Beispiel #1
0
func getStartSeconds(filename string) (int64, error) {
	var seconds int64
	pcap, err := libpcap.OpenOffline(filename)
	if err != nil {
		return 0, err
	}
	packet, err := pcap.Next()
	if err != nil {
		return 0, err
	}
	if packet != nil {
		seconds = packet.Seconds()
	}
	pcap.Close()
	return seconds, nil
}
Beispiel #2
0
// Dumper sub-program entry point.
func DumperMain(args []string) {

	var directory string
	var recursive bool
	var prefix string
	var startTime int64
	var duration int64
	var filter string

	log.SetFlags(0)
	log.SetPrefix("dumpy dump: ")

	flagset := flag.NewFlagSet("dumper", flag.ExitOnError)
	flagset.StringVar(&directory, "directory", "", "capture directory")
	flagset.BoolVar(&recursive, "recursive", false, "process directory recursively")
	flagset.StringVar(&prefix, "prefix", "", "filename prefix")
	flagset.Int64Var(&startTime, "start-time", 0,
		"start time in unix time (seconds)")
	flagset.Int64Var(&duration, "duration", 0, "duration of capture (seconds)")
	flagset.StringVar(&filter, "filter", "", "bpf filter expression")
	flagset.BoolVar(&verbose, "verbose", false, "be more verbose")
	flagset.Parse(args)

	if directory == "" || prefix == "" {
		log.Fatalf("-directory and -prefix required")
	}
	if startTime == 0 || duration == 0 {
		log.Fatalf("-start-time and -duration required")
	}

	filenames, err := findFiles(directory, prefix, recursive)
	if err != nil {
		log.Fatal(err)
	}
	filenames = filterOnStartTime(filenames, startTime)

	var dumper *libpcap.Dumper

	for _, file := range filenames {
		if verbose {
			log.Printf("opening file %s", file)
		}
		pcap, err := libpcap.OpenOffline(file)
		if err != nil {
			log.Fatal(err)
		}
		if filter != "" {
			err := pcap.CompileAndSetFilter(filter)
			if err != nil {
				log.Fatal(err)
			}
		}

		for {
			packet, err := pcap.Next()
			if err != nil {
				log.Printf("warning: %s", err)
			} else if packet == nil {
				break
			} else {
				if packet.Seconds() < startTime {
					continue
				} else if packet.Seconds() > startTime+duration {
					break
				}
				if dumper == nil {
					dumper, err = libpcap.DumpOpen(pcap, "-")
					if err != nil {
						log.Fatalf("failed top open dumper: %s", err)
					}
				}
				dumper.Dump(packet)
			}
		}

		pcap.Close()

	}

	if dumper != nil {
		dumper.Close()
	}
}