goreplay~tcpdump
2021/8/10 7:35:35
本文主要是介绍goreplay~tcpdump,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
goreplay几种engine的区别
capture.go中的引擎类型
func (eng *EngineType) Set(v string) error { switch v { case "", "libpcap": *eng = EnginePcap case "pcap_file": *eng = EnginePcapFile case "raw_socket": *eng = EngineRawSocket case "af_packet": *eng = EngineAFPacket default: return fmt.Errorf("invalid engine %s", v) } return nil }
引擎处理 pcap
func (l *Listener) activatePcap() error { var e error var msg string for _, ifi := range l.Interfaces { var handle *pcap.Handle handle, e = l.PcapHandle(ifi) if e != nil { msg += ("\n" + e.Error()) continue } l.Handles[ifi.Name] = packetHandle{ handler: handle, ips: interfaceIPs(ifi), } } if len(l.Handles) == 0 { return fmt.Errorf("pcap handles error:%s", msg) } return nil }
不同的handler
func (l *Listener) PcapHandle(ifi pcap.Interface) (handle *pcap.Handle, err error) { var inactive *pcap.InactiveHandle inactive, err = pcap.NewInactiveHandle(ifi.Name) if err != nil { return nil, fmt.Errorf("inactive handle error: %q, interface: %q", err, ifi.Name) } defer inactive.CleanUp() if l.TimestampType != "" && l.TimestampType != "go" { var ts pcap.TimestampSource ts, err = pcap.TimestampSourceFromString(l.TimestampType) fmt.Println("Setting custom Timestamp Source. Supported values: `go`, ", inactive.SupportedTimestamps()) err = inactive.SetTimestampSource(ts) if err != nil { return nil, fmt.Errorf("%q: supported timestamps: %q, interface: %q", err, inactive.SupportedTimestamps(), ifi.Name) } } if l.Promiscuous { if err = inactive.SetPromisc(l.Promiscuous); err != nil { return nil, fmt.Errorf("promiscuous mode error: %q, interface: %q", err, ifi.Name) } } if l.Monitor { if err = inactive.SetRFMon(l.Monitor); err != nil && !errors.Is(err, pcap.CannotSetRFMon) { return nil, fmt.Errorf("monitor mode error: %q, interface: %q", err, ifi.Name) } } var snap int if !l.Snaplen { infs, _ := net.Interfaces() for _, i := range infs { if i.Name == ifi.Name { snap = i.MTU + 200 } } } if snap == 0 { snap = 64<<10 + 200 } err = inactive.SetSnapLen(snap) if err != nil { return nil, fmt.Errorf("snapshot length error: %q, interface: %q", err, ifi.Name) } if l.BufferSize > 0 { err = inactive.SetBufferSize(int(l.BufferSize)) if err != nil { return nil, fmt.Errorf("handle buffer size error: %q, interface: %q", err, ifi.Name) } } if l.BufferTimeout == 0 { l.BufferTimeout = 2000 * time.Millisecond } err = inactive.SetTimeout(l.BufferTimeout) if err != nil { return nil, fmt.Errorf("handle buffer timeout error: %q, interface: %q", err, ifi.Name) } handle, err = inactive.Activate() if err != nil { return nil, fmt.Errorf("PCAP Activate device error: %q, interface: %q", err, ifi.Name) } bpfFilter := l.BPFFilter if bpfFilter == "" { bpfFilter = l.Filter(ifi) } fmt.Println("Interface:", ifi.Name, ". BPF Filter:", bpfFilter) err = handle.SetBPFFilter(bpfFilter) if err != nil { handle.Close() return nil, fmt.Errorf("BPF filter error: %q%s, interface: %q", err, bpfFilter, ifi.Name) } return }
表现 --input-raw-engine raw_socket
--input-raw-engine libpcap
--input-raw-engine af_packet
tcpdump监听
tcpdump tcp -i eth0 -t -s 0 -c 100 and dst port 8080 and \(dst host 172.29.246.151 or dst host fe80::216:3eff:fe00:7e1\)
三次请求结果
func (eng *EngineType) Set(v string) error { switch v { case "", "libpcap": *eng = EnginePcap case "pcap_file": *eng = EnginePcapFile case "raw_socket": *eng = EngineRawSocket case "af_packet": *eng = EngineAFPacket default: return fmt.Errorf("invalid engine %s", v) } return nil }
这篇关于goreplay~tcpdump的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-11-12Cargo deny安装指路
- 2024-11-02MongoDB项目实战:从入门到初级应用
- 2024-11-01随时随地一键转录,Google Cloud 新模型 Chirp 2 让语音识别更上一层楼
- 2024-10-25Google Cloud动手实验详解:如何在Cloud Run上开发无服务器应用
- 2024-10-24AI ?先驱齐聚 BAAI 2024,发布大规模语言、多模态、具身、生物计算以及 FlagOpen 2.0 等 AI 模型创新成果。
- 2024-10-20goland工具下,如修改一个项目的标准库SDK的版本-icode9专业技术文章分享
- 2024-10-17Go学习:初学者的简单教程
- 2024-10-17Go学习:新手入门完全指南
- 2024-10-17Golang学习:初学者入门教程
- 2024-10-17Golang学习:新手入门教程