func main() {
flag.Parse()
var handle *pcap.Handle
var err error
if *fname != "" {
if handle, err = pcap.OpenOffline(*fname); err != nil {
log.Fatalln("PCAP OpenOffline error:", err)
}
} else {
if handle, err = pcap.OpenLive(*iface, int32(*snaplen), true, time.Second); err != nil {
log.Fatalln("PCAP OpenLive error:", err)
}
if *tstype != "" {
if t, err := pcap.TimestampSourceFromString(*tstype); err != nil {
log.Fatalf("Supported timestamp types: %v", handle.SupportedTimestamps())
} else if err := handle.SetTimestampSource(t); err != nil {
log.Fatalf("Supported timestamp types: %v", handle.SupportedTimestamps())
}
}
if len(flag.Args()) > 0 {
bpffilter := strings.Join(flag.Args(), " ")
fmt.Fprintf(os.Stderr, "Using BPF filter %q\n", bpffilter)
if err = handle.SetBPFFilter(bpffilter); err != nil {
log.Fatalln("BPF filter error:", err)
}
}
}
dumpcommand.Run(handle)
}
func main() {
runtime.GOMAXPROCS(runtime.NumCPU())
flag.Parse()
logger := log.New(os.Stderr, "ERROR: ", log.Ldate|log.Ltime|log.Lshortfile)
pcap, err := pcap.OpenOffline(*pcapFile)
if err != nil {
fmt.Fprintln(os.Stderr, "error opening pcap file:", err)
os.Exit(1)
}
h := mongocaputils.NewPacketHandler(pcap)
m := mongocaputils.NewMongoOpStream(*packetBufSize)
ch := make(chan struct{})
go func() {
defer close(ch)
for op := range m.Ops {
// TODO: add other op types
if opQuery, ok := op.Op.(*mongoproto.OpQuery); ok {
fbOp := map[string]interface{}{}
fbOp["ns"] = opQuery.FullCollectionName
fbOp["ntoskip"] = opQuery.NumberToSkip
fbOp["ntoreturn"] = opQuery.NumberToReturn
fbOp["ts"] = json.Date(op.Seen.Unix())
query, err := rawBSONToJSON(opQuery.Query)
if err != nil {
logger.Println(err)
if !*continueOnError {
os.Exit(1)
}
}
if strings.HasSuffix(opQuery.FullCollectionName, ".$cmd") {
fbOp["op"] = "command"
fbOp["command"] = query
} else {
fbOp["op"] = "query"
fbOp["query"] = query
}
fbOpStr, err := json.Marshal(fbOp)
if err != nil {
logger.Println(err)
if !*continueOnError {
os.Exit(1)
}
}
fmt.Println(string(fbOpStr))
}
}
}()
if err := h.Handle(m, -1); err != nil {
fmt.Fprintln(os.Stderr, "pcap_converter: error handling packet stream:", err)
}
<-ch
}
func main() {
defer util.Run()()
var handle *pcap.Handle
var err error
// Set up pcap packet capture
if *fname != "" {
log.Printf("Reading from pcap dump %q", *fname)
handle, err = pcap.OpenOffline(*fname)
} else {
log.Printf("Starting capture on interface %q", *iface)
handle, err = pcap.OpenLive(*iface, int32(*snaplen), true, pcap.BlockForever)
}
if err != nil {
log.Fatal(err)
}
if err := handle.SetBPFFilter(*filter); err != nil {
log.Fatal(err)
}
// Set up assembly
streamFactory := &httpStreamFactory{}
streamPool := tcpassembly.NewStreamPool(streamFactory)
assembler := tcpassembly.NewAssembler(streamPool)
log.Println("reading in packets")
// Read in packets, pass to assembler.
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
packets := packetSource.Packets()
ticker := time.Tick(time.Minute)
for {
select {
case packet := <-packets:
// A nil packet indicates the end of a pcap file.
if packet == nil {
return
}
if *logAllPackets {
log.Println(packet)
}
if packet.NetworkLayer() == nil || packet.TransportLayer() == nil || packet.TransportLayer().LayerType() != layers.LayerTypeTCP {
log.Println("Unusable packet")
continue
}
tcp := packet.TransportLayer().(*layers.TCP)
assembler.AssembleWithTimestamp(packet.NetworkLayer().NetworkFlow(), tcp, packet.Metadata().Timestamp)
case <-ticker:
// Every minute, flush connections that haven't seen activity in the past 2 minutes.
assembler.FlushOlderThan(time.Now().Add(time.Minute * -2))
}
}
}
func main() {
APList = make(map[string]AP)
log.Println("Starting deauth-demo")
//handle, err := pcap.OpenLive("em1", 1600, true, 0)
handle, err := pcap.OpenOffline("/home/iniuser/Downloads/bssidcap.pcapng")
if err != nil {
log.Fatal("Error starting capture:", err)
}
err = handle.SetBPFFilter("(type mgt subtype beacon) or (type mgt subtype probe-req)")
if err != nil {
log.Fatal("Error setting bpf:", err)
}
source := gopacket.NewPacketSource(handle, handle.LinkType())
for packet := range source.Packets() {
if errPack := packet.ErrorLayer(); errPack != nil {
log.Println("Packet could not be decoded:", errPack)
}
handlePacket(packet)
}
log.Println(APList)
}
func main() {
flag.Parse()
var handle *pcap.Handle
var err error
if *fname != "" {
if handle, err = pcap.OpenOffline(*fname); err != nil {
log.Fatalln("PCAP OpenOffline error:", err)
}
} else {
if handle, err = pcap.OpenLive(*iface, int32(*snaplen), true, time.Second); err != nil {
log.Fatalln("PCAP OpenLive error:", err)
}
if len(flag.Args()) > 0 {
bpffilter := strings.Join(flag.Args(), " ")
fmt.Fprintf(os.Stderr, "Using BPF filter %q\n", bpffilter)
if err = handle.SetBPFFilter(bpffilter); err != nil {
log.Fatalln("BPF filter error:", err)
}
}
}
dumpcommand.Run(handle)
}
//startCapture captures all packets on any interface for an unlimited duration.
//Packets can be filtered by a BPF filter string. (E.g. tcp port 22)
func capture(snaplen int32, quit chan bool, captureReady chan bool, pcapFile string) error {
var handle *pcap.Handle
var err error
if pcapFile != "" {
log.Println("Reading packet loss data from pcap-file:", pcapFile)
handle, err = pcap.OpenOffline(pcapFile)
} else {
//https://godoc.org/code.google.com/p/gopacket/pcap
//This might have been the culprit
//Alternative to try: 250*time.Millisecond
handle, err = pcap.OpenLive("any", snaplen, true, 250*time.Millisecond)
}
if err != nil {
log.Println("Error while start capturing packets", err)
return err
}
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
captureReady <- true
for {
select {
case packet := <-packetSource.Packets():
if packet != nil {
if packet.Layer(layers.LayerTypeIPSecESP) != nil {
putChannel(packet, ipSecChannel)
}
if packet.Layer(layers.LayerTypeICMPv4) != nil {
putChannel(packet, icmpChannel)
}
}
case <-quit:
log.Println("Received quit message, stopping Listener.")
return nil
}
}
}
func main() {
if handle, err := pcap.OpenOffline("test.pcap"); err != nil {
panic(err)
} else {
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
for packet := range packetSource.Packets() {
//spew.Dump(packet.ApplicationLayer().Payload())
payload := packet.ApplicationLayer().Payload()
var p TLSHandshakeDecoder.TLSRecordLayer
// decode record layer
err = TLSHandshakeDecoder.DecodeRecord(&p, payload)
if err != nil {
panic(err)
} else {
// decode handshake
//spew.Dump(p)
var ph TLSHandshakeDecoder.TLSHandshake
err = TLSHandshakeDecoder.TLSDecodeHandshake(&ph, p.Fragment)
if err != nil {
panic(err)
} else {
// decode client hello packet
//spew.Dump(ph)
var pch TLSHandshakeDecoder.TLSClientHello
err = TLSHandshakeDecoder.TLSDecodeClientHello(&pch, ph.Body)
if err != nil {
panic(err)
} else {
//fmt.Printf("%#v\n", pch)
spew.Dump(pch)
}
}
}
//return
}
}
}
func main() {
flag.Parse()
filename := os.TempDir() + string(os.PathSeparator) + "gopacket_benchmark.pcap"
if _, err := os.Stat(filename); err != nil {
// This URL points to a publicly available packet data set from a DARPA
// intrusion detection evaluation. See
// http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/1999/training/week1/index.html
// for more details.
fmt.Println("Local pcap file", filename, "doesn't exist, reading from", *url)
if resp, err := http.Get(*url); err != nil {
panic(err)
} else if out, err := os.Create(filename); err != nil {
panic(err)
} else if gz, err := gzip.NewReader(resp.Body); err != nil {
panic(err)
} else if n, err := io.Copy(out, gz); err != nil {
panic(err)
} else if err := gz.Close(); err != nil {
panic(err)
} else if err := out.Close(); err != nil {
panic(err)
} else {
fmt.Println("Successfully read", n, "bytes from url, unzipped to local storage")
}
}
fmt.Println("Reading file once through to hopefully cache most of it")
if f, err := os.Open(filename); err != nil {
panic(err)
} else if n, err := io.Copy(ioutil.Discard, f); err != nil {
panic(err)
} else if err := f.Close(); err != nil {
panic(err)
} else {
fmt.Println("Read in file", filename, ", total of", n, "bytes")
}
if *cpuProfile != "" {
if cpu, err := os.Create(*cpuProfile); err != nil {
panic(err)
} else if err := pprof.StartCPUProfile(cpu); err != nil {
panic(err)
} else {
defer func() {
pprof.StopCPUProfile()
cpu.Close()
}()
}
}
var packetDataSource *BufferPacketSource
var packetSource *gopacket.PacketSource
fmt.Printf("Opening file %q for read\n", filename)
if h, err := pcap.OpenOffline(filename); err != nil {
panic(err)
} else {
fmt.Println("Reading all packets into memory with BufferPacketSource.")
start := time.Now()
packetDataSource = NewBufferPacketSource(h)
duration := time.Since(start)
fmt.Printf("Time to read packet data into memory from file: %v\n", duration)
packetSource = gopacket.NewPacketSource(packetDataSource, h.LinkType())
packetSource.DecodeOptions.Lazy = *decodeLazy
packetSource.DecodeOptions.NoCopy = *decodeNoCopy
}
fmt.Println()
for i := 0; i < *repeat; i++ {
packetDataSource.Reset()
fmt.Printf("Benchmarking decode %d/%d\n", i+1, *repeat)
benchmarkPacketDecode(packetSource)
}
fmt.Println()
for i := 0; i < *repeat; i++ {
packetDataSource.Reset()
fmt.Printf("Benchmarking decoding layer parser %d/%d\n", i+1, *repeat)
benchmarkLayerDecode(packetDataSource, false)
}
fmt.Println()
for i := 0; i < *repeat; i++ {
packetDataSource.Reset()
fmt.Printf("Benchmarking decoding layer parser with assembly %d/%d\n", i+1, *repeat)
benchmarkLayerDecode(packetDataSource, true)
}
}
func main() {
flag.Parse()
filename := os.TempDir() + string(os.PathSeparator) + "gopacket_benchmark.pcap"
if _, err := os.Stat(filename); err != nil {
// This URL points to a publicly available packet data set from a DARPA
// intrusion detection evaluation. See
// http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/1999/training/week1/index.html
// for more details.
fmt.Println("Local pcap file", filename, "doesn't exist, reading from", *url)
if resp, err := http.Get(*url); err != nil {
panic(err)
} else if out, err := os.Create(filename); err != nil {
panic(err)
} else if gz, err := gzip.NewReader(resp.Body); err != nil {
panic(err)
} else if n, err := io.Copy(out, gz); err != nil {
panic(err)
} else if err := gz.Close(); err != nil {
panic(err)
} else if err := out.Close(); err != nil {
panic(err)
} else {
fmt.Println("Successfully read", n, "bytes from url, unzipped to local storage")
}
}
fmt.Println("Reading file once through to hopefully cache most of it")
if f, err := os.Open(filename); err != nil {
panic(err)
} else if n, err := io.Copy(ioutil.Discard, f); err != nil {
panic(err)
} else if err := f.Close(); err != nil {
panic(err)
} else {
fmt.Println("Read in file", filename, ", total of", n, "bytes")
}
if *cpuProfile != "" {
if cpu, err := os.Create(*cpuProfile); err != nil {
panic(err)
} else if err := pprof.StartCPUProfile(cpu); err != nil {
panic(err)
} else {
defer func() {
pprof.StopCPUProfile()
cpu.Close()
}()
}
}
var packetDataSource *BufferPacketSource
var packetSource *gopacket.PacketSource
fmt.Printf("Opening file %q for read\n", filename)
if h, err := pcap.OpenOffline(filename); err != nil {
panic(err)
} else {
fmt.Println("Reading all packets into memory with BufferPacketSource.")
start := time.Now()
packetDataSource = NewBufferPacketSource(h)
duration := time.Since(start)
fmt.Printf("Time to read packet data into memory from file: %v\n", duration)
packetSource = gopacket.NewPacketSource(packetDataSource, h.LinkType())
packetSource.DecodeOptions.Lazy = *decodeLazy
packetSource.DecodeOptions.NoCopy = *decodeNoCopy
}
for i := 0; i < *repeat; i++ {
packetDataSource.Reset()
count, errors := 0, 0
runtime.GC()
fmt.Printf("Benchmarking decode %d/%d\n", i+1, *repeat)
start := time.Now()
for packet, err := packetSource.NextPacket(); err != io.EOF; packet, err = packetSource.NextPacket() {
if err != nil {
fmt.Println("Error reading in packet:", err)
}
count++
var hasError bool
if *printErrors && packet.ErrorLayer() != nil {
fmt.Println("\n\n\nError decoding packet:", packet.ErrorLayer().Error())
fmt.Println(hex.Dump(packet.Data()))
fmt.Printf("%#v\n", packet.Data())
errors++
hasError = true
}
if *printLayers || hasError {
fmt.Printf("\n=== PACKET %d ===\n", count)
for _, l := range packet.Layers() {
fmt.Printf("--- LAYER %v ---\n%#v\n\n", l.LayerType(), l)
}
fmt.Println()
}
}
duration := time.Since(start)
fmt.Printf("\tRead in %v packets in %v, %v per packet\n", count, duration, duration/time.Duration(count))
if *printErrors {
fmt.Printf("%v errors, successfully decoded %.02f%%\n", errors, float64(count-errors)*100.0/float64(count))
}
}
}