go-netflow, capture process in/out traffic, similar to c Nethogs.
refer logic design link
refer nethogs source link
yum install libpcap
yum install libpcap-devel
netflow cli run:
go run cmd/main.go
stdout:
+---------+-------+------------------------------------------------+--------+--------+---------+---------+----------+
| PID | NAME | EXE | INODES | SUM IN | SUM OUT | IN RATE | OUT RATE |
+---------+-------+------------------------------------------------+--------+--------+---------+---------+----------+
| 2256431 | Wget | /usr/bin/wget | 1 | 1.0 MB | 0 B | 339 kB | 0 B |
+---------+-------+------------------------------------------------+--------+--------+---------+---------+----------+
| 2257200 | Wrk | /usr/bin/wrk | 5 | 2.0 MB | 16 kB | 653 kB | 5.2 kB |
+---------+-------+------------------------------------------------+--------+--------+---------+---------+----------+
| 3707954 | Java | /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java | 10 | 457 B | 648 B | 152 B | 216 B |
+---------+-------+------------------------------------------------+--------+--------+---------+---------+----------+
| 2245136 | Wget | /usr/bin/wget | 1 | 444 kB | 0 B | 148 kB | 0 B |
+---------+-------+------------------------------------------------+--------+--------+---------+---------+----------+
| 2034103 | Nginx | /usr/sbin/nginx | 41 | 0 B | 0 B | 0 B | 0 B |
+---------+-------+------------------------------------------------+--------+--------+---------+---------+----------+
package main
import (
"encoding/json"
"fmt"
"time"
"github.com/rfyiamcool/go-netflow"
)
func main() {
nf, err := netflow.New(
netflow.WithCaptureTimeout(5 * time.Second),
)
if err != nil {
panic(err)
}
err = nf.Start()
if err != nil {
panic(err)
}
defer nf.Stop()
<-nf.Done()
var (
limit = 5
recentSec = 5
)
rank, err := nf.GetProcessRank(limit, recentSec)
if err != nil {
panic(err)
}
bs, err := json.MarshalIndent(rank, "", " ")
if err != nil {
panic(err)
}
fmt.Println(string(bs))
}Don't save pcap file by default.
WithStorePcap option is used to save pcap file, use tcpdump -nnr {filename} command to read pcap file.
WithStorePcap(fpath string)
WithPcapFilter(filter string)
example:
- host xiaorui.cc and port 80
- src host 123.56.223.52 and (dst port 3389 or 22)
WithPcapFilter(filter string)
WithLimitCgroup(cpu float64, mem int)
WithCaptureTimeout(dur time.Duration)
WithSyncInterval(dur time.Duration)
WithWorkerNum(num int)
WithCtx(ctx context.Context)
WithBindDevices(devs []string)
WithQueueSize(size int)
netflow.Interface
type Interface interface {
Start() error
Stop()
Done() <-chan struct{}
LoadCounter() int64
GetProcessRank(int, int) ([]*Process, error)
}netflow.Process
type Process struct {
Name string
Pid string
Exe string
State string
Inodes []string
TrafficStats *trafficStatsEntry
Ring []*trafficEntry
}netflow.trafficStatsEntry
type trafficStatsEntry struct {
In int64 `json:"in"`
Out int64 `json:"out"`
InRate int64 `json:"in_rate"`
OutRate int64 `json:"out_rate"`
InputEWMA int64 `json:"input_ewma" valid:"-"`
OutputEWMA int64 `json:"output_ewma" valid:"-"`
}netflow.trafficEntry
type trafficEntry struct {
Timestamp int64 `json:"timestamp"`
In int64 `json:"in"`
Out int64 `json:"out"`
}