golang gopacket网络抓包和分析
发布时间:2020-12-16 09:33:09 所属栏目:大数据 来源:网络整理
导读:gopacket 是golang语言使用的网络数据抓取和分析的工具包。 本文简单介绍如何使用gopacket进行网络抓包。 下载gopacket # go get [email?protected]:google/gopacket.git Demo 代码中,抓取与端口3306相关的数据,也就是mysql通信数据。 package mainimport(
gopacket 是golang语言使用的网络数据抓取和分析的工具包。 下载gopacket# go get [email?protected]:google/gopacket.git Demo代码中,抓取与端口3306相关的数据,也就是mysql通信数据。 package main import( "fmt" "net" "strings" "github.com/google/gopacket" "github.com/google/gopacket/layers" "github.com/google/gopacket/pcap" ) func main() { fmt.Println("packet start...") deviceName := "eth0" snapLen := int32(65535) port := uint16(3306) filter := getFilter(port) fmt.Printf("device:%v,snapLen:%v,port:%vn",deviceName,snapLen,port) fmt.Println("filter:",filter) //打开网络接口,抓取在线数据 handle,err := pcap.OpenLive(deviceName,true,pcap.BlockForever) if err != nil { fmt.Printf("pcap open live failed: %v",err) return } // 设置过滤器 if err := handle.SetBPFFilter(filter); err != nil { fmt.Printf("set bpf filter failed: %v",err) return } defer handle.Close() // 抓包 packetSource := gopacket.NewPacketSource(handle,handle.LinkType()) packetSource.NoCopy = true for packet := range packetSource.Packets() { if packet.NetworkLayer() == nil || packet.TransportLayer() == nil || packet.TransportLayer().LayerType() != layers.LayerTypeTCP { fmt.Println("unexpected packet") continue } fmt.Printf("packet:%vn",packet) // tcp 层 tcp := packet.TransportLayer().(*layers.TCP) fmt.Printf("tcp:%vn",tcp) // tcp payload,也即是tcp传输的数据 fmt.Printf("tcp payload:%vn",tcp.Payload) } } //定义过滤器 func getFilter(port uint16) string { filter := fmt.Sprintf("tcp and ((src port %v) or (dst port %v))",port,port) return filter } 抓取到的数据包packet start... device:lo0,snapLen:65535,port:3306 filter: tcp and ((src port 3306) or (dst port 3306)) packet:PACKET: 75 bytes,wire length 75 cap length 75 @ 2018-10-20 11:13:00.106452 +0800 CST - Layer 1 (04 bytes) = Loopback {Contents=[2,0] Payload=[..71..] Family=IPv4} - Layer 2 (20 bytes) = IPv4 {Contents=[..20..] Payload=[..51..] Version=4 IHL=5 TOS=0 Length=71 Id=0 Flags=DF FragOffset=0 TTL=64 Protocol=TCP Checksum=0 SrcIP=172.16.1.103 DstIP=172.16.1.103 Options=[] Padding=[]} - Layer 3 (32 bytes) = TCP {Contents=[..32..] Payload=[..19..] SrcPort=50351 DstPort=3306(mysql) Seq=110592366 Ack=3116315438 DataOffset=8 FIN=false SYN=false RST=false PSH=true ACK=true URG=false ECE=false CWR=false NS=false Window=12753 Checksum=23336 Urgent=0 Options=[TCPOption(NOP:),TCPOption(NOP:),TCPOption(Timestamps:1064185591/1064170040 0x3f6e2ef73f6df238)] Padding=[]} - Layer 4 (19 bytes) = Payload 19 byte(s) tcp:&{{[196 175 12 234 6 151 129 110 185 191 51 46 128 24 49 209 91 40 0 0 1 1 8 10 63 110 46 247 63 109 242 56] [15 0 0 0 3 115 104 111 119 32 100 97 116 97 98 97 115 101 115]} 50351 3306(mysql) 110592366 3116315438 8 false false false true true false false false false 12753 23336 0 [196 175] [12 234] [TCPOption(NOP:) TCPOption(NOP:) TCPOption(Timestamps:1064185591/1064170040 0x3f6e2ef73f6df238)] [] [{1 1 []} {1 1 []} {8 10 [63 110 46 247 63 109 242 56]} {0 0 []}] {<nil>}} tcp payload:[15 0 0 0 3 115 104 111 119 32 100 97 116 97 98 97 115 101 115] 。。。 对抓取到的mysql数据感兴趣的同学,可以参考Mysql 通信协议抓包分析 参考github https://github.com/google/gopacket 文档godoc https://godoc.org/github.com/google/gopacket go抓包分析demo https://blog.lab99.org/post/golang-2017-09-23-video-packet-capture-analysis-with-go.html https://blog.csdn.net/ptmozhu/article/details/72652310 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |