gopacket使って適当にアプリケーション部分のパケット見てみた。

良い感じに見れたので、5byte目を見て単純な分類をしてみよう

package main

import (
    "fmt"
    "github.com/google/gopacket"
    "github.com/google/gopacket/pcap"
    "log"
    "strings"
    "time"
)

var (
    device       string = "lo"
    snapshot_len int32  = 1024
    promiscuous  bool   = false
    err          error
    // timeout      time.Duration = 30 * time.Second
    timeout time.Duration = 1 * time.Second
    handle  *pcap.Handle
)

func main() {
    // Open device
    handle, err = pcap.OpenLive(device, snapshot_len, promiscuous, timeout)
    if err != nil {
        log.Fatal(err)
    }
    defer handle.Close()

    var filter string = "tcp and port 13306"
    err = handle.SetBPFFilter(filter)
    if err != nil {
        log.Fatal(err)
    }

    // Use the handle as a packet source to process all packets
    packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
    for packet := range packetSource.Packets() {
        applicationLayer := packet.ApplicationLayer()
        if applicationLayer != nil {
            fmt.Println("Application layer/Payload found.")
            fmt.Printf("%s\n", applicationLayer.Payload())

            fmt.Printf("%x\n", applicationLayer.Payload()[0])
            fmt.Printf("%x\n", applicationLayer.Payload()[4])

            // Search for a string inside the payload
            if strings.Contains(string(applicationLayer.Payload()), "HTTP") {
                fmt.Println("HTTP found!")
            }

            // Process packet here
            // fmt.Println(packet)
        }
    }
}