/
tcpdump.go
66 lines (54 loc) · 1.37 KB
/
tcpdump.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
package main
import (
"pcap"
"fmt"
"os"
"flag"
)
var device *string
var snaplen *int
var hexdump *bool
var expr string
var offlinefn *string
var writefile *string
func init(){
device = flag.String("i", "eth0", "interface")
snaplen = flag.Int("s", 65535, "snaplen")
hexdump = flag.Bool("X", false, "hexdump")
offlinefn = flag.String("r", "", "the tcpdump file to open")
writefile = flag.String("w", "", "the tcpdump filename to write")
flag.Usage = func() {
fmt.Printf("usage: %s [ -i interface ] [ -f dumpfile ] [ -s snaplen ] [ -X ] [ expression ]\n", os.Args[0])
flag.PrintDefaults()
}
flag.Parse()
if (len(flag.Args()) > 0) {
expr = flag.Arg(0)
}
}
func main() {
var h *pcap.Pcap
var err string
var dumper *pcap.PcapDumper
if *offlinefn == "" {
h, err = pcap.Openlive(*device, 1500, true, 0)
}else{
h, err = pcap.Openoffline(*offlinefn)
}
if *writefile != "" {
dumper = pcap.NewPcapDumper(h,*writefile)
}
if h == nil {
fmt.Printf("Warning: no devices found : %s\n", err)
os.Exit(-1)
}
h.Setfilter(expr)
for pkt := h.Next(); pkt != nil; pkt = h.Next() {
packet := pcap.DecodeEthernetPkt(pkt)
if dumper==nil {
pcap.PrintDecodedPkt(packet)
}else{
dumper.Dump(packet.PcapPktHdr)
}
}
}