예제 #1
0
파일: tcpdump.go 프로젝트: tonistiigi/pcap
func addHandler(h *pcap.Pcap, dumper *pcap.PcapDumper) {
	c := make(chan os.Signal, 1)
	signal.Notify(c, os.Interrupt)
	go func() {
		for sig := range c {
			fmt.Fprintln(os.Stderr, "tcpdump: received signal:", sig)
			if os.Interrupt == sig {
				h.PcapDumpClose(dumper)
				h.Close()
				os.Exit(1)
			}
		}
	}()
}
예제 #2
0
func main() {
	var (
		pc  *pcap.Pcap
		err error
	)
devloop:
	for _, device := range []string{"bond0", "eth2", "en0", "any"} {
		devs, errx := pcap.FindAllDevs()
		if errx != "" {
			log.Fatalf("%v", errx)
		}
		for _, dev := range devs {
			if dev.Name == device {
				pc, err = pcap.OpenLive(device, 8192, false, 1000)
				if err == nil {
					break devloop
				}
			}
		}
	}

	if err != nil {
		log.Fatalf("%v", err)
	}

	if err = pc.SetFilter("udp and dst port 53"); err != nil {
		log.Fatalf("%v", err)
	}

	lock := &sync.Mutex{}
	ss := &spacesaving.Rate{}
	ss.Init(4096, 60*time.Second)

	go Poller(lock, ss, pc)

	for pkt, r := pc.NextEx(); r >= 0; pkt, r = pc.NextEx() {
		if r == 0 {
			continue
		}
		pkt.Decode()
		var msg dns.Msg
		if err := safeParse(&msg, pkt.Payload); err != nil {
			fmt.Printf("err %v\n", err)
			continue
		}

		qname := strings.ToLower(msg.Question[0].Name)
		if len(qname) > 0 {
			qname = qname[:len(qname)-1]
		}

		lock.Lock()
		ss.Touch(qname, pkt.Time)
		lock.Unlock()
	}

	fmt.Printf("Done\n")
}
예제 #3
0
파일: cmd.go 프로젝트: sebkl/CAT_TP
func main() {
	flag.Parse()
	args := flag.Args()

	if len(args) > 0 {
		cfg.command = args[0]
	}

	var handle *pcap.Pcap
	var err error

	Log = log.New(os.Stderr, "CATTP", log.Flags())

	// Set filter command for libpcap
	if len(args) > 1 {
		cfg.filter = args[1]
	}

	if len(cfg.device) > 0 {
		Log.Printf("Opening device: %s", cfg.device)
		handle, err = pcap.OpenLive(cfg.device, int32(cfg.snaplen), true, 1000)
	} else if len(cfg.infile) > 0 {
		handle, err = pcap.OpenOffline(cfg.infile)
	} else {
		printUsage("No source given.")
	}

	if len(cfg.filter) > 0 {
		handle.SetFilter(cfg.filter)
	}

	if err != nil {
		Log.Fatalf("Failed to open source: %s", err)
	}

	//TODO: Fix this ugly condition for file end detection.
	for x := handle.Next(); len(cfg.infile) > 0 && x != nil; x = handle.Next() {
		if x != nil {
			func(p *pcap.Packet) {
				defer func() {
					if r := recover(); r != nil {
						Log.Printf("Could not decode packet: %s \n %s", r, p)
					}
				}()

				p.Decode() // Decode pcap packet
				if cp, err := NewPacket(p); err == nil {
					fmt.Println(cp)
					if cfg.hexlog {
						fmt.Println(hex.Dump(cp.Raw()))
					}
				}
			}(x)
		}
	}
}
예제 #4
0
func Poller(lock *sync.Mutex, ss *spacesaving.Rate, pc *pcap.Pcap) {
	w := bufio.NewWriter(os.Stdout)

	for _ = range time.Tick(3 * time.Second) {
		stat, _ := pc.Getstats()

		lock.Lock()
		fmt.Fprintf(w, "\033c")
		elements := ss.GetAll(time.Now())
		for i, e := range elements {
			fmt.Fprintf(w, "%60s\t%f\t%f\n", e.Key, e.LoRate, e.HiRate)
			if i > 40 {
				break
			}
		}
		fmt.Fprintf(w, "\n")
		fmt.Fprintf(w, "received:%v  dropped:%v/%v (software/interface)\n",
			stat.PacketsReceived, stat.PacketsDropped, stat.PacketsIfDropped)
		w.Flush()
		lock.Unlock()
	}
}
예제 #5
0
func main() {
	var device *string = flag.String("d", "", "device")
	var file *string = flag.String("r", "", "file")
	var expr *string = flag.String("e", "", "filter expression")

	flag.Parse()

	var h *pcap.Pcap

	ifs, err := pcap.FindAllDevs()
	if len(ifs) == 0 {
		fmt.Printf("Warning: no devices found : %s\n", err)
	} else {
		for i := 0; i < len(ifs); i++ {
			fmt.Printf("dev %d: %s (%s)\n", i+1, ifs[i].Name, ifs[i].Description)
		}
	}

	if *device != "" {
		h, err = pcap.OpenLive(*device, 65535, true, 0)
		if h == nil {
			fmt.Printf("OpenLive(%s) failed: %s\n", *device, err)
			return
		}
	} else if *file != "" {
		h, err = pcap.OpenOffline(*file)
		if h == nil {
			fmt.Printf("Openoffline(%s) failed: %s\n", *file, err)
			return
		}
	} else {
		fmt.Printf("usage: pcaptest [-d <device> | -r <file>]\n")
		return
	}

	fmt.Printf("pcap version: %s\n", pcap.Version())

	if *expr != "" {
		fmt.Printf("Setting filter: %s\n", *expr)
		err := h.SetFilter(*expr)
		if err != nil {
			fmt.Printf("Warning: setting filter failed: %s\n", err)
		}
	}

	for pkt := h.Next(); pkt != nil; pkt = h.Next() {
		fmt.Printf("time: %d.%06d (%s) caplen: %d len: %d\nData:",
			int64(pkt.Time.Second()), int64(pkt.Time.Nanosecond()),
			time.Unix(int64(pkt.Time.Second()), 0).String(), int64(pkt.Caplen), int64(pkt.Len))
		for i := uint32(0); i < pkt.Caplen; i++ {
			if i%32 == 0 {
				fmt.Printf("\n")
			}
			if 32 <= pkt.Data[i] && pkt.Data[i] <= 126 {
				fmt.Printf("%c", pkt.Data[i])
			} else {
				fmt.Printf(".")
			}
		}
		fmt.Printf("\n\n")
	}

}