ringcap

command module

v0.0.0-...-d65eebd Latest Latest Go to latest Published: Oct 19, 2016 License: GPL-3.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ladbrokes/ringcap

Links

Open Source Insights

README ¶

ringcap

ringcap is a diagnostic tool that allows you to capture packets in a ringbuffer to be dumped to a secondary host on a UDP trigger.

A useful tool for tracking down seemingly random network/protocol issues.

Arguments

-listen

Pass this argument if this is the dump host to cause it to listen on tcp

-bind-addr `IP:PORT`

The address to bind to (tcp or udp depending on --listen)

Both the IP and the PORT are required

-dump-host `HOST:PORT`

The host to dump to (the one that is running --listen)

Both the HOST and the PORT are required

Ignored with -listen

-interface `eth0`

The interface to inspect traffic on (eth0, eth1, bind0, all)

Ignored with -listen

-packet-limit `10000`

The maximum number of packets to store in memory

Ignored with -listen

-snaplen `1-65535`

Snarf snaplen bytes of data from each packet rather than the default of 65535 bytes.

Ignored with -listen

-save-path `/path/to/save`

Where to save the files captured with -listen, defaults to current working directory

-filter `"pcap filter string"`

Pass a filter to pcap (eg: "not port 22")

Ignored with -listen

Usage

Set up a listener on a central host (10.1.1.99) - on this host 4231 is a tcp socket

ringcap` -listen -bind-addr 0.0.0.0:4231 -save-path /tmp

Setup a capture ringbuffer on the troublesome hosts (10.1.1.10) - on this host 4231 is a udp socket

ringcap -bind-addr 0.0.0.0:4231 -dump-host 10.1.1.99:4231 -interface bind0

Send any udp packet to the ringbuffer to trigger a dump

echo -n "hi" | nc -u4 -w1 10.1.1.10 4231

Dependancies

Libpcap (libpcap-devel)
Godep

Building

mkdir -p "${GOPATH}/src/github.com/Ladbrokes"
cd "${GOPATH}/src/github.com/Ladbrokes"
git clone https://github.com/Ladbrokes/ringcap.git
cd ringcap
godep go build .

##License

Documentation ¶

Overview ¶

* Ringcap - pcap ringbuffer * Copyright (c) 2015 Shannon Wynter, Ladbrokes Digital Australia Pty Ltd. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * * Author: Shannon Wynter <http://fremnet.net/contact>

Source Files ¶

View all Source files

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
Godeps
_workspace/src/github.com/google/gopacket Package gopacket provides packet decoding for the Go language.	Package gopacket provides packet decoding for the Go language.
_workspace/src/github.com/google/gopacket/afpacket Package afpacket provides Go bindings for MMap'd AF_PACKET socket reading.	Package afpacket provides Go bindings for MMap'd AF_PACKET socket reading.
_workspace/src/github.com/google/gopacket/bytediff Package bytediff provides a simple diff utility for looking at differences in byte slices.	Package bytediff provides a simple diff utility for looking at differences in byte slices.
_workspace/src/github.com/google/gopacket/dumpcommand Package dumpcommand implements a run function for pfdump and pcapdump with many similar flags/features to tcpdump.	Package dumpcommand implements a run function for pfdump and pcapdump with many similar flags/features to tcpdump.
_workspace/src/github.com/google/gopacket/examples/arpscan arpscan implements ARP scanning of all interfaces' local networks using gopacket and its subpackages.	arpscan implements ARP scanning of all interfaces' local networks using gopacket and its subpackages.
_workspace/src/github.com/google/gopacket/examples/bidirectional This binary provides an example of connecting up bidirectional streams from the unidirectional streams provided by gopacket/tcpassembly.	This binary provides an example of connecting up bidirectional streams from the unidirectional streams provided by gopacket/tcpassembly.
_workspace/src/github.com/google/gopacket/examples/bytediff This binary shows how to display byte differences to users via the bytediff library.	This binary shows how to display byte differences to users via the bytediff library.
_workspace/src/github.com/google/gopacket/examples/httpassembly This binary provides sample code for using the gopacket TCP assembler and TCP stream reader.	This binary provides sample code for using the gopacket TCP assembler and TCP stream reader.
_workspace/src/github.com/google/gopacket/examples/pcapdump The pcapdump binary implements a tcpdump-like command line tool with gopacket using pcap as a backend data collection mechanism.	The pcapdump binary implements a tcpdump-like command line tool with gopacket using pcap as a backend data collection mechanism.
_workspace/src/github.com/google/gopacket/examples/pfdump The pfdump binary implements a tcpdump-like command line tool with gopacket using pfring as a backend data collection mechanism.	The pfdump binary implements a tcpdump-like command line tool with gopacket using pfring as a backend data collection mechanism.
_workspace/src/github.com/google/gopacket/examples/statsassembly This binary provides sample code for using the gopacket TCP assembler raw, without the help of the tcpreader library.	This binary provides sample code for using the gopacket TCP assembler raw, without the help of the tcpreader library.
_workspace/src/github.com/google/gopacket/examples/synscan synscan implements a TCP syn scanner on top of pcap.	synscan implements a TCP syn scanner on top of pcap.
_workspace/src/github.com/google/gopacket/examples/util Package util provides shared utilities for all gopacket examples.	Package util provides shared utilities for all gopacket examples.
_workspace/src/github.com/google/gopacket/layers Package layers provides decoding layers for many common protocols.	Package layers provides decoding layers for many common protocols.
_workspace/src/github.com/google/gopacket/macs Package macs provides an in-memory mapping of all valid Ethernet MAC address prefixes to their associated organization.	Package macs provides an in-memory mapping of all valid Ethernet MAC address prefixes to their associated organization.
_workspace/src/github.com/google/gopacket/pcap Package pcap allows users of gopacket to read packets off the wire or from pcap files.	Package pcap allows users of gopacket to read packets off the wire or from pcap files.
_workspace/src/github.com/google/gopacket/pcap/gopacket_benchmark This benchmark reads in file <tempdir>/gopacket_benchmark.pcap and measures the time it takes to decode all packets from that file.	This benchmark reads in file <tempdir>/gopacket_benchmark.pcap and measures the time it takes to decode all packets from that file.
_workspace/src/github.com/google/gopacket/pcapgo Package pcapgo provides some native PCAP support, not requiring C libpcap to be installed.	Package pcapgo provides some native PCAP support, not requiring C libpcap to be installed.
_workspace/src/github.com/google/gopacket/pfring Package pfring wraps the PF_RING C library for Go.	Package pfring wraps the PF_RING C library for Go.
_workspace/src/github.com/google/gopacket/routing Package routing provides a very basic but mostly functional implementation of a routing table for IPv4/IPv6 addresses.	Package routing provides a very basic but mostly functional implementation of a routing table for IPv4/IPv6 addresses.
_workspace/src/github.com/google/gopacket/tcpassembly Package tcpassembly provides TCP stream re-assembly.	Package tcpassembly provides TCP stream re-assembly.
_workspace/src/github.com/google/gopacket/tcpassembly/tcpreader Package tcpreader provides an implementation for tcpassembly.Stream which presents the caller with an io.Reader for easy processing.	Package tcpreader provides an implementation for tcpassembly.Stream which presents the caller with an io.Reader for easy processing.
_workspace/src/github.com/op/go-logging Package logging implements a logging infrastructure for Go.	Package logging implements a logging infrastructure for Go.
_workspace/src/github.com/op/go-logging/examples
_workspace/src/github.com/pivotal-golang/bytefmt bytefmt contains helper methods and constants for converting to and from a human readable byte format.	bytefmt contains helper methods and constants for converting to and from a human readable byte format.

README ¶

ringcap

Arguments

-listen

-bind-addr IP:PORT

-dump-host HOST:PORT

-interface eth0

-packet-limit 10000

-snaplen 1-65535

-save-path /path/to/save

-filter "pcap filter string"

Usage

Dependancies

Building

Documentation ¶

Overview ¶

Source Files ¶

Directories ¶

-bind-addr `IP:PORT`

-dump-host `HOST:PORT`

-interface `eth0`

-packet-limit `10000`

-snaplen `1-65535`

-save-path `/path/to/save`

-filter `"pcap filter string"`