- 関連記事
- 概è¦
- インストール
- 試ã—ã¦ã¿ã‚‹
- リãƒã‚¸ãƒˆãƒª
- å‚è€ƒæƒ…å ±
- Goã®ãŠã™ã™ã‚書ç±
関連記事
Goメモ-306 (go-packetメモ-01)(ネットワークインターフェースを表示) - いろいろ備忘録日記
Goメモ-307 (go-packetメモ-02)(流れるパケットをキャプチャする)(OpenLive) - いろいろ備忘録日記
Goメモ-308 (go-packetメモ-03)(pcapファイルを読み込み)(OpenOffline) - いろいろ備忘録日記
GitHub - devlights/blog-summary: ブログ「いろいろ備忘録日記」のまとめ
概è¦
以下ã€è‡ªåˆ†ç”¨ã®ãƒ¡ãƒ¢ã§ã™ã€‚忘れãªã„ã†ã¡ã«ãƒ¡ãƒ¢ãƒ¡ãƒ¢ã€‚。。
Goã§WireSharkã‚„tcpdumpã®ã‚ˆã†ã«ãƒ‘ケットを直接見ãŸã„ã¨ããªã©ã«åˆ©ç”¨ã§ãるライブラリã«
ã¨ã„ã†ã®ãŒã‚ã‚Šã¾ã™ã€‚
今ã¾ã§ä½¿ã£ãŸã“ã¨ç„¡ã‹ã£ãŸã®ã§ã™ãŒã€ä½¿ã†ã¨é¢ç™½ã‹ã£ãŸã®ã§è‡ªåˆ†ç”¨ã®ãƒ¡ãƒ¢ä»£ã‚ã‚Šã«ã¡ã‚‡ã“ã¡ã‚‡ã“残ã—ã¦ãŠã“ã†ã¨æ€ã„ã¾ã™ã€‚
Linux (Ubuntu) 上ã§éŠã‚“ã§ã„ã¾ã™ã®ã§ã€Windowsã®å ´åˆã¯WinPcap (WireSharkをインストールã™ã‚‹ã¨ãã«ã¤ã„ã§ã«ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã§ããŸã¯ãšï¼‰ãŒå¿…è¦ã«ãªã‚‹ã¨æ€ã„ã¾ã™ã€‚
インストール
libpcap ãŒå¿…è¦ã§ã™ã®ã§ã€ä»¥ä¸‹ã§ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ã¾ã™ã€‚
$ sudo apt install libpcap-dev
ã‚ã¨ã€tcpdumpãŒå…¥ã£ã¦ã„ãªã„å ´åˆã¯ä»¥ä¸‹ã‚‚ã¤ã„ã§ã«å…¥ã‚Œã¦ãŠãã¾ã™ã€‚(ã“ã‚Œã¯ã‚ªãƒ—ショナルã§ã™ï¼‰
$ sudo apt install tcpdump
試ã—ã¦ã¿ã‚‹
使ã„æ–¹ã«é–¢ã—ã¦ã¯ã€ä¸Šã«æŒ™ã’ã¦ã„ã‚‹ go-packet ã® godoc ã®æ–¹ã«è©³ã—ã書ã‹ã‚Œã¦ã„ã¾ã™ã€‚
今回ã¯ã€BPF (Berkeley Packet Filter) フィルタをè¨å®šã™ã‚‹æ–¹æ³•ã«ã¤ã„ã¦ã§ã™ã€‚
pcap.SetBPFFilter 関数を使ã„ã¾ã™ã€‚
main.go
// Package main is the example of go-packet with BPF (Berkeley Packet Filter) filter package main import ( "fmt" "log" "os" "os/signal" "github.com/google/gopacket" "github.com/google/gopacket/pcap" ) var ( appLog = log.New(os.Stderr, "", 0) ) func main() { if err := run(); err != nil { panic(err) } } func run() error { const ( pcapfile = "example.pcap" filter = "icmp or icmp6" ) defer func() { appLog.Println("DONE") }() // -------------------------------------- // Open capture handle // -------------------------------------- var ( handle *pcap.Handle err error ) handle, err = pcap.OpenOffline(pcapfile) if err != nil { return fmt.Errorf("error open handle: %w", err) } defer handle.Close() // -------------------------------------- // Apply capture filter // // # filter examples: // - ip src 192.168.1.1 // - ip dst 192.168.1.2 // - ip host 192.168.1.1 and ip host 192.168.1.2 // - tcp port 80 // - udp port 53 // - icmp or icmp6 // - ether src aa:bb:cc:dd:ee:ff // - ether dst aa:bb:cc:dd:ee:ff // - vlan 100 // - ip host 192.168.1.1 and tcp port 80 // -------------------------------------- if filter != "" { err = handle.SetBPFFilter(filter) if err != nil { return fmt.Errorf("error apply filter: %w", err) } } // -------------------------------------- // Set signal handler // -------------------------------------- var ( sigCh = make(chan os.Signal, 1) ) signal.Notify(sigCh, os.Interrupt) // -------------------------------------- // Make packet source and display. // -------------------------------------- var ( dataSource gopacket.PacketDataSource = handle decoder gopacket.Decoder = handle.LinkType() packetSource *gopacket.PacketSource = gopacket.NewPacketSource(dataSource, decoder) packetCh <-chan gopacket.Packet = packetSource.Packets() ) appLog.Println("START") LOOP: for { select { case <-sigCh: break LOOP case p, ok := <-packetCh: if !ok { break LOOP } appLog.Println(p) } } return nil }
tcpdump.sh
#!/usr/bin/env bash tcpdump -t -n -i lo -w example.pcap & echo $! > tcpdump.pid exit 0
ping.sh
#!/usr/bin/env bash timeout 3s ping localhost exit 0
kill.sh
#!/usr/bin/env bash kill $(cat tcpdump.pid) exit 0
以下ã€Gitpod上ã§å®Ÿè¡Œã—ã¦ã¿ãŸçµæžœã§ã™ã€‚
gitpod /workspace/go-gopacket-example (main) $ task bpffilter task: [bpffilter] go build task: [bpffilter] sudo bash ./tcpdump.sh task: [bpffilter] bash ./ping.sh PING localhost(localhost (::1)) 56 data bytes 64 bytes from localhost (::1): icmp_seq=1 ttl=64 time=0.014 ms tcpdump: listening on lo, link-type EN10MB (Ethernet), snapshot length 262144 bytes 64 bytes from localhost (::1): icmp_seq=2 ttl=64 time=0.034 ms 64 bytes from localhost (::1): icmp_seq=3 ttl=64 time=0.039 ms task: [bpffilter] sudo bash ./kill.sh 33 packets captured 66 packets received by filter 0 packets dropped by kernel task: [bpffilter] sleep 1 task: [bpffilter] sudo ./bpffilter START PACKET: 118 bytes, wire length 118 cap length 118 @ 2023-04-18 02:07:43.05961 +0000 UTC - Layer 1 (14 bytes) = Ethernet {Contents=[..14..] Payload=[..104..] SrcMAC=00:00:00:00:00:00 DstMAC=00:00:00:00:00:00 EthernetType=IPv6 Length=0} - Layer 2 (40 bytes) = IPv6 {Contents=[..40..] Payload=[..64..] Version=6 TrafficClass=0 FlowLabel=53830 Length=64 NextHeader=ICMPv6 HopLimit=64 SrcIP=::1 DstIP=::1 HopByHop=nil} - Layer 3 (04 bytes) = ICMPv6 {Contents=[128, 0, 32, 129] Payload=[..60..] TypeCode=EchoRequest Checksum=8321 TypeBytes=[]} - Layer 4 (00 bytes) = ICMPv6Echo {Contents=[] Payload=[] Identifier=12517 SeqNumber=2} PACKET: 118 bytes, wire length 118 cap length 118 @ 2023-04-18 02:07:43.059619 +0000 UTC - Layer 1 (14 bytes) = Ethernet {Contents=[..14..] Payload=[..104..] SrcMAC=00:00:00:00:00:00 DstMAC=00:00:00:00:00:00 EthernetType=IPv6 Length=0} - Layer 2 (40 bytes) = IPv6 {Contents=[..40..] Payload=[..64..] Version=6 TrafficClass=0 FlowLabel=275845 Length=64 NextHeader=ICMPv6 HopLimit=64 SrcIP=::1 DstIP=::1 HopByHop=nil} - Layer 3 (04 bytes) = ICMPv6 {Contents=[129, 0, 31, 129] Payload=[..60..] TypeCode=EchoReply Checksum=8065 TypeBytes=[]} - Layer 4 (00 bytes) = ICMPv6Echo {Contents=[] Payload=[] Identifier=12517 SeqNumber=2} PACKET: 118 bytes, wire length 118 cap length 118 @ 2023-04-18 02:07:44.07939 +0000 UTC - Layer 1 (14 bytes) = Ethernet {Contents=[..14..] Payload=[..104..] SrcMAC=00:00:00:00:00:00 DstMAC=00:00:00:00:00:00 EthernetType=IPv6 Length=0} - Layer 2 (40 bytes) = IPv6 {Contents=[..40..] Payload=[..64..] Version=6 TrafficClass=0 FlowLabel=53830 Length=64 NextHeader=ICMPv6 HopLimit=64 SrcIP=::1 DstIP=::1 HopByHop=nil} - Layer 3 (04 bytes) = ICMPv6 {Contents=[128, 0, 222, 50] Payload=[..60..] TypeCode=EchoRequest Checksum=56882 TypeBytes=[]} - Layer 4 (00 bytes) = ICMPv6Echo {Contents=[] Payload=[] Identifier=12517 SeqNumber=3} PACKET: 118 bytes, wire length 118 cap length 118 @ 2023-04-18 02:07:44.079401 +0000 UTC - Layer 1 (14 bytes) = Ethernet {Contents=[..14..] Payload=[..104..] SrcMAC=00:00:00:00:00:00 DstMAC=00:00:00:00:00:00 EthernetType=IPv6 Length=0} - Layer 2 (40 bytes) = IPv6 {Contents=[..40..] Payload=[..64..] Version=6 TrafficClass=0 FlowLabel=275845 Length=64 NextHeader=ICMPv6 HopLimit=64 SrcIP=::1 DstIP=::1 HopByHop=nil} - Layer 3 (04 bytes) = ICMPv6 {Contents=[129, 0, 221, 50] Payload=[..60..] TypeCode=EchoReply Checksum=56626 TypeBytes=[]} - Layer 4 (00 bytes) = ICMPv6Echo {Contents=[] Payload=[] Identifier=12517 SeqNumber=3} DONE
実行ã™ã‚‹ã¨ã€æœ€åˆã«ï¼“秒間ã»ã© tcpdump コマンドを実行ã—㦠ping (ICMP エコーメッセージ) ã‚’ã‚ャプãƒãƒ£ã—ã¦ã€pcapファイルを出力ã—ã¾ã™ã€‚
ãã®å¾Œã€ãれをgo-packetを使ã£ã¦èªã¿è¾¼ã‚“ã§ãƒ‘ケットをBPFフィルタè¨å®šã—ã¦è¡¨ç¤ºã—ã¦ã„ã¾ã™ã€‚
pingコマンドを実行ã™ã‚‹éš›ã« -4 オプションを付ã‘ã¦ã„ãªã„ã®ã§ã€ICMPv6 ã§ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒé€å—ä¿¡ã•ã‚Œã¦ã„ã¾ã™ã€‚
ãªã®ã§ã€ä¸Šã®ã‚½ãƒ¼ã‚¹ã®BPFフィルタを icmp or icmp6 ã‹ã‚‰ icmp ã«ã—ã¦ã€å®Ÿè¡Œã™ã‚‹ã¨ä½•ã‚‚表示ã•ã‚Œãªããªã‚Šã¾ã™ã€‚
ã¡ã‚ƒã‚“ã¨ãƒ•ã‚£ãƒ«ã‚¿ãƒªãƒ³ã‚°ã•ã‚Œã¦ã„ã¾ã™ã。
リãƒã‚¸ãƒˆãƒª
上ã®ã‚µãƒ³ãƒ—ルãªã©ã¯ã€ä»¥ä¸‹ã®ãƒªãƒã‚¸ãƒˆãƒªã§ã‚¢ãƒƒãƒ—ã—ã¦ã„ã¾ã™ã€‚ã”å‚考ã¾ã§ã«ã€‚
å‚è€ƒæƒ…å ±
Goã®ãŠã™ã™ã‚書ç±
éŽåŽ»ã®è¨˜äº‹ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®ãƒšãƒ¼ã‚¸ã‹ã‚‰ã”å‚照下ã•ã„。
サンプルコードã¯ã€ä»¥ä¸‹ã®å ´æ‰€ã§å…¬é–‹ã—ã¦ã„ã¾ã™ã€‚
