• golang gopacket网络抓包和分析


    gopacket 是golang语言使用的网络数据抓取和分析的工具包。
    本文简单介绍如何使用gopacket进行网络抓包。

    下载gopacket

    # go get git@github.com:google/gopacket.git
    

    Demo

    代码中,抓取与端口3306相关的数据,也就是mysql通信数据。

    package main
    
    import(
    	"fmt"
    	"net"
    	"strings"
    
    	"github.com/google/gopacket"
    	"github.com/google/gopacket/layers"
    	"github.com/google/gopacket/pcap"
    )
    
    func main() {
    
    	fmt.Println("packet start...")
    
    	deviceName := "eth0" 
    	snapLen := int32(65535)
    	port := uint16(3306)
    	filter := getFilter(port) 
    	fmt.Printf("device:%v, snapLen:%v, port:%v
    ", deviceName, snapLen, port)
    	fmt.Println("filter:", filter)
    
    	//打开网络接口,抓取在线数据
    	handle, err := pcap.OpenLive(deviceName, snapLen, true, pcap.BlockForever)
    	if err != nil {
    		fmt.Printf("pcap open live failed: %v", err)
    		return
    	}
    
    	// 设置过滤器
    	if err := handle.SetBPFFilter(filter); err != nil {
    		fmt.Printf("set bpf filter failed: %v", err)
    		return
    	}
    	defer handle.Close()
    
    	// 抓包
    	packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
    	packetSource.NoCopy = true
    	for packet := range packetSource.Packets() {
    		if packet.NetworkLayer() == nil || packet.TransportLayer() == nil || packet.TransportLayer().LayerType() != layers.LayerTypeTCP {
    			fmt.Println("unexpected packet")
    			continue
    		}
    		
    		fmt.Printf("packet:%v
    ",packet)
    
    		// tcp 层
    		tcp := packet.TransportLayer().(*layers.TCP)
    		fmt.Printf("tcp:%v
    ", tcp)		
    		// tcp payload,也即是tcp传输的数据
    		fmt.Printf("tcp payload:%v
    ", tcp.Payload)
    	}
    }
    
    //定义过滤器
    func getFilter(port uint16) string {
     	filter := fmt.Sprintf("tcp and ((src port %v) or (dst port %v))",  port, port)
    	return filter
    }
    

    抓取到的数据包

    packet start...
    device:lo0, snapLen:65535, port:3306
    filter: tcp and ((src port 3306) or (dst port 3306))
    
    packet:PACKET: 75 bytes, wire length 75 cap length 75 @ 2018-10-20 11:13:00.106452 +0800 CST
    - Layer 1 (04 bytes) = Loopback	{Contents=[2, 0, 0, 0] Payload=[..71..] Family=IPv4}
    - Layer 2 (20 bytes) = IPv4	{Contents=[..20..] Payload=[..51..] Version=4 IHL=5 TOS=0 Length=71 Id=0 Flags=DF FragOffset=0 TTL=64 Protocol=TCP Checksum=0 SrcIP=172.16.1.103 DstIP=172.16.1.103 Options=[] Padding=[]}
    - Layer 3 (32 bytes) = TCP	{Contents=[..32..] Payload=[..19..] SrcPort=50351 DstPort=3306(mysql) Seq=110592366 Ack=3116315438 DataOffset=8 FIN=false SYN=false RST=false PSH=true ACK=true URG=false ECE=false CWR=false NS=false Window=12753 Checksum=23336 Urgent=0 Options=[TCPOption(NOP:), TCPOption(NOP:), TCPOption(Timestamps:1064185591/1064170040 0x3f6e2ef73f6df238)] Padding=[]}
    - Layer 4 (19 bytes) = Payload	19 byte(s)
    
    tcp:&{{[196 175 12 234 6 151 129 110 185 191 51 46 128 24 49 209 91 40 0 0 1 1 8 10 63 110 46 247 63 109 242 56] [15 0 0 0 3 115 104 111 119 32 100 97 116 97 98 97 115 101 115]} 50351 3306(mysql) 110592366 3116315438 8 false false false true true false false false false 12753 23336 0 [196 175] [12 234] [TCPOption(NOP:) TCPOption(NOP:) TCPOption(Timestamps:1064185591/1064170040 0x3f6e2ef73f6df238)] [] [{1 1 []} {1 1 []} {8 10 [63 110 46 247 63 109 242 56]} {0 0 []}] {<nil>}}
    tcp payload:[15 0 0 0 3 115 104 111 119 32 100 97 116 97 98 97 115 101 115]
    。。。
    
    

    对抓取到的mysql数据感兴趣的同学,可以参考Mysql 通信协议抓包分析

    参考

    github

    https://github.com/google/gopacket

    文档godoc

    https://godoc.org/github.com/google/gopacket

    go抓包分析demo

    https://blog.lab99.org/post/golang-2017-09-23-video-packet-capture-analysis-with-go.html

    https://blog.csdn.net/ptmozhu/article/details/72652310

  • 相关阅读:
    服务器时间同步
    CentOS7.1下生产环境Keepalived+Nginx配置
    Windows 客户端时间更新脚本NTP
    keepalived的配置详解(非常详细)
    Keepalived stable tarball
    keepalived配置主从备份
    ECharts使用心得总结
    C#项目获取当前时间的农历时间
    如何测试连接MsSQL数据库-------UDL文件
    为什么 管理工具里没有Internet(IIS)管理器选项
  • 原文地址:https://www.cnblogs.com/lanyangsh/p/9821106.html
Copyright © 2020-2023  润新知