-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
125 lines (100 loc) · 2.84 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
/* For compilers to find libpcap you may need to set:
export LDFLAGS="-L/opt/homebrew/opt/libpcap/lib"
export CPPFLAGS="-I/opt/homebrew/opt/libpcap/include"
sudo setcap cap_net_raw+ep ./sniff
*/
package main
import (
"encoding/json"
"fmt"
"log"
"os"
"github.com/google/gopacket"
"github.com/google/gopacket/pcap"
"github.com/yomorun/yomo"
)
var (
iface = "lo0"
buffer = int32(1600)
filter = "udp and port 9000"
// filter = "src host 172.31.28.84 and udp"
)
// StreamLogEntity represents the structure of data
type StreamLogEntity struct {
From string `json:"from"` // source IP address
Packets int `json:"packets"` // udp packets
}
func main() {
// connect to YoMo-Zipper.
addr := "localhost:9999"
if v := os.Getenv("YOMO_ADDR"); v != "" {
addr = v
}
collector := yomo.NewSource(
"yomo-source",
yomo.WithZipperAddr(addr),
)
err := collector.Connect()
if err != nil {
return
}
defer collector.Close()
collector.SetDataTag(0x33)
fmt.Println("--= YoMo x TDEngine =>>> Realtime Sniffer =--")
fmt.Println("A simple packet sniffer in golang")
if !deviceExists(iface) {
log.Fatal("Unable to open device ", iface)
}
handler, err := pcap.OpenLive(iface, buffer, false, pcap.BlockForever)
if err != nil {
log.Fatal(err)
}
defer handler.Close()
if err := handler.SetBPFFilter(filter); err != nil {
log.Fatal(err)
}
source := gopacket.NewPacketSource(handler, handler.LinkType())
for packet := range source.Packets() {
harvestNetworkDeviceCreds(packet, collector)
}
}
func harvestNetworkDeviceCreds(packet gopacket.Packet, collector yomo.Source) {
log.Printf("harvest: %v", packet)
nl := packet.NetworkLayer()
log.Printf("\tNetworkFlow: %s", nl.NetworkFlow().String()) //.Dst().String())
tl := packet.TransportLayer()
log.Printf("\tTransportFlow: %s", tl.TransportFlow().Dst().String())
src := fmt.Sprintf("%s:%s", nl.NetworkFlow().Src().String(), tl.TransportFlow().Src().String())
dst := fmt.Sprintf("%s:%s", nl.NetworkFlow().Dst().String(), tl.TransportFlow().Dst().String())
log.Printf("\t%s -> %s", src, dst)
app := packet.ApplicationLayer()
if app != nil {
payload := app.Payload()
log.Printf("\t\t%# x", payload)
buf, _ := json.Marshal(&StreamLogEntity{
From: src,
Packets: len(payload),
})
collector.Write(buf)
// dst := packet.NetworkLayer().NetworkFlow().Dst()
// if bytes.Contains(payload, []byte("USER")) {
// fmt.Print(dst, " -> ", string(payload))
// } else if bytes.Contains(payload, []byte("PASS")) {
// fmt.Print(dst, " -> ", string(payload))
// }
}
}
func deviceExists(name string) bool {
devices, err := pcap.FindAllDevs()
if err != nil {
log.Panic(err)
}
for _, device := range devices {
// log.Printf("[found device] %v", device.Addresses)
if device.Name == name {
log.Printf("[found device] %v", device.Addresses)
return true
}
}
return false
}