func main() {
var h *pcap.Pcap
var err string
var dumper *pcap.PcapDumper
if *offlinefn == "" {
h, err = pcap.Openlive(*device, 1500, true, 0)
} else {
h, err = pcap.Openoffline(*offlinefn)
}
if *writefile != "" {
dumper = pcap.NewPcapDumper(h, *writefile)
}
if h == nil {
fmt.Printf("Warning: no devices found : %s\n", err)
os.Exit(-1)
}
h.Setfilter(expr)
for pkt := h.Next(); pkt != nil; pkt = h.Next() {
packet := pcap.DecodeEthernetPkt(pkt)
if dumper == nil {
pcap.PrintDecodedPkt(packet)
} else {
dumper.Dump(packet.PcapPktHdr)
}
}
}
func main() {
var device *string = flag.String("i", "", "interface")
var snaplen *int = flag.Int("s", 65535, "snaplen")
var hexdump *bool = flag.Bool("X", false, "hexdump")
expr := ""
out = bufio.NewWriter(os.Stdout)
errout = bufio.NewWriter(os.Stderr)
flag.Usage = func() {
fmt.Fprintf(errout, "usage: %s [ -i interface ] [ -s snaplen ] [ -X ] [ expression ]\n", os.Args[0])
os.Exit(1)
}
flag.Parse()
if len(flag.Args()) > 0 {
expr = flag.Arg(0)
}
if *device == "" {
devs, err := pcap.Findalldevs()
if err != "" {
fmt.Fprintf(errout, "tcpdump: couldn't find any devices: %s\n", err)
}
if 0 == len(devs) {
flag.Usage()
}
*device = devs[0].Name
}
h, err := pcap.Openlive(*device, int32(*snaplen), true, 0)
if h == nil {
fmt.Fprintf(errout, "tcpdump: %s\n", err)
errout.Flush()
return
}
if expr != "" {
ferr := h.Setfilter(expr)
if ferr != "" {
fmt.Fprintf(out, "tcpdump: %s\n", ferr)
out.Flush()
}
}
for pkt := h.Next(); pkt != nil; pkt = h.Next() {
Printpacket(pkt)
if *hexdump {
Hexdump(pkt)
}
out.Flush()
}
}
func main() {
var port *int = flag.Int("P", 3306, "MySQL port to use")
var eth *string = flag.String("i", "eth0", "Interface to sniff")
var snaplen *int = flag.Int("s", 1024, "Bytes of each packet to sniff")
var dirty *bool = flag.Bool("u", false, "Unsanitized -- do not canonicalize queries")
var binary *bool = flag.Bool("b", false, "Output binary -- do not escape binary in queries")
var period *int = flag.Int("t", 10, "Seconds between outputting status")
var displaycount *int = flag.Int("d", 25, "Display this many queries in status updates")
var verbose *bool = flag.Bool("v", false, "Print every query received (spammy)")
flag.Parse()
log.SetPrefix("")
log.SetFlags(0)
log.Printf("Initializing MySQL sniffing on %s:%d...", *eth, *port)
iface, err := pcap.Openlive(*eth, int32(*snaplen), false, 0)
if iface == nil || err != nil {
msg := "unknown error"
if err != nil {
msg = err.Error()
}
log.Fatalf("Failed to open device: %s", msg)
}
err = iface.Setfilter(fmt.Sprintf("tcp dst port %d", *port))
if err != nil {
log.Fatalf("Failed to set port filter: %s", err.Error())
}
last := UnixNow()
var pkt *pcap.Packet = nil
var rv int32 = 0
for rv = 0; rv >= 0; {
for pkt, rv = iface.NextEx(); pkt != nil; pkt, rv = iface.NextEx() {
handlePacket(pkt, *dirty, *binary, *verbose)
// simple output printer... this should be super fast since we expect that a
// system like this will have relatively few unique queries once they're
// canonicalized.
if !*verbose && querycount%100 == 0 && last < UnixNow()-int64(*period) {
last = UnixNow()
handleStatusUpdate(*displaycount)
}
}
}
}
func create_reader() *pcap.Pcap {
var pcapreader *pcap.Pcap
var err error
if CONFIG["device"] != "" {
pcapreader, err = pcap.Openlive(CONFIG["device"], 65535, true, 0)
if err != nil {
fmt.Printf("Openlive(%s) failed: %s\n", CONFIG["device"], err)
os.Exit(1)
}
} else if CONFIG["filename"] != "" {
pcapreader, err = pcap.Openoffline(CONFIG["filename"])
if err != nil {
fmt.Printf("Openoffline(%s) failed: %s\n", CONFIG["filename"], err)
os.Exit(2)
}
} else {
fmt.Printf("usage: pcaptest [-i <iface> | -r <pcap file>]\n")
os.Exit(3)
}
return pcapreader
}
func main() {
var device *string = flag.String("d", "", "device")
var file *string = flag.String("r", "", "file")
var expr *string = flag.String("e", "", "filter expression")
flag.Parse()
var h *pcap.Pcap
var err string
ifs, err := pcap.Findalldevs()
if len(ifs) == 0 {
fmt.Printf("Warning: no devices found : %s\n", err)
} else {
for i := 0; i < len(ifs); i++ {
fmt.Printf("dev %d: %s (%s)\n", i+1, ifs[i].Name, ifs[i].Description)
}
}
if *device != "" {
h, err = pcap.Openlive(*device, 65535, true, 0)
if h == nil {
fmt.Printf("Openlive(%s) failed: %s\n", *device, err)
return
}
} else if *file != "" {
h, err = pcap.Openoffline(*file)
if h == nil {
fmt.Printf("Openoffline(%s) failed: %s\n", *file, err)
return
}
} else {
fmt.Printf("usage: pcaptest [-d <device> | -r <file>]\n")
return
}
fmt.Printf("pcap version: %s\n", pcap.Version())
if *expr != "" {
fmt.Printf("Setting filter: %s\n", *expr)
err := h.Setfilter(*expr)
if err != "" {
fmt.Printf("Warning: setting filter failed: %s\n", err)
}
}
for pkt := h.Next(); pkt != nil; pkt = h.Next() {
fmt.Printf("time: %d.%06d (%s) caplen: %d len: %d\nData:",
int64(pkt.Time.Sec), int64(pkt.Time.Usec),
time.SecondsToLocalTime(int64(pkt.Time.Sec)).String(), int64(pkt.Caplen), int64(pkt.Len))
for i := uint32(0); i < pkt.Caplen; i++ {
if i%32 == 0 {
fmt.Printf("\n")
}
if 32 <= pkt.Data[i] && pkt.Data[i] <= 126 {
fmt.Printf("%c", pkt.Data[i])
} else {
fmt.Printf(".")
}
}
fmt.Printf("\n\n")
}
}
