 73 | func (a LCM) Inc() { 74 | lcmMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 75 | } 76 | -------------------------------------------------------------------------------- /types/linkFlow.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strconv" 18 | "strings" 19 | 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var fieldsLinkFlow = []string{ 24 | "TimestampFirst", 25 | "TimestampLast", 26 | "Proto", 27 | "SourceMAC", 28 | "DstMAC", 29 | "TotalSize", 30 | "NumPackets", 31 | "UID", 32 | "Duration", 33 | } 34 | 35 | func (f LinkFlow) CSVHeader() []string { 36 | return filter(fieldsLinkFlow) 37 | } 38 | 39 | func (f LinkFlow) CSVRecord() []string { 40 | return filter([]string{ 41 | formatTimestamp(f.TimestampFirst), 42 | formatTimestamp(f.TimestampLast), 43 | f.Proto, 44 | f.SrcMAC, 45 | f.DstMAC, 46 | formatInt64(f.TotalSize), 47 | formatInt64(f.NumPackets), 48 | strconv.FormatUint(f.UID, 10), 49 | formatInt64(f.Duration), 50 | }) 51 | } 52 | 53 | func (f LinkFlow) NetcapTimestamp() string { 54 | return f.TimestampFirst 55 | } 56 | 57 | func (a LinkFlow) JSON() (string, error) { 58 | return jsonMarshaler.MarshalToString(&a) 59 | } 60 | 61 | var linkFlowMetric = prometheus.NewCounterVec( 62 | prometheus.CounterOpts{ 63 | Name: strings.ToLower(Type_NC_LinkFlow.String()), 64 | Help: Type_NC_LinkFlow.String() + " audit records", 65 | }, 66 | fieldsLinkFlow[1:], 67 | ) 68 | 69 | func init() { 70 | prometheus.MustRegister(linkFlowMetric) 71 | } 72 | 73 | func (a LinkFlow) Inc() { 74 | linkFlowMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 75 | } 76 | -------------------------------------------------------------------------------- /types/llc.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strconv" 18 | "strings" 19 | 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var fieldsLLC = []string{ 24 | "Timestamp", // string 25 | "DSAP", // int32 26 | "IG", // bool 27 | "SSAP", // int32 28 | "CR", // bool 29 | "Control", // int32 30 | } 31 | 32 | func (l LLC) CSVHeader() []string { 33 | return filter(fieldsLLC) 34 | } 35 | 36 | func (l LLC) CSVRecord() []string { 37 | return filter([]string{ 38 | formatTimestamp(l.Timestamp), 39 | formatInt32(l.DSAP), // int32 40 | strconv.FormatBool(l.IG), // bool 41 | formatInt32(l.SSAP), // int32 42 | strconv.FormatBool(l.CR), // bool 43 | formatInt32(l.Control), // int32 44 | }) 45 | } 46 | 47 | func (l LLC) NetcapTimestamp() string { 48 | return l.Timestamp 49 | } 50 | 51 | func (a LLC) JSON() (string, error) { 52 | return jsonMarshaler.MarshalToString(&a) 53 | } 54 | 55 | var llcMetric = prometheus.NewCounterVec( 56 | prometheus.CounterOpts{ 57 | Name: strings.ToLower(Type_NC_LLC.String()), 58 | Help: Type_NC_LLC.String() + " audit records", 59 | }, 60 | fieldsLLC[1:], 61 | ) 62 | 63 | func init() { 64 | prometheus.MustRegister(llcMetric) 65 | } 66 | 67 | func (a LLC) Inc() { 68 | llcMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 69 | } 70 | -------------------------------------------------------------------------------- /types/modbustcp.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "encoding/hex" 18 | "strings" 19 | 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var fieldsModbusTCP = []string{ 24 | "Timestamp", 25 | "TransactionIdentifier", // int32 26 | "ProtocolIdentifier", // int32 27 | "Length", // int32 28 | "UnitIdentifier", // int32 29 | "Payload", // []byte 30 | } 31 | 32 | func (a ModbusTCP) CSVHeader() []string { 33 | return filter(fieldsModbusTCP) 34 | } 35 | 36 | func (a ModbusTCP) CSVRecord() []string { 37 | return filter([]string{ 38 | formatTimestamp(a.Timestamp), 39 | formatInt32(a.TransactionIdentifier), // int32 40 | formatInt32(a.ProtocolIdentifier), // int32 41 | formatInt32(a.Length), // int32 42 | formatInt32(a.UnitIdentifier), // int32 43 | hex.EncodeToString(a.Payload), 44 | }) 45 | } 46 | 47 | func (a ModbusTCP) NetcapTimestamp() string { 48 | return a.Timestamp 49 | } 50 | 51 | func (a ModbusTCP) JSON() (string, error) { 52 | return jsonMarshaler.MarshalToString(&a) 53 | } 54 | 55 | var modbusTcpMetric = prometheus.NewCounterVec( 56 | prometheus.CounterOpts{ 57 | Name: strings.ToLower(Type_NC_ModbusTCP.String()), 58 | Help: Type_NC_ModbusTCP.String() + " audit records", 59 | }, 60 | fieldsModbusTCP[1:], 61 | ) 62 | 63 | func init() { 64 | prometheus.MustRegister(modbusTcpMetric) 65 | } 66 | 67 | func (a ModbusTCP) Inc() { 68 | modbusTcpMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 69 | } 70 | -------------------------------------------------------------------------------- /types/mpls.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strconv" 18 | "strings" 19 | 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var fieldsMPLS = []string{ 24 | "Timestamp", 25 | "Label", 26 | "TrafficClass", 27 | "StackBottom", 28 | "TTL", 29 | } 30 | 31 | func (a MPLS) CSVHeader() []string { 32 | return filter(fieldsMPLS) 33 | } 34 | 35 | func (a MPLS) CSVRecord() []string { 36 | return filter([]string{ 37 | formatTimestamp(a.Timestamp), 38 | formatInt32(a.Label), // int32 39 | formatInt32(a.TrafficClass), // int32 40 | strconv.FormatBool(a.StackBottom), // bool 41 | formatInt32(a.TTL), // int32 42 | }) 43 | } 44 | 45 | func (a MPLS) NetcapTimestamp() string { 46 | return a.Timestamp 47 | } 48 | 49 | func (a MPLS) JSON() (string, error) { 50 | return jsonMarshaler.MarshalToString(&a) 51 | } 52 | 53 | var mplsMetric = prometheus.NewCounterVec( 54 | prometheus.CounterOpts{ 55 | Name: strings.ToLower(Type_NC_MPLS.String()), 56 | Help: Type_NC_MPLS.String() + " audit records", 57 | }, 58 | fieldsMPLS[1:], 59 | ) 60 | 61 | func init() { 62 | prometheus.MustRegister(mplsMetric) 63 | } 64 | 65 | func (a MPLS) Inc() { 66 | mplsMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 67 | } 68 | -------------------------------------------------------------------------------- /types/networkFlow.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strconv" 18 | "strings" 19 | 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var fieldsNetworkFlow = []string{ 24 | "TimestampFirst", 25 | "TimestampLast", 26 | "Proto", 27 | "SrcIP", 28 | "DstIP", 29 | "TotalSize", 30 | "NumPackets", 31 | "UID", 32 | "Duration", 33 | } 34 | 35 | func (f NetworkFlow) CSVHeader() []string { 36 | return filter(fieldsNetworkFlow) 37 | } 38 | 39 | func (f NetworkFlow) CSVRecord() []string { 40 | return filter([]string{ 41 | formatTimestamp(f.TimestampFirst), 42 | formatTimestamp(f.TimestampLast), 43 | f.Proto, 44 | f.SrcIP, 45 | f.DstIP, 46 | formatInt64(f.TotalSize), 47 | formatInt64(f.NumPackets), 48 | strconv.FormatUint(f.UID, 10), 49 | formatInt64(f.Duration), 50 | }) 51 | } 52 | 53 | func (f NetworkFlow) NetcapTimestamp() string { 54 | return f.TimestampFirst 55 | } 56 | 57 | func (u NetworkFlow) JSON() (string, error) { 58 | return jsonMarshaler.MarshalToString(&u) 59 | } 60 | 61 | var networkFlowMetric = prometheus.NewCounterVec( 62 | prometheus.CounterOpts{ 63 | Name: strings.ToLower(Type_NC_NetworkFlow.String()), 64 | Help: Type_NC_NetworkFlow.String() + " audit records", 65 | }, 66 | fieldsNetworkFlow[1:], 67 | ) 68 | 69 | func init() { 70 | prometheus.MustRegister(networkFlowMetric) 71 | } 72 | 73 | func (a NetworkFlow) Inc() { 74 | networkFlowMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 75 | } 76 | -------------------------------------------------------------------------------- /types/nortelDiscovery.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "encoding/hex" 18 | "strings" 19 | 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var fieldsNortelDiscovery = []string{ 24 | "Timestamp", 25 | "IPAddress", // string 26 | "SegmentID", // []byte 27 | "Chassis", // int32 28 | "Backplane", // int32 29 | "State", // int32 30 | "NumLinks", // int32 31 | } 32 | 33 | func (a NortelDiscovery) CSVHeader() []string { 34 | return filter(fieldsNortelDiscovery) 35 | } 36 | 37 | func (a NortelDiscovery) CSVRecord() []string { 38 | return filter([]string{ 39 | formatTimestamp(a.Timestamp), 40 | a.IPAddress, // string 41 | hex.EncodeToString(a.SegmentID), // []byte 42 | formatInt32(a.Chassis), // int32 43 | formatInt32(a.Backplane), // int32 44 | formatInt32(a.State), // int32 45 | formatInt32(a.NumLinks), // int32 46 | }) 47 | } 48 | 49 | func (a NortelDiscovery) NetcapTimestamp() string { 50 | return a.Timestamp 51 | } 52 | 53 | func (a NortelDiscovery) JSON() (string, error) { 54 | return jsonMarshaler.MarshalToString(&a) 55 | } 56 | 57 | var nortelDiscoveryMetric = prometheus.NewCounterVec( 58 | prometheus.CounterOpts{ 59 | Name: strings.ToLower(Type_NC_NortelDiscovery.String()), 60 | Help: Type_NC_NortelDiscovery.String() + " audit records", 61 | }, 62 | fieldsNortelDiscovery[1:], 63 | ) 64 | 65 | func init() { 66 | prometheus.MustRegister(nortelDiscoveryMetric) 67 | } 68 | 69 | func (a NortelDiscovery) Inc() { 70 | nortelDiscoveryMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 71 | } 72 | -------------------------------------------------------------------------------- /types/sctp.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strconv" 18 | "strings" 19 | 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var fieldsSCTP = []string{ 24 | "Timestamp", 25 | "SrcPort", 26 | "DstPort", 27 | "VerificationTag", 28 | "Checksum", 29 | } 30 | 31 | func (s SCTP) CSVHeader() []string { 32 | return filter(fieldsSCTP) 33 | } 34 | 35 | func (s SCTP) CSVRecord() []string { 36 | return filter([]string{ 37 | formatTimestamp(s.Timestamp), 38 | strconv.FormatUint(uint64(s.SrcPort), 10), 39 | strconv.FormatUint(uint64(s.DstPort), 10), 40 | strconv.FormatUint(uint64(s.VerificationTag), 10), 41 | strconv.FormatUint(uint64(s.Checksum), 10), 42 | }) 43 | } 44 | 45 | func (s SCTP) NetcapTimestamp() string { 46 | return s.Timestamp 47 | } 48 | 49 | func (u SCTP) JSON() (string, error) { 50 | return jsonMarshaler.MarshalToString(&u) 51 | } 52 | 53 | var sctpMetric = prometheus.NewCounterVec( 54 | prometheus.CounterOpts{ 55 | Name: strings.ToLower(Type_NC_SCTP.String()), 56 | Help: Type_NC_SCTP.String() + " audit records", 57 | }, 58 | fieldsSCTP[1:], 59 | ) 60 | 61 | func init() { 62 | prometheus.MustRegister(sctpMetric) 63 | } 64 | 65 | func (a SCTP) Inc() { 66 | sctpMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 67 | } 68 | -------------------------------------------------------------------------------- /types/snap.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "encoding/hex" 18 | "strings" 19 | 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var fieldsSNAP = []string{ 24 | "Timestamp", 25 | "OrganizationalCode", 26 | "Type", 27 | } 28 | 29 | func (s SNAP) CSVHeader() []string { 30 | return filter(fieldsSNAP) 31 | } 32 | 33 | func (s SNAP) CSVRecord() []string { 34 | return filter([]string{ 35 | formatTimestamp(s.Timestamp), 36 | hex.EncodeToString(s.OrganizationalCode), 37 | formatInt32(s.Type), 38 | }) 39 | } 40 | 41 | func (s SNAP) NetcapTimestamp() string { 42 | return s.Timestamp 43 | } 44 | 45 | func (u SNAP) JSON() (string, error) { 46 | return jsonMarshaler.MarshalToString(&u) 47 | } 48 | 49 | var snapMetric = prometheus.NewCounterVec( 50 | prometheus.CounterOpts{ 51 | Name: strings.ToLower(Type_NC_SNAP.String()), 52 | Help: Type_NC_SNAP.String() + " audit records", 53 | }, 54 | fieldsSNAP[1:], 55 | ) 56 | 57 | func init() { 58 | prometheus.MustRegister(snapMetric) 59 | } 60 | 61 | func (a SNAP) Inc() { 62 | snapMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 63 | } 64 | -------------------------------------------------------------------------------- /types/transportFlow.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strconv" 18 | "strings" 19 | 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var fieldsTransportFlow = []string{ 24 | "TimestampFirst", 25 | "TimestampLast", 26 | "Proto", 27 | "SrcPort", 28 | "DstPort", 29 | "TotalSize", 30 | "NumPackets", 31 | "UID", 32 | "Duration", 33 | } 34 | 35 | func (f TransportFlow) CSVHeader() []string { 36 | return filter(fieldsTransportFlow) 37 | } 38 | 39 | func (f TransportFlow) CSVRecord() []string { 40 | return filter([]string{ 41 | formatTimestamp(f.TimestampFirst), 42 | formatTimestamp(f.TimestampLast), 43 | f.Proto, 44 | formatInt32(f.SrcPort), 45 | formatInt32(f.DstPort), 46 | formatInt64(f.TotalSize), 47 | formatInt64(f.NumPackets), 48 | strconv.FormatUint(f.UID, 10), 49 | formatInt64(f.Duration), 50 | }) 51 | } 52 | 53 | func (f TransportFlow) NetcapTimestamp() string { 54 | return f.TimestampFirst 55 | } 56 | 57 | func (u TransportFlow) JSON() (string, error) { 58 | return jsonMarshaler.MarshalToString(&u) 59 | } 60 | 61 | var transportFlowMetric = prometheus.NewCounterVec( 62 | prometheus.CounterOpts{ 63 | Name: strings.ToLower(Type_NC_TransportFlow.String()), 64 | Help: Type_NC_TransportFlow.String() + " audit records", 65 | }, 66 | fieldsTransportFlow[1:], 67 | ) 68 | 69 | func init() { 70 | prometheus.MustRegister(transportFlowMetric) 71 | } 72 | 73 | func (a TransportFlow) Inc() { 74 | transportFlowMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 75 | } 76 | -------------------------------------------------------------------------------- /types/usbRequestBlockSetup.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strings" 18 | 19 | "github.com/prometheus/client_golang/prometheus" 20 | ) 21 | 22 | var fieldsUSBRequestBlockSetup = []string{ 23 | "Timestamp", 24 | "RequestType", // int32 25 | "Request", // int32 26 | "Value", // int32 27 | "Index", // int32 28 | "Length", // int32 29 | } 30 | 31 | func (a USBRequestBlockSetup) CSVHeader() []string { 32 | return filter(fieldsUSBRequestBlockSetup) 33 | } 34 | 35 | func (a USBRequestBlockSetup) CSVRecord() []string { 36 | return filter([]string{ 37 | formatTimestamp(a.Timestamp), 38 | formatInt32(a.RequestType), // int32 39 | formatInt32(a.Request), // int32 40 | formatInt32(a.Value), // int32 41 | formatInt32(a.Index), // int32 42 | formatInt32(a.Length), // int32 43 | }) 44 | } 45 | 46 | func (a USBRequestBlockSetup) NetcapTimestamp() string { 47 | return a.Timestamp 48 | } 49 | 50 | func (a USBRequestBlockSetup) JSON() (string, error) { 51 | return jsonMarshaler.MarshalToString(&a) 52 | } 53 | 54 | var usbRequestBlockSetupMetric = prometheus.NewCounterVec( 55 | prometheus.CounterOpts{ 56 | Name: strings.ToLower(Type_NC_USBRequestBlockSetup.String()), 57 | Help: Type_NC_USBRequestBlockSetup.String() + " audit records", 58 | }, 59 | fieldsUSBRequestBlockSetup[1:], 60 | ) 61 | 62 | func init() { 63 | prometheus.MustRegister(usbRequestBlockSetupMetric) 64 | } 65 | 66 | func (a USBRequestBlockSetup) Inc() { 67 | usbRequestBlockSetupMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 68 | } 69 | -------------------------------------------------------------------------------- /types/vrrpv2.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strings" 18 | 19 | "github.com/prometheus/client_golang/prometheus" 20 | ) 21 | 22 | var fieldsVRRPv2 = []string{ 23 | "Timestamp", 24 | "Version", // int32 25 | "Type", // int32 26 | "VirtualRtrID", // int32 27 | "Priority", // int32 28 | "CountIPAddr", // int32 29 | "AuthType", // int32 30 | "AdverInt", // int32 31 | "Checksum", // int32 32 | "IPAdresses", // []string 33 | } 34 | 35 | func (a VRRPv2) CSVHeader() []string { 36 | return filter(fieldsVRRPv2) 37 | } 38 | 39 | func (a VRRPv2) CSVRecord() []string { 40 | return filter([]string{ 41 | formatTimestamp(a.Timestamp), 42 | formatInt32(a.Version), // int32 43 | formatInt32(a.Type), // int32 44 | formatInt32(a.VirtualRtrID), // int32 45 | formatInt32(a.Priority), // int32 46 | formatInt32(a.CountIPAddr), // int32 47 | formatInt32(a.AuthType), // int32 48 | formatInt32(a.AdverInt), // int32 49 | formatInt32(a.Checksum), // int32 50 | join(a.IPAddress...), // []string 51 | }) 52 | } 53 | 54 | func (a VRRPv2) NetcapTimestamp() string { 55 | return a.Timestamp 56 | } 57 | 58 | func (a VRRPv2) JSON() (string, error) { 59 | return jsonMarshaler.MarshalToString(&a) 60 | } 61 | 62 | var vrrp2Metric = prometheus.NewCounterVec( 63 | prometheus.CounterOpts{ 64 | Name: strings.ToLower(Type_NC_VRRPv2.String()), 65 | Help: Type_NC_VRRPv2.String() + " audit records", 66 | }, 67 | fieldsVRRPv2[1:], 68 | ) 69 | 70 | func init() { 71 | prometheus.MustRegister(vrrp2Metric) 72 | } 73 | 74 | func (a VRRPv2) Inc() { 75 | vrrp2Metric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 76 | } 77 | -------------------------------------------------------------------------------- /types/vxlan.go: -------------------------------------------------------------------------------- 1 | /* 2 | * NETCAP - Traffic Analysis Framework 3 | * Copyright (c) 2017 Philipp Mieden 4 | * 5 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 6 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 7 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 8 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 9 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 10 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 11 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 12 | */ 13 | 14 | package types 15 | 16 | import ( 17 | "strconv" 18 | "strings" 19 | 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var fieldsVXLAN = []string{ 24 | "Timestamp", 25 | "ValidIDFlag", // bool 26 | "VNI", // uint32 27 | "GBPExtension", // bool 28 | "GBPDontLearn", // bool 29 | "GBPApplied", // bool 30 | "GBPGroupPolicyID", // int32 31 | } 32 | 33 | func (a VXLAN) CSVHeader() []string { 34 | return filter(fieldsVXLAN) 35 | } 36 | 37 | func (a VXLAN) CSVRecord() []string { 38 | return filter([]string{ 39 | formatTimestamp(a.Timestamp), 40 | strconv.FormatBool(a.ValidIDFlag), // bool 41 | formatUint32(a.VNI), // uint32 42 | strconv.FormatBool(a.GBPExtension), // bool 43 | strconv.FormatBool(a.GBPDontLearn), // bool 44 | strconv.FormatBool(a.GBPApplied), // bool 45 | formatInt32(a.GBPGroupPolicyID), // int32 46 | }) 47 | } 48 | 49 | func (a VXLAN) NetcapTimestamp() string { 50 | return a.Timestamp 51 | } 52 | 53 | func (a VXLAN) JSON() (string, error) { 54 | return jsonMarshaler.MarshalToString(&a) 55 | } 56 | 57 | var vxlanMetric = prometheus.NewCounterVec( 58 | prometheus.CounterOpts{ 59 | Name: strings.ToLower(Type_NC_VXLAN.String()), 60 | Help: Type_NC_VXLAN.String() + " audit records", 61 | }, 62 | fieldsVXLAN[1:], 63 | ) 64 | 65 | func init() { 66 | prometheus.MustRegister(vxlanMetric) 67 | } 68 | 69 | func (a VXLAN) Inc() { 70 | vxlanMetric.WithLabelValues(a.CSVRecord()[1:]...).Inc() 71 | } 72 | -------------------------------------------------------------------------------- /version.go: -------------------------------------------------------------------------------- 1 | // This file was generated. Do not edit. 2 | package netcap 3 | 4 | // Netcap version. 5 | var Version = "v0.4.0" 6 | -------------------------------------------------------------------------------- /zeus/config.yml: -------------------------------------------------------------------------------- 1 | # ________ ____ __ __ ______ 2 | # \___ // __ \| | \/ ___/ 3 | # / /\ ___/| | /\___ \ 4 | # /_____ \\___ >____//____ > 5 | # \/ \/ \/ 6 | # Build System 7 | # v0.8.4 8 | # 9 | 10 | autoFormat: false 11 | colors: true 12 | passCommandsToShell: true 13 | webInterface: false 14 | interactive: true 15 | debug: false 16 | projectNamePrompt: true 17 | recursionDepth: 1 18 | historyLimit: 20 19 | codeSnippetScope: 15 20 | portWebPanel: 8080 21 | portGlueServer: 0 22 | historyFile: true 23 | exitOnInterrupt: true 24 | disableTimestamps: false 25 | printBuiltins: false 26 | makefileOverview: false 27 | stopOnError: true 28 | dumpScriptOnError: true 29 | colorProfile: dark 30 | dateFormat: 02-01-2006 31 | todoFilePath: TODO.md 32 | editor: micro 33 | colorProfiles: 34 | dark: 35 | Text: cyan 36 | Prompt: blue 37 | CmdOutput: light+h 38 | CmdName: blue 39 | CmdFields: yellow 40 | CmdArgs: white+h 41 | CmdArgType: green 42 | light: 43 | Text: white 44 | Prompt: yellow 45 | CmdOutput: white+h 46 | CmdName: red 47 | CmdFields: blue 48 | CmdArgs: cyan 49 | CmdArgType: green 50 | languages: [] 51 | -------------------------------------------------------------------------------- /zeus/data.yml: -------------------------------------------------------------------------------- 1 | # ________ ____ __ __ ______ 2 | # \___ // __ \| | \/ ___/ 3 | # / /\ ___/| | /\___ \ 4 | # /_____ \\___ >____//____ > 5 | # \/ \/ \/ 6 | # Build System 7 | # v0.8.5 8 | # 9 | 10 | buildNumber: 1314 11 | deadline: "" 12 | milestones: [] 13 | aliases: {} 14 | events: 15 | 79cc23608f5ef7d0: 16 | name: commandsFile watcher 17 | id: 79cc23608f5ef7d0 18 | path: zeus/commands.yml 19 | op: 2 20 | fileextension: .yml 21 | command: internal 22 | 9710d090d3389252: 23 | name: config watcher 24 | id: 9710d090d3389252 25 | path: zeus/config.yml 26 | op: 2 27 | fileextension: .yml 28 | command: internal 29 | author: "" 30 | keyBindings: {} 31 | -------------------------------------------------------------------------------- /zeus/generated/install-netcap.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # generated by ZEUS v0.8.4 3 | # Timestamp: [Fri Dec 21 20:05:01 2018] 4 | 5 | 6 | go build -o $(go env GOPATH)/bin/netcap -i github.com/dreadl0ck/netcap/cmd -------------------------------------------------------------------------------- /zeus/generated/install-netlabel.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # generated by ZEUS v0.8.4 3 | # Timestamp: [Fri Dec 21 20:05:10 2018] 4 | 5 | 6 | go build -o $(go env GOPATH)/bin/netlabel -i github.com/dreadl0ck/netcap/label/cmd -------------------------------------------------------------------------------- /zeus/generated/install-sensor.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # generated by ZEUS v0.8.4 3 | # Timestamp: [Fri Dec 21 20:06:23 2018] 4 | 5 | 6 | go build -o $(go env GOPATH)/bin/netcap-sensor -i github.com/dreadl0ck/netcap/sensor -------------------------------------------------------------------------------- /zeus/generated/install-server.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # generated by ZEUS v0.8.4 3 | # Timestamp: [Fri Dec 21 20:06:15 2018] 4 | 5 | 6 | go build -o $(go env GOPATH)/bin/netcap-server -i github.com/dreadl0ck/netcap/server -------------------------------------------------------------------------------- /zeus/scripts/build-all-linux-docker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # make this script callable from project root dir 4 | cd docker 5 | 6 | echo "[INFO] building docker image" 7 | 8 | # in case of cache annoyances: 9 | # docker rm -f $(docker ps -a -q) 10 | # docker rmi -f $(docker images -a -q) 11 | 12 | # build image 13 | docker build --no-cache -t "netcap-linux" . 14 | 15 | echo "[INFO] running docker image" 16 | 17 | docker run netcap-linux 18 | 19 | # docker image ls 20 | 21 | # grab container ID 22 | echo "[INFO] looking for netcap-linux container ID" 23 | CONTAINER_ID=$(docker ps -a -f ancestor=netcap-linux -q --latest) 24 | if [[ $CONTAINER_ID == "" ]]; then 25 | echo "[ERROR] no docker container found" 26 | exit 1 27 | fi 28 | 29 | echo "[INFO] preparing dist folder, CONTAINER_ID: $CONTAINER_ID" 30 | 31 | # clean up 32 | rm -rf ../dist/linux_amd64 33 | 34 | # create path in dist 35 | mkdir -p ../dist/linux_amd64 36 | 37 | # copy binaries from container 38 | docker cp $CONTAINER_ID:/go/net.capture ../dist/linux_amd64/net.capture 39 | docker cp $CONTAINER_ID:/go/net.label ../dist/linux_amd64/net.label 40 | docker cp $CONTAINER_ID:/go/net.collect ../dist/linux_amd64/net.collect 41 | docker cp $CONTAINER_ID:/go/net.agent ../dist/linux_amd64/net.agent 42 | docker cp $CONTAINER_ID:/go/net.proxy ../dist/linux_amd64/net.proxy 43 | docker cp $CONTAINER_ID:/go/net.export ../dist/linux_amd64/net.export 44 | docker cp $CONTAINER_ID:/go/net.dump ../dist/linux_amd64/net.dump 45 | docker cp $CONTAINER_ID:/go/net.util ../dist/linux_amd64/net.util 46 | 47 | # remove container 48 | docker rm $CONTAINER_ID 49 | 50 | cp ../LICENSE ../dist/linux_amd64 51 | cp ../README.md ../dist/linux_amd64 52 | 53 | cd ../dist 54 | 55 | # create tar archive for linux 56 | tar -cvf netcap_${VERSION}_linux_amd64.tar.gz linux_amd64 57 | 58 | # add checksum - goreleaser needs to be patched for this to work 59 | # by default the checksums.txt file is truncated when being opened 60 | shasum -a 256 netcap_${VERSION}_linux_amd64.tar.gz > checksums.txt 61 | 62 | # remove license and readme from binary folder 63 | rm linux_amd64/LICENSE 64 | rm linux_amd64/README.md 65 | 66 | echo "[INFO] removing docker image" 67 | docker image rm netcap-linux 68 | 69 | echo "[INFO] done" 70 | --------------------------------------------------------------------------------