PCAP (named after libpcap / winpcap) is a popular format for saving network traffic grabbed by network sniffers. It is typically produced by tools like tcpdump or Wireshark.
This page hosts a formal specification of .pcap / .pcapdump file format using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.
// Code generated by kaitai-struct-compiler from a .ksy source file. DO NOT EDIT.
import (
"github.com/kaitai-io/kaitai_struct_go_runtime/kaitai"
"bytes"
)
/**
* PCAP (named after libpcap / winpcap) is a popular format for saving
* network traffic grabbed by network sniffers. It is typically
* produced by tools like [tcpdump](https://www.tcpdump.org/) or
* [Wireshark](https://www.wireshark.org/).
* @see <a href="https://wiki.wireshark.org/Development/LibpcapFileFormat">Source</a>
*/
type Pcap_Linktype int
const (
Pcap_Linktype__NullLinktype Pcap_Linktype = 0
Pcap_Linktype__Ethernet Pcap_Linktype = 1
Pcap_Linktype__ExpEthernet Pcap_Linktype = 2
Pcap_Linktype__Ax25 Pcap_Linktype = 3
Pcap_Linktype__Pronet Pcap_Linktype = 4
Pcap_Linktype__Chaos Pcap_Linktype = 5
Pcap_Linktype__Ieee8025 Pcap_Linktype = 6
Pcap_Linktype__ArcnetBsd Pcap_Linktype = 7
Pcap_Linktype__Slip Pcap_Linktype = 8
Pcap_Linktype__Ppp Pcap_Linktype = 9
Pcap_Linktype__Fddi Pcap_Linktype = 10
Pcap_Linktype__RedbackSmartedge Pcap_Linktype = 32
Pcap_Linktype__PppHdlc Pcap_Linktype = 50
Pcap_Linktype__PppEther Pcap_Linktype = 51
Pcap_Linktype__SymantecFirewall Pcap_Linktype = 99
Pcap_Linktype__AtmRfc1483 Pcap_Linktype = 100
Pcap_Linktype__Raw Pcap_Linktype = 101
Pcap_Linktype__CHdlc Pcap_Linktype = 104
Pcap_Linktype__Ieee80211 Pcap_Linktype = 105
Pcap_Linktype__AtmClip Pcap_Linktype = 106
Pcap_Linktype__Frelay Pcap_Linktype = 107
Pcap_Linktype__Loop Pcap_Linktype = 108
Pcap_Linktype__Enc Pcap_Linktype = 109
Pcap_Linktype__NetbsdHdlc Pcap_Linktype = 112
Pcap_Linktype__LinuxSll Pcap_Linktype = 113
Pcap_Linktype__Ltalk Pcap_Linktype = 114
Pcap_Linktype__Econet Pcap_Linktype = 115
Pcap_Linktype__Ipfilter Pcap_Linktype = 116
Pcap_Linktype__Pflog Pcap_Linktype = 117
Pcap_Linktype__CiscoIos Pcap_Linktype = 118
Pcap_Linktype__Ieee80211Prism Pcap_Linktype = 119
Pcap_Linktype__AironetHeader Pcap_Linktype = 120
Pcap_Linktype__IpOverFc Pcap_Linktype = 122
Pcap_Linktype__Sunatm Pcap_Linktype = 123
Pcap_Linktype__Rio Pcap_Linktype = 124
Pcap_Linktype__PciExp Pcap_Linktype = 125
Pcap_Linktype__Aurora Pcap_Linktype = 126
Pcap_Linktype__Ieee80211Radiotap Pcap_Linktype = 127
Pcap_Linktype__Tzsp Pcap_Linktype = 128
Pcap_Linktype__ArcnetLinux Pcap_Linktype = 129
Pcap_Linktype__JuniperMlppp Pcap_Linktype = 130
Pcap_Linktype__JuniperMlfr Pcap_Linktype = 131
Pcap_Linktype__JuniperEs Pcap_Linktype = 132
Pcap_Linktype__JuniperGgsn Pcap_Linktype = 133
Pcap_Linktype__JuniperMfr Pcap_Linktype = 134
Pcap_Linktype__JuniperAtm2 Pcap_Linktype = 135
Pcap_Linktype__JuniperServices Pcap_Linktype = 136
Pcap_Linktype__JuniperAtm1 Pcap_Linktype = 137
Pcap_Linktype__AppleIpOverIeee1394 Pcap_Linktype = 138
Pcap_Linktype__Mtp2WithPhdr Pcap_Linktype = 139
Pcap_Linktype__Mtp2 Pcap_Linktype = 140
Pcap_Linktype__Mtp3 Pcap_Linktype = 141
Pcap_Linktype__Sccp Pcap_Linktype = 142
Pcap_Linktype__Docsis Pcap_Linktype = 143
Pcap_Linktype__LinuxIrda Pcap_Linktype = 144
Pcap_Linktype__IbmSp Pcap_Linktype = 145
Pcap_Linktype__IbmSn Pcap_Linktype = 146
Pcap_Linktype__User0 Pcap_Linktype = 147
Pcap_Linktype__User1 Pcap_Linktype = 148
Pcap_Linktype__User2 Pcap_Linktype = 149
Pcap_Linktype__User3 Pcap_Linktype = 150
Pcap_Linktype__User4 Pcap_Linktype = 151
Pcap_Linktype__User5 Pcap_Linktype = 152
Pcap_Linktype__User6 Pcap_Linktype = 153
Pcap_Linktype__User7 Pcap_Linktype = 154
Pcap_Linktype__User8 Pcap_Linktype = 155
Pcap_Linktype__User9 Pcap_Linktype = 156
Pcap_Linktype__User10 Pcap_Linktype = 157
Pcap_Linktype__User11 Pcap_Linktype = 158
Pcap_Linktype__User12 Pcap_Linktype = 159
Pcap_Linktype__User13 Pcap_Linktype = 160
Pcap_Linktype__User14 Pcap_Linktype = 161
Pcap_Linktype__User15 Pcap_Linktype = 162
Pcap_Linktype__Ieee80211Avs Pcap_Linktype = 163
Pcap_Linktype__JuniperMonitor Pcap_Linktype = 164
Pcap_Linktype__BacnetMsTp Pcap_Linktype = 165
Pcap_Linktype__PppPppd Pcap_Linktype = 166
Pcap_Linktype__JuniperPppoe Pcap_Linktype = 167
Pcap_Linktype__JuniperPppoeAtm Pcap_Linktype = 168
Pcap_Linktype__GprsLlc Pcap_Linktype = 169
Pcap_Linktype__GpfT Pcap_Linktype = 170
Pcap_Linktype__GpfF Pcap_Linktype = 171
Pcap_Linktype__GcomT1e1 Pcap_Linktype = 172
Pcap_Linktype__GcomSerial Pcap_Linktype = 173
Pcap_Linktype__JuniperPicPeer Pcap_Linktype = 174
Pcap_Linktype__ErfEth Pcap_Linktype = 175
Pcap_Linktype__ErfPos Pcap_Linktype = 176
Pcap_Linktype__LinuxLapd Pcap_Linktype = 177
Pcap_Linktype__JuniperEther Pcap_Linktype = 178
Pcap_Linktype__JuniperPpp Pcap_Linktype = 179
Pcap_Linktype__JuniperFrelay Pcap_Linktype = 180
Pcap_Linktype__JuniperChdlc Pcap_Linktype = 181
Pcap_Linktype__Mfr Pcap_Linktype = 182
Pcap_Linktype__JuniperVp Pcap_Linktype = 183
Pcap_Linktype__A429 Pcap_Linktype = 184
Pcap_Linktype__A653Icm Pcap_Linktype = 185
Pcap_Linktype__UsbFreebsd Pcap_Linktype = 186
Pcap_Linktype__BluetoothHciH4 Pcap_Linktype = 187
Pcap_Linktype__Ieee80216MacCps Pcap_Linktype = 188
Pcap_Linktype__UsbLinux Pcap_Linktype = 189
Pcap_Linktype__Can20b Pcap_Linktype = 190
Pcap_Linktype__Ieee802154Linux Pcap_Linktype = 191
Pcap_Linktype__Ppi Pcap_Linktype = 192
Pcap_Linktype__Ieee80216MacCpsRadio Pcap_Linktype = 193
Pcap_Linktype__JuniperIsm Pcap_Linktype = 194
Pcap_Linktype__Ieee802154Withfcs Pcap_Linktype = 195
Pcap_Linktype__Sita Pcap_Linktype = 196
Pcap_Linktype__Erf Pcap_Linktype = 197
Pcap_Linktype__Raif1 Pcap_Linktype = 198
Pcap_Linktype__IpmbKontron Pcap_Linktype = 199
Pcap_Linktype__JuniperSt Pcap_Linktype = 200
Pcap_Linktype__BluetoothHciH4WithPhdr Pcap_Linktype = 201
Pcap_Linktype__Ax25Kiss Pcap_Linktype = 202
Pcap_Linktype__Lapd Pcap_Linktype = 203
Pcap_Linktype__PppWithDir Pcap_Linktype = 204
Pcap_Linktype__CHdlcWithDir Pcap_Linktype = 205
Pcap_Linktype__FrelayWithDir Pcap_Linktype = 206
Pcap_Linktype__LapbWithDir Pcap_Linktype = 207
Pcap_Linktype__IpmbLinux Pcap_Linktype = 209
Pcap_Linktype__Flexray Pcap_Linktype = 210
Pcap_Linktype__Most Pcap_Linktype = 211
Pcap_Linktype__Lin Pcap_Linktype = 212
Pcap_Linktype__X2eSerial Pcap_Linktype = 213
Pcap_Linktype__X2eXoraya Pcap_Linktype = 214
Pcap_Linktype__Ieee802154NonaskPhy Pcap_Linktype = 215
Pcap_Linktype__LinuxEvdev Pcap_Linktype = 216
Pcap_Linktype__GsmtapUm Pcap_Linktype = 217
Pcap_Linktype__GsmtapAbis Pcap_Linktype = 218
Pcap_Linktype__Mpls Pcap_Linktype = 219
Pcap_Linktype__UsbLinuxMmapped Pcap_Linktype = 220
Pcap_Linktype__Dect Pcap_Linktype = 221
Pcap_Linktype__Aos Pcap_Linktype = 222
Pcap_Linktype__Wihart Pcap_Linktype = 223
Pcap_Linktype__Fc2 Pcap_Linktype = 224
Pcap_Linktype__Fc2WithFrameDelims Pcap_Linktype = 225
Pcap_Linktype__Ipnet Pcap_Linktype = 226
Pcap_Linktype__CanSocketcan Pcap_Linktype = 227
Pcap_Linktype__Ipv4 Pcap_Linktype = 228
Pcap_Linktype__Ipv6 Pcap_Linktype = 229
Pcap_Linktype__Ieee802154Nofcs Pcap_Linktype = 230
Pcap_Linktype__Dbus Pcap_Linktype = 231
Pcap_Linktype__JuniperVs Pcap_Linktype = 232
Pcap_Linktype__JuniperSrxE2e Pcap_Linktype = 233
Pcap_Linktype__JuniperFibrechannel Pcap_Linktype = 234
Pcap_Linktype__DvbCi Pcap_Linktype = 235
Pcap_Linktype__Mux27010 Pcap_Linktype = 236
Pcap_Linktype__Stanag5066DPdu Pcap_Linktype = 237
Pcap_Linktype__JuniperAtmCemic Pcap_Linktype = 238
Pcap_Linktype__Nflog Pcap_Linktype = 239
Pcap_Linktype__Netanalyzer Pcap_Linktype = 240
Pcap_Linktype__NetanalyzerTransparent Pcap_Linktype = 241
Pcap_Linktype__Ipoib Pcap_Linktype = 242
Pcap_Linktype__Mpeg2Ts Pcap_Linktype = 243
Pcap_Linktype__Ng40 Pcap_Linktype = 244
Pcap_Linktype__NfcLlcp Pcap_Linktype = 245
Pcap_Linktype__Pfsync Pcap_Linktype = 246
Pcap_Linktype__Infiniband Pcap_Linktype = 247
Pcap_Linktype__Sctp Pcap_Linktype = 248
Pcap_Linktype__Usbpcap Pcap_Linktype = 249
Pcap_Linktype__RtacSerial Pcap_Linktype = 250
Pcap_Linktype__BluetoothLeLl Pcap_Linktype = 251
Pcap_Linktype__WiresharkUpperPdu Pcap_Linktype = 252
Pcap_Linktype__Netlink Pcap_Linktype = 253
Pcap_Linktype__BluetoothLinuxMonitor Pcap_Linktype = 254
Pcap_Linktype__BluetoothBredrBb Pcap_Linktype = 255
Pcap_Linktype__BluetoothLeLlWithPhdr Pcap_Linktype = 256
Pcap_Linktype__ProfibusDl Pcap_Linktype = 257
Pcap_Linktype__Pktap Pcap_Linktype = 258
Pcap_Linktype__Epon Pcap_Linktype = 259
Pcap_Linktype__IpmiHpm2 Pcap_Linktype = 260
Pcap_Linktype__ZwaveR1R2 Pcap_Linktype = 261
Pcap_Linktype__ZwaveR3 Pcap_Linktype = 262
Pcap_Linktype__WattstopperDlm Pcap_Linktype = 263
Pcap_Linktype__Iso14443 Pcap_Linktype = 264
Pcap_Linktype__Rds Pcap_Linktype = 265
Pcap_Linktype__UsbDarwin Pcap_Linktype = 266
Pcap_Linktype__Openflow Pcap_Linktype = 267
Pcap_Linktype__Sdlc Pcap_Linktype = 268
Pcap_Linktype__TiLlnSniffer Pcap_Linktype = 269
Pcap_Linktype__Loratap Pcap_Linktype = 270
Pcap_Linktype__Vsock Pcap_Linktype = 271
Pcap_Linktype__NordicBle Pcap_Linktype = 272
Pcap_Linktype__Docsis31Xra31 Pcap_Linktype = 273
Pcap_Linktype__EthernetMpacket Pcap_Linktype = 274
Pcap_Linktype__DisplayportAux Pcap_Linktype = 275
Pcap_Linktype__LinuxSll2 Pcap_Linktype = 276
Pcap_Linktype__SercosMonitor Pcap_Linktype = 277
Pcap_Linktype__Openvizsla Pcap_Linktype = 278
Pcap_Linktype__Ebhscr Pcap_Linktype = 279
Pcap_Linktype__VppDispatch Pcap_Linktype = 280
Pcap_Linktype__DsaTagBrcm Pcap_Linktype = 281
Pcap_Linktype__DsaTagBrcmPrepend Pcap_Linktype = 282
Pcap_Linktype__Ieee802154Tap Pcap_Linktype = 283
Pcap_Linktype__DsaTagDsa Pcap_Linktype = 284
Pcap_Linktype__DsaTagEdsa Pcap_Linktype = 285
Pcap_Linktype__Elee Pcap_Linktype = 286
Pcap_Linktype__ZwaveSerial Pcap_Linktype = 287
Pcap_Linktype__Usb20 Pcap_Linktype = 288
Pcap_Linktype__AtscAlp Pcap_Linktype = 289
Pcap_Linktype__Etw Pcap_Linktype = 290
Pcap_Linktype__NetanalyzerNg Pcap_Linktype = 291
Pcap_Linktype__ZbossNcp Pcap_Linktype = 292
Pcap_Linktype__Usb20LowSpeed Pcap_Linktype = 293
Pcap_Linktype__Usb20FullSpeed Pcap_Linktype = 294
Pcap_Linktype__Usb20HighSpeed Pcap_Linktype = 295
Pcap_Linktype__AuerswaldLog Pcap_Linktype = 296
Pcap_Linktype__ZwaveTap Pcap_Linktype = 297
Pcap_Linktype__SilabsDebugChannel Pcap_Linktype = 298
Pcap_Linktype__FiraUci Pcap_Linktype = 299
)
var values_Pcap_Linktype = map[Pcap_Linktype]struct{}{0: {}, 1: {}, 2: {}, 3: {}, 4: {}, 5: {}, 6: {}, 7: {}, 8: {}, 9: {}, 10: {}, 32: {}, 50: {}, 51: {}, 99: {}, 100: {}, 101: {}, 104: {}, 105: {}, 106: {}, 107: {}, 108: {}, 109: {}, 112: {}, 113: {}, 114: {}, 115: {}, 116: {}, 117: {}, 118: {}, 119: {}, 120: {}, 122: {}, 123: {}, 124: {}, 125: {}, 126: {}, 127: {}, 128: {}, 129: {}, 130: {}, 131: {}, 132: {}, 133: {}, 134: {}, 135: {}, 136: {}, 137: {}, 138: {}, 139: {}, 140: {}, 141: {}, 142: {}, 143: {}, 144: {}, 145: {}, 146: {}, 147: {}, 148: {}, 149: {}, 150: {}, 151: {}, 152: {}, 153: {}, 154: {}, 155: {}, 156: {}, 157: {}, 158: {}, 159: {}, 160: {}, 161: {}, 162: {}, 163: {}, 164: {}, 165: {}, 166: {}, 167: {}, 168: {}, 169: {}, 170: {}, 171: {}, 172: {}, 173: {}, 174: {}, 175: {}, 176: {}, 177: {}, 178: {}, 179: {}, 180: {}, 181: {}, 182: {}, 183: {}, 184: {}, 185: {}, 186: {}, 187: {}, 188: {}, 189: {}, 190: {}, 191: {}, 192: {}, 193: {}, 194: {}, 195: {}, 196: {}, 197: {}, 198: {}, 199: {}, 200: {}, 201: {}, 202: {}, 203: {}, 204: {}, 205: {}, 206: {}, 207: {}, 209: {}, 210: {}, 211: {}, 212: {}, 213: {}, 214: {}, 215: {}, 216: {}, 217: {}, 218: {}, 219: {}, 220: {}, 221: {}, 222: {}, 223: {}, 224: {}, 225: {}, 226: {}, 227: {}, 228: {}, 229: {}, 230: {}, 231: {}, 232: {}, 233: {}, 234: {}, 235: {}, 236: {}, 237: {}, 238: {}, 239: {}, 240: {}, 241: {}, 242: {}, 243: {}, 244: {}, 245: {}, 246: {}, 247: {}, 248: {}, 249: {}, 250: {}, 251: {}, 252: {}, 253: {}, 254: {}, 255: {}, 256: {}, 257: {}, 258: {}, 259: {}, 260: {}, 261: {}, 262: {}, 263: {}, 264: {}, 265: {}, 266: {}, 267: {}, 268: {}, 269: {}, 270: {}, 271: {}, 272: {}, 273: {}, 274: {}, 275: {}, 276: {}, 277: {}, 278: {}, 279: {}, 280: {}, 281: {}, 282: {}, 283: {}, 284: {}, 285: {}, 286: {}, 287: {}, 288: {}, 289: {}, 290: {}, 291: {}, 292: {}, 293: {}, 294: {}, 295: {}, 296: {}, 297: {}, 298: {}, 299: {}}
func (v Pcap_Linktype) isDefined() bool {
_, ok := values_Pcap_Linktype[v]
return ok
}
type Pcap_Magic int
const (
Pcap_Magic__LeNanoseconds Pcap_Magic = 1295823521
Pcap_Magic__BeNanoseconds Pcap_Magic = 2712812621
Pcap_Magic__BeMicroseconds Pcap_Magic = 2712847316
Pcap_Magic__LeMicroseconds Pcap_Magic = 3569595041
)
var values_Pcap_Magic = map[Pcap_Magic]struct{}{1295823521: {}, 2712812621: {}, 2712847316: {}, 3569595041: {}}
func (v Pcap_Magic) isDefined() bool {
_, ok := values_Pcap_Magic[v]
return ok
}
type Pcap struct {
MagicNumber Pcap_Magic
Hdr *Pcap_Header
Packets []*Pcap_Packet
_io *kaitai.Stream
_root *Pcap
_parent kaitai.Struct
}
func NewPcap() *Pcap {
return &Pcap{
}
}
func (this Pcap) IO_() *kaitai.Stream {
return this._io
}
func (this *Pcap) Read(io *kaitai.Stream, parent kaitai.Struct, root *Pcap) (err error) {
this._io = io
this._parent = parent
this._root = root
tmp1, err := this._io.ReadU4be()
if err != nil {
return err
}
this.MagicNumber = Pcap_Magic(tmp1)
tmp2 := NewPcap_Header()
err = tmp2.Read(this._io, this, this._root)
if err != nil {
return err
}
this.Hdr = tmp2
for i := 0;; i++ {
tmp3, err := this._io.EOF()
if err != nil {
return err
}
if tmp3 {
break
}
tmp4 := NewPcap_Packet()
err = tmp4.Read(this._io, this, this._root)
if err != nil {
return err
}
this.Packets = append(this.Packets, tmp4)
}
return err
}
/**
* @see <a href="https://wiki.wireshark.org/Development/LibpcapFileFormat#Global_Header">Source</a>
*/
type Pcap_Header struct {
VersionMajor uint16
VersionMinor uint16
Thiszone int32
Sigfigs uint32
Snaplen uint32
Network Pcap_Linktype
_io *kaitai.Stream
_root *Pcap
_parent *Pcap
_is_le int
}
func NewPcap_Header() *Pcap_Header {
return &Pcap_Header{
}
}
func (this Pcap_Header) IO_() *kaitai.Stream {
return this._io
}
func (this *Pcap_Header) Read(io *kaitai.Stream, parent *Pcap, root *Pcap) (err error) {
this._io = io
this._parent = parent
this._root = root
this._is_le = -1
switch (this._root.MagicNumber) {
case Pcap_Magic__LeMicroseconds:
this._is_le = int(1)
case Pcap_Magic__LeNanoseconds:
this._is_le = int(1)
case Pcap_Magic__BeMicroseconds:
this._is_le = int(0)
case Pcap_Magic__BeNanoseconds:
this._is_le = int(0)
}
switch this._is_le {
case 0:
err = this._read_be()
case 1:
err = this._read_le()
default:
err = kaitai.UndecidedEndiannessError{}
}
return err
}
func (this *Pcap_Header) _read_le() (err error) {
tmp5, err := this._io.ReadU2le()
if err != nil {
return err
}
this.VersionMajor = uint16(tmp5)
if !(this.VersionMajor == 2) {
return kaitai.NewValidationNotEqualError(2, this.VersionMajor, this._io, "/types/header/seq/0")
}
tmp6, err := this._io.ReadU2le()
if err != nil {
return err
}
this.VersionMinor = uint16(tmp6)
tmp7, err := this._io.ReadS4le()
if err != nil {
return err
}
this.Thiszone = int32(tmp7)
tmp8, err := this._io.ReadU4le()
if err != nil {
return err
}
this.Sigfigs = uint32(tmp8)
tmp9, err := this._io.ReadU4le()
if err != nil {
return err
}
this.Snaplen = uint32(tmp9)
tmp10, err := this._io.ReadU4le()
if err != nil {
return err
}
this.Network = Pcap_Linktype(tmp10)
return err
}
func (this *Pcap_Header) _read_be() (err error) {
tmp11, err := this._io.ReadU2be()
if err != nil {
return err
}
this.VersionMajor = uint16(tmp11)
if !(this.VersionMajor == 2) {
return kaitai.NewValidationNotEqualError(2, this.VersionMajor, this._io, "/types/header/seq/0")
}
tmp12, err := this._io.ReadU2be()
if err != nil {
return err
}
this.VersionMinor = uint16(tmp12)
tmp13, err := this._io.ReadS4be()
if err != nil {
return err
}
this.Thiszone = int32(tmp13)
tmp14, err := this._io.ReadU4be()
if err != nil {
return err
}
this.Sigfigs = uint32(tmp14)
tmp15, err := this._io.ReadU4be()
if err != nil {
return err
}
this.Snaplen = uint32(tmp15)
tmp16, err := this._io.ReadU4be()
if err != nil {
return err
}
this.Network = Pcap_Linktype(tmp16)
return err
}
/**
* Correction time in seconds between UTC and the local
* timezone of the following packet header timestamps.
*/
/**
* In theory, the accuracy of time stamps in the capture; in
* practice, all tools set it to 0.
*/
/**
* The "snapshot length" for the capture (typically 65535 or
* even more, but might be limited by the user), see: incl_len
* vs. orig_len.
*/
/**
* Link-layer header type, specifying the type of headers at
* the beginning of the packet.
*/
/**
* @see <a href="https://wiki.wireshark.org/Development/LibpcapFileFormat#Record_.28Packet.29_Header">Source</a>
*/
type Pcap_Packet struct {
TsSec uint32
TsUsec uint32
InclLen uint32
OrigLen uint32
Body interface{}
_io *kaitai.Stream
_root *Pcap
_parent *Pcap
_raw_Body []byte
_is_le int
}
func NewPcap_Packet() *Pcap_Packet {
return &Pcap_Packet{
}
}
func (this Pcap_Packet) IO_() *kaitai.Stream {
return this._io
}
func (this *Pcap_Packet) Read(io *kaitai.Stream, parent *Pcap, root *Pcap) (err error) {
this._io = io
this._parent = parent
this._root = root
this._is_le = -1
switch (this._root.MagicNumber) {
case Pcap_Magic__LeMicroseconds:
this._is_le = int(1)
case Pcap_Magic__LeNanoseconds:
this._is_le = int(1)
case Pcap_Magic__BeMicroseconds:
this._is_le = int(0)
case Pcap_Magic__BeNanoseconds:
this._is_le = int(0)
}
switch this._is_le {
case 0:
err = this._read_be()
case 1:
err = this._read_le()
default:
err = kaitai.UndecidedEndiannessError{}
}
return err
}
func (this *Pcap_Packet) _read_le() (err error) {
tmp17, err := this._io.ReadU4le()
if err != nil {
return err
}
this.TsSec = uint32(tmp17)
tmp18, err := this._io.ReadU4le()
if err != nil {
return err
}
this.TsUsec = uint32(tmp18)
tmp19, err := this._io.ReadU4le()
if err != nil {
return err
}
this.InclLen = uint32(tmp19)
tmp20, err := this._io.ReadU4le()
if err != nil {
return err
}
this.OrigLen = uint32(tmp20)
switch (this._root.Hdr.Network) {
case Pcap_Linktype__Ethernet:
var tmp21 uint32;
if (this.InclLen < this._root.Hdr.Snaplen) {
tmp21 = this.InclLen
} else {
tmp21 = this._root.Hdr.Snaplen
}
tmp22, err := this._io.ReadBytes(int(tmp21))
if err != nil {
return err
}
tmp22 = tmp22
this._raw_Body = tmp22
_io__raw_Body := kaitai.NewStream(bytes.NewReader(this._raw_Body))
tmp23 := NewEthernetFrame()
err = tmp23.Read(_io__raw_Body, nil, nil)
if err != nil {
return err
}
this.Body = tmp23
case Pcap_Linktype__Ppi:
var tmp24 uint32;
if (this.InclLen < this._root.Hdr.Snaplen) {
tmp24 = this.InclLen
} else {
tmp24 = this._root.Hdr.Snaplen
}
tmp25, err := this._io.ReadBytes(int(tmp24))
if err != nil {
return err
}
tmp25 = tmp25
this._raw_Body = tmp25
_io__raw_Body := kaitai.NewStream(bytes.NewReader(this._raw_Body))
tmp26 := NewPacketPpi()
err = tmp26.Read(_io__raw_Body, nil, nil)
if err != nil {
return err
}
this.Body = tmp26
default:
var tmp27 uint32;
if (this.InclLen < this._root.Hdr.Snaplen) {
tmp27 = this.InclLen
} else {
tmp27 = this._root.Hdr.Snaplen
}
tmp28, err := this._io.ReadBytes(int(tmp27))
if err != nil {
return err
}
tmp28 = tmp28
this._raw_Body = tmp28
}
return err
}
func (this *Pcap_Packet) _read_be() (err error) {
tmp29, err := this._io.ReadU4be()
if err != nil {
return err
}
this.TsSec = uint32(tmp29)
tmp30, err := this._io.ReadU4be()
if err != nil {
return err
}
this.TsUsec = uint32(tmp30)
tmp31, err := this._io.ReadU4be()
if err != nil {
return err
}
this.InclLen = uint32(tmp31)
tmp32, err := this._io.ReadU4be()
if err != nil {
return err
}
this.OrigLen = uint32(tmp32)
switch (this._root.Hdr.Network) {
case Pcap_Linktype__Ethernet:
var tmp33 uint32;
if (this.InclLen < this._root.Hdr.Snaplen) {
tmp33 = this.InclLen
} else {
tmp33 = this._root.Hdr.Snaplen
}
tmp34, err := this._io.ReadBytes(int(tmp33))
if err != nil {
return err
}
tmp34 = tmp34
this._raw_Body = tmp34
_io__raw_Body := kaitai.NewStream(bytes.NewReader(this._raw_Body))
tmp35 := NewEthernetFrame()
err = tmp35.Read(_io__raw_Body, nil, nil)
if err != nil {
return err
}
this.Body = tmp35
case Pcap_Linktype__Ppi:
var tmp36 uint32;
if (this.InclLen < this._root.Hdr.Snaplen) {
tmp36 = this.InclLen
} else {
tmp36 = this._root.Hdr.Snaplen
}
tmp37, err := this._io.ReadBytes(int(tmp36))
if err != nil {
return err
}
tmp37 = tmp37
this._raw_Body = tmp37
_io__raw_Body := kaitai.NewStream(bytes.NewReader(this._raw_Body))
tmp38 := NewPacketPpi()
err = tmp38.Read(_io__raw_Body, nil, nil)
if err != nil {
return err
}
this.Body = tmp38
default:
var tmp39 uint32;
if (this.InclLen < this._root.Hdr.Snaplen) {
tmp39 = this.InclLen
} else {
tmp39 = this._root.Hdr.Snaplen
}
tmp40, err := this._io.ReadBytes(int(tmp39))
if err != nil {
return err
}
tmp40 = tmp40
this._raw_Body = tmp40
}
return err
}
/**
* Timestamp of a packet in seconds since 1970-01-01 00:00:00 UTC (UNIX timestamp).
*
* In practice, some captures are not following that (e.g. because the device lacks
* a real-time clock), so this field might represent time since device boot, start of
* capture, or other arbitrary epoch.
*/
/**
* Depending on `_root.magic_number`, units for this field change:
*
* * If it's `le_microseconds` or `be_microseconds`, this field
* contains microseconds.
* * If it's `le_nanoseconds` or `be_nanoseconds`, this field
* contains nanoseconds.
*/
/**
* Number of bytes of packet data actually captured and saved in the file.
*/
/**
* Length of the packet as it appeared on the network when it was captured.
*/
/**
* @see <a href="https://wiki.wireshark.org/Development/LibpcapFileFormat#Packet_Data">Source</a>
*/