func addHandler(h *pcap.Pcap, dumper *pcap.PcapDumper) { c := make(chan os.Signal, 1) signal.Notify(c, os.Interrupt) go func() { for sig := range c { fmt.Fprintln(os.Stderr, "tcpdump: received signal:", sig) if os.Interrupt == sig { h.PcapDumpClose(dumper) h.Close() os.Exit(1) } } }() }
func main() { var ( pc *pcap.Pcap err error ) devloop: for _, device := range []string{"bond0", "eth2", "en0", "any"} { devs, errx := pcap.FindAllDevs() if errx != "" { log.Fatalf("%v", errx) } for _, dev := range devs { if dev.Name == device { pc, err = pcap.OpenLive(device, 8192, false, 1000) if err == nil { break devloop } } } } if err != nil { log.Fatalf("%v", err) } if err = pc.SetFilter("udp and dst port 53"); err != nil { log.Fatalf("%v", err) } lock := &sync.Mutex{} ss := &spacesaving.Rate{} ss.Init(4096, 60*time.Second) go Poller(lock, ss, pc) for pkt, r := pc.NextEx(); r >= 0; pkt, r = pc.NextEx() { if r == 0 { continue } pkt.Decode() var msg dns.Msg if err := safeParse(&msg, pkt.Payload); err != nil { fmt.Printf("err %v\n", err) continue } qname := strings.ToLower(msg.Question[0].Name) if len(qname) > 0 { qname = qname[:len(qname)-1] } lock.Lock() ss.Touch(qname, pkt.Time) lock.Unlock() } fmt.Printf("Done\n") }
func main() { flag.Parse() args := flag.Args() if len(args) > 0 { cfg.command = args[0] } var handle *pcap.Pcap var err error Log = log.New(os.Stderr, "CATTP", log.Flags()) // Set filter command for libpcap if len(args) > 1 { cfg.filter = args[1] } if len(cfg.device) > 0 { Log.Printf("Opening device: %s", cfg.device) handle, err = pcap.OpenLive(cfg.device, int32(cfg.snaplen), true, 1000) } else if len(cfg.infile) > 0 { handle, err = pcap.OpenOffline(cfg.infile) } else { printUsage("No source given.") } if len(cfg.filter) > 0 { handle.SetFilter(cfg.filter) } if err != nil { Log.Fatalf("Failed to open source: %s", err) } //TODO: Fix this ugly condition for file end detection. for x := handle.Next(); len(cfg.infile) > 0 && x != nil; x = handle.Next() { if x != nil { func(p *pcap.Packet) { defer func() { if r := recover(); r != nil { Log.Printf("Could not decode packet: %s \n %s", r, p) } }() p.Decode() // Decode pcap packet if cp, err := NewPacket(p); err == nil { fmt.Println(cp) if cfg.hexlog { fmt.Println(hex.Dump(cp.Raw())) } } }(x) } } }
func Poller(lock *sync.Mutex, ss *spacesaving.Rate, pc *pcap.Pcap) { w := bufio.NewWriter(os.Stdout) for _ = range time.Tick(3 * time.Second) { stat, _ := pc.Getstats() lock.Lock() fmt.Fprintf(w, "\033c") elements := ss.GetAll(time.Now()) for i, e := range elements { fmt.Fprintf(w, "%60s\t%f\t%f\n", e.Key, e.LoRate, e.HiRate) if i > 40 { break } } fmt.Fprintf(w, "\n") fmt.Fprintf(w, "received:%v dropped:%v/%v (software/interface)\n", stat.PacketsReceived, stat.PacketsDropped, stat.PacketsIfDropped) w.Flush() lock.Unlock() } }
func main() { var device *string = flag.String("d", "", "device") var file *string = flag.String("r", "", "file") var expr *string = flag.String("e", "", "filter expression") flag.Parse() var h *pcap.Pcap ifs, err := pcap.FindAllDevs() if len(ifs) == 0 { fmt.Printf("Warning: no devices found : %s\n", err) } else { for i := 0; i < len(ifs); i++ { fmt.Printf("dev %d: %s (%s)\n", i+1, ifs[i].Name, ifs[i].Description) } } if *device != "" { h, err = pcap.OpenLive(*device, 65535, true, 0) if h == nil { fmt.Printf("OpenLive(%s) failed: %s\n", *device, err) return } } else if *file != "" { h, err = pcap.OpenOffline(*file) if h == nil { fmt.Printf("Openoffline(%s) failed: %s\n", *file, err) return } } else { fmt.Printf("usage: pcaptest [-d <device> | -r <file>]\n") return } fmt.Printf("pcap version: %s\n", pcap.Version()) if *expr != "" { fmt.Printf("Setting filter: %s\n", *expr) err := h.SetFilter(*expr) if err != nil { fmt.Printf("Warning: setting filter failed: %s\n", err) } } for pkt := h.Next(); pkt != nil; pkt = h.Next() { fmt.Printf("time: %d.%06d (%s) caplen: %d len: %d\nData:", int64(pkt.Time.Second()), int64(pkt.Time.Nanosecond()), time.Unix(int64(pkt.Time.Second()), 0).String(), int64(pkt.Caplen), int64(pkt.Len)) for i := uint32(0); i < pkt.Caplen; i++ { if i%32 == 0 { fmt.Printf("\n") } if 32 <= pkt.Data[i] && pkt.Data[i] <= 126 { fmt.Printf("%c", pkt.Data[i]) } else { fmt.Printf(".") } } fmt.Printf("\n\n") } }