func main() {
flag.Parse()
gui.InitGui(*guiPath)
handle, err := pcap.OpenLive(*device, int32(*maxQueryLen)+5, true, time.Second)
defer handle.Close()
if err != nil {
log.Fatal(err)
}
handle.SetBPFFilter(*BPFFilter)
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
var (
ipLayer *layers.IPv4
tcpLayer *layers.TCP
ok bool
)
for packet := range packetSource.Packets() {
if applicationLayer := packet.ApplicationLayer(); applicationLayer != nil {
playload := applicationLayer.Payload()
//LogConsole("yellow", packet.Dump())
if ipLayer, ok = packet.Layer(layers.LayerTypeIPv4).(*layers.IPv4); !ok {
continue
}
if tcpLayer, ok = packet.Layer(layers.LayerTypeTCP).(*layers.TCP); !ok {
continue
}
length := int(playload[0]) | int(playload[1])<<8 | int(playload[2])<<16
m := ParserMessage([]byte(playload))
if m != nil {
if m.IsRequest {
from := fmt.Sprintf("%s%d:%s%d\n", ipLayer.SrcIP, tcpLayer.SrcPort, ipLayer.DstIP, tcpLayer.DstPort)
LogConsole("blue", "Request "+fmt.Sprintf("%s:%d >> %s:%d", ipLayer.SrcIP, tcpLayer.SrcPort, ipLayer.DstIP, tcpLayer.DstPort))
if *queryFilter == "" || bytes.Contains(bytes.ToLower(playload[5:length+4]), bytes.ToLower([]byte(*queryFilter))) {
queries[from] = query{
from: fmt.Sprintf("%s", ipLayer.SrcIP),
to: fmt.Sprintf("%s", ipLayer.DstIP),
query: string(m.Query),
start: packet.Metadata().Timestamp,
}
}
} else {
from := fmt.Sprintf("%s%d:%s%d\n", ipLayer.DstIP, tcpLayer.DstPort, ipLayer.SrcIP, tcpLayer.SrcPort)
LogConsole("pink", "Response "+fmt.Sprintf("%s:%d << %s:%d", ipLayer.DstIP, tcpLayer.DstPort, ipLayer.SrcIP, tcpLayer.SrcPort))
if query, found := queries[from]; found {
queryTime := packet.Metadata().Timestamp.Sub(query.start)
if *slowQueryTime == 0 || queryTime.Nanoseconds() > *slowQueryTime*1000000 {
gui.AllQueries.Add(query.from, query.to, query.query, query.start, queryTime)
// fmt.Printf("-[ QUERY %f s]-:\n%s\n\n\n", queryTime.Seconds(), query.query)
}
delete(queries, from)
}
}
LogConsole("green", "IsRequest: ", m.IsRequest)
LogConsole("green", "NumberOfRows: ", m.NumberOfRows)
LogConsole("green", "Size: ", m.Size)
LogConsole("green", "Fields: ", m.Fields)
LogConsole("green", "Tables: ", m.Tables)
LogConsole("green", "IsOK: ", m.IsOK)
LogConsole("green", "Query: ", m.Query)
LogConsole("green", "Rows: ", m.Rows)
LogConsole("green", "Direction: ", m.Direction)
LogConsole("green", "Raw: ", m.Raw)
LogConsole("green", "Notes: ", m.Notes)
} else {
LogConsole("red", "Not Mysql packet")
}
}
}
}
func main() {
flag.Parse()
gui.InitGui(*guiPath)
handle, err := pcap.OpenLive(*device, int32(*maxQueryLen)+5, true, time.Second)
defer handle.Close()
if err != nil {
log.Fatal(err)
}
handle.SetBPFFilter(*BPFFilter)
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
var (
ipLayer *layers.IPv4
tcpLayer *layers.TCP
ok bool
)
for packet := range packetSource.Packets() {
if applicationLayer := packet.ApplicationLayer(); applicationLayer != nil {
if ipLayer, ok = packet.Layer(layers.LayerTypeIPv4).(*layers.IPv4); !ok {
continue
}
if tcpLayer, ok = packet.Layer(layers.LayerTypeTCP).(*layers.TCP); !ok {
continue
}
playload := applicationLayer.Payload()
if len(playload) < 5 {
continue
}
length := int(playload[0]) | int(playload[1])<<8 | int(playload[2])<<16
if length > len(playload)-4 {
continue
}
// говнокодищще!!
switch uint8(playload[4]) {
case 3:
from := fmt.Sprintf("%s%d:%s%d\n", ipLayer.SrcIP, tcpLayer.SrcPort, ipLayer.DstIP, tcpLayer.DstPort)
if *queryFilter == "" || bytes.Contains(bytes.ToLower(playload[5:length+4]), bytes.ToLower([]byte(*queryFilter))) {
queries[from] = query{
query: string(playload[5 : length+4]),
start: packet.Metadata().Timestamp,
}
}
default:
from := fmt.Sprintf("%s%d:%s%d\n", ipLayer.DstIP, tcpLayer.DstPort, ipLayer.SrcIP, tcpLayer.SrcPort)
if query, found := queries[from]; found {
queryTime := packet.Metadata().Timestamp.Sub(query.start)
if *slowQueryTime == 0 || queryTime.Nanoseconds() > *slowQueryTime*1000000 {
gui.AllQueries.Add(query.query, query.start, queryTime)
// fmt.Printf("-[ QUERY %f s]-:\n%s\n\n\n", queryTime.Seconds(), query.query)
}
delete(queries, from)
}
}
}
}
}