MySQLのpacket見ていく
gopacket使って適当にアプリケーション部分のパケット見てみた。
良い感じに見れたので、5byte目を見て単純な分類をしてみよう
package main import ( "fmt" "github.com/google/gopacket" "github.com/google/gopacket/pcap" "log" "strings" "time" ) var ( device string = "lo" snapshot_len int32 = 1024 promiscuous bool = false err error // timeout time.Duration = 30 * time.Second timeout time.Duration = 1 * time.Second handle *pcap.Handle ) func main() { // Open device handle, err = pcap.OpenLive(device, snapshot_len, promiscuous, timeout) if err != nil { log.Fatal(err) } defer handle.Close() var filter string = "tcp and port 13306" err = handle.SetBPFFilter(filter) if err != nil { log.Fatal(err) } // Use the handle as a packet source to process all packets packetSource := gopacket.NewPacketSource(handle, handle.LinkType()) for packet := range packetSource.Packets() { applicationLayer := packet.ApplicationLayer() if applicationLayer != nil { fmt.Println("Application layer/Payload found.") fmt.Printf("%s\n", applicationLayer.Payload()) fmt.Printf("%x\n", applicationLayer.Payload()[0]) fmt.Printf("%x\n", applicationLayer.Payload()[4]) // Search for a string inside the payload if strings.Contains(string(applicationLayer.Payload()), "HTTP") { fmt.Println("HTTP found!") } // Process packet here // fmt.Println(packet) } } }