GoでTCPパケットを読む / Fukuoka.go #12

Transcript

1. খࢁ݈Ұ࿠
   
   (.0
   1FQBCP
   *OD
   
   'VLVPLBHP (PͰ5$1ύέοτΛಡΉ

2. γχΞΤϯδχΞ খࢁ݈Ұ࿠
   
   !L-P8 ϗεςΟϯάࣄۀ෦ϗεςΟϯάάϧʔϓϚωʔδυΫϥ΢υνʔϜ IUUQTHJUIVCDPNL-P8
   

3. UDQEVNQ

4. UDQEVNQͱ͸ɺίϚϯυϥΠϯ্Ͱར༻͢Δ Ұൠతͳܭࢉػωο τϫʔΫௐࠪ πʔϧͰ͋Δɻ
   UDQEVNQʹΑΓɺར༻ऀ͸ίϚϯ υΛ࣮ߦͨ͠ܭࢉػ͕ͭͳ͕͍ͬͯΔωοτϫʔΫ্ΛྲྀΕΔ5$1*1ͳ ͲͷύέοτΛԣऔͬͯɺදࣔͤ͞Δ͜ͱ͕ग़དྷΔɻ
   ͜ͷϓϩάϥϜ͸ ։ൃ౰࣌ʹϩʔϨϯεɾόʔΫϦʔݚڀॴωοτϫʔΫݚڀάϧʔϓʹॴ ଐ͍ͯͨ͠όϯɾδΣΠίϒιϯɺ$SBJH
   -FSFTɺ4UFWFO
   .D$BOOFʹ Αͬͯॻ͔Εͨɻ ग़య
   ϑϦʔඦՊࣄయʰ΢ΟΩϖσΟΞʢ8JLJQFEJBʣʱ

5. ҰൠతͳπʔϧͰ͋Δ

6. None

7. UDQEVNQͱΘͨ͠ wશ͘࢖ͬͨ͜ͱ͋Γ·ͤΜͰͨ͠
   wʮϦΫΤετΛ౤͛Ε͹Ϩεϙϯε͕ฦͬͯ͘Δ͠ɺ ΫΤϦΛ౤͛Ε͹݁Ռ͕ฦͬͯ͘Δʯͦ͏ࢥ͍ͬͯͨ ࣌ظ͕ࢲʹ΋͋Γ·ͨ͠ʢ͍ͭ࠷ۙ·Ͱʣ
   wࠓͰ΋·ͱ΋ʹ࢖͑ͳ͍Ͱ͢
   wҰํɺνʔϜϝϯόʔ͸ۭؾͷΑ͏ʹ࢖͍·͢

8. 5$1ύέοτͱ͔όΠφϦΛ
   ಡΉͳΜͯ SZ

9. IUUQTTQFBLFSEFDLDPNFEWBLGHPUFIBJOBSJXPEVNVQMVTB

10. None
11. None

12. ͸͍ʂʂʂ

13. ͦΕͰ͸
    ؆୯ͳUDQEVNQΛ
    ࡞ͬͯΈ·͠ΐ͏

14. ࠓճ࣮૷͢ΔUDQEVNQͷίϚϯυ $ tcpdump -X -i eth0 tcp and port 80

15. ࠓճ࣮૷͢ΔUDQEVNQͷίϚϯυ $ tcpdump -X -i eth0 tcp and port 80

    ग़ྗϑΥʔϚοτ ωοτϫʔΫΠϯλʔϑΣʔεͷࢦఆ ϑΟϧλϦϯά

16. ग़ྗ͸͜Μͳײ͡

17. Ͱ͸࡞͍͖ͬͯ·͠ΐ͏

18. ·ͣϓϩδΣΫτσΟϨΫτϦΛ࡞੒ $ go version go version go1.11 darwin/amd64 $ mkdir

    mydump $ cd mydump/ $ echo 'module "github.com/k1LoW/mydump"' > go.mod

19. NBJOHP 1 package main 2 3 import ( 4 "encoding/hex"

    5 "fmt" 6 "log" 7 8 "github.com/google/gopacket" 9 "github.com/google/gopacket/pcap" 10 ) 11 12 func main() { 13 device := "eth0" 14 filter := "tcp and port 80" 15 16 handle, err := pcap.OpenLive( 17 device, int32(0xFFFF), true, pcap.BlockForever, 18 ) 19 if err != nil { 20 log.Fatal(err) 21 } 22 defer handle.Close() 23 if err := handle.SetBPFFilter(filter); err != nil { 24 log.Fatal(err) 25 } 26 27 packetSource := gopacket.NewPacketSource(handle, handle.LinkType()) 28 for packet := range packetSource.Packets() { 29 fmt.Printf(“%s\n", packet) 30 fmt.Printf("%s", hex.Dump(packet.Data())) 31 } 32 }

20. ࣮ߦ $ sudo go run main.go

21. Ͱ͖ͨ

22. Ͱ͖ͨ

23. Ͱ͖ͨ

24. ιʔείʔυղઆ

25. NBJOHP- 1 package main 2 3 import ( 4 "encoding/hex"

    5 "fmt" 6 "log" 7 8 "github.com/google/gopacket" 9 "github.com/google/gopacket/pcap" 10 )

26. HPPHMFHPQBDLFU

27. HPPHMFHPQBDLFU w(PPHMF੡ͷύέοτॲཧ༻ͷϥΠϒϥϦ
    wIUUQTHJUIVCDPNHPPHMFHPQBDLFU
    wύέοτ͕ಡΊΔͷ͸͜ͷϥΠϒϥϦͷ͓͔͛
    wQDBQϑΝΠϧͷಡΈࠐΈ΋ՄೳʹͳΔ
    wMJCQDBQΛར༻͍ͯ͠ΔDHP

28. NBJOHP- 12 func main() { 13 device := "eth0" 14

    filter := "tcp and port 80" 15 16 handle, err := pcap.OpenLive( 17 device, int32(0xFFFF), true, pcap.BlockForever, 18 ) 19 if err != nil { 20 log.Fatal(err) 21 } 22 defer handle.Close() ࠓճ͸ݻఆɻҾ਺Ͱ༩͑ΒΕΔΑ͏ʹͳͬͨΒ
    ΑΓUDQEVNQͬΆ͍ ΠϯλʔϑΣʔεʹΞλον

29. NBJOHP- 23 if err := handle.SetBPFFilter(filter); err != nil {

    24 log.Fatal(err) 25 } #1' #FSLFMFZ
    1BDLFU
    'JMUFS Λઃఆ

30. #1'

31. IUUQTTQFBLFSEFDLDPNUBLVNBLVNFFCQGHFUUJOHTUBSUFE

32. NBJOHP- 27 packetSource := gopacket.NewPacketSource( handle, handle.LinkType()) 28 for packet

    := range packetSource.Packets() { 29 fmt.Printf(“%s\n", packet) 30 fmt.Printf("%s", hex.Dump(packet.Data())) 31 } 32 } ύέοτ͕νϟϯωϧΛ௨ͯ͡΍ͬͯ͘ΔͷͰGPS
    Ͱड͚औΔ ग़ྗ

33. ιʔείʔυղઆऴྃ

34. fmt.Printf(“%s\n", packet)

35. PACKET: 450 bytes, wire length 450 cap length 450 @

    2018-10-04 19:02:36.200155 +0900 JST - Layer 1 (14 bytes) = Ethernet {Contents=[..14..] Payload=[..436..] SrcMAC=8c:85:90:ae:ae:c2 DstMAC=2c:33:11:ca:c8:be EthernetType=IPv4 Length=0} - Layer 2 (20 bytes) = IPv4 {Contents=[..20..] Payload=[..416..] Version=4 IHL=5 TOS=0 Length=436 Id=0 Flags=DF FragOffset=0 TTL=64 Protocol=TCP Checksum=24376 SrcIP=192.168.75.96 DstIP=108.177.97.82 Options=[] Padding=[]} - Layer 3 (32 bytes) = TCP {Contents=[..32..] Payload=[..384..] SrcPort=51190 DstPort=80(http) Seq=1867296718 Ack=2345355645 DataOffset=8 FIN=false SYN=false RST=false PSH=true ACK=true URG=false ECE=false CWR=false NS=false Window= 4096 Checksum=19074 Urgent=0 Options=[TCPOption(NOP:), TCPOption(NOP:), TCPOption(Timestamps:958590780/3024242800 0x3922ef3cb4424870)] Padding=[]} - Layer 4 (384 bytes) ^C1 63 69 6e 74 6f 73 |la/5.0 (Macintos|

36. PACKET: 450 bytes, wire length 450 cap length 450 @

    2018-10-04 19:02:36.200155 +0900 JST - Layer 1 (14 bytes) = Ethernet {Contents=[..14..] Payload=[..436..] SrcMAC=8c:85:90:ae:ae:c2 DstMAC=2c:33:11:ca:c8:be EthernetType=IPv4 Length=0} - Layer 2 (20 bytes) = IPv4 {Contents=[..20..] Payload=[..416..] Version=4 IHL=5 TOS=0 Length=436 Id=0 Flags=DF FragOffset=0 TTL=64 Protocol=TCP Checksum=24376 SrcIP=192.168.75.96 DstIP=108.177.97.82 Options=[] Padding=[]} - Layer 3 (32 bytes) = TCP {Contents=[..32..] Payload=[..384..] SrcPort=51190 DstPort=80(http) Seq=1867296718 Ack=2345355645 DataOffset=8 FIN=false SYN=false RST=false PSH=true ACK=true URG=false ECE=false CWR=false NS=false Window= 4096 Checksum=19074 Urgent=0 Options=[TCPOption(NOP:), TCPOption(NOP:), TCPOption(Timestamps:958590780/3024242800 0x3922ef3cb4424870)] Padding=[]} - Layer 4 (384 bytes) ^C1 63 69 6e 74 6f 73 |la/5.0 (Macintos|
37. None

38. 4USJOHFS͕ઃఆ͞Ε͍ͯΔͧʂ
    
    func(* p) String()͕ఆٛ͞Ε͍ͯΔ
    

39. ࣮ମ͸QBDLFUFBHFS1BDLFUͳͷͰ
    HJUIVCDPNHPPHMFHPQBDLFUQBDLFUHP-
    ͔ΒίʔυΛ८ΕΔ

40. ͭ·Γ
    HPPHMFHPQBDLFUͷ࢖͍ํ͕
    Θ͔Δ

41. ੋඇ͓͏ͪͰಡΜͰΈ͍ͯͩ͘͞

42. HPPHMFHPQBDLFUͰ
    5$1ύέοτΛಡΉ

43. 5$1ύέοτͬ͘͟Γ &UIFSOFU
    CZUF *1ϔομ CZUF 5$1ϔομ CZUF ࢒Γ 5$1Φϓγϣϯ
    /
    CZUF
    

    σʔλ ྫ͑͹)551΍.Z42-ͷϓϩτίϧ͸͔͜͜Β ελʔτ͍ͯ͠Δ

44. HPPHMFHPQBDLFU

45. HPPHMFHPQBDLFU &UIFSOFU
    CZUF *1ϔομ CZUF 5$1ϔομ CZUF ࢒Γ 5$1Φϓγϣϯ
    /
    CZUF
    

    σʔλ -BZFS
     -BZFS
    
    *1W -BZFS
    
    5$1 -BZFS
    
    1BZMPBE

46. -BZFS1BZMPBE ΛಡΊ͹͍͍ͷͰศར tcpLayer := packet.Layer(layers.LayerTypeTCP) data := tcpLayer.LayerPayload() fmt.Printf(“%s”, hex.Dump(data))

    w)551΋.Z42-΋1PTUHSF42-΋͔͜͜ΒCZUFͮͭ ղੳ͢Ε͹·ͣ͸0,

47. ͜ΕͰ҆৺ͯ͠
    5$1ύέοτղੳΛ͸͡ΊΒΕ·͢Ͷʂ

48. ࠷ۙΘͨ͠΋
    5$1ύέοτղੳΛ͸͡Ί·ͨ͠
    

49. (PͰ5$1ύέοτղੳΛͯ͠Έ·͠ΐ͏ʂ
    ίʔυʹམͱ͠ࠐΊͨΒͬͪ͜ͷ΋ͷʂ

50. Έͳ͞Μ΋ੋඇ
    5$1ύέοτΛCZUFͮͭಡΜͰ
    ʮͳΜͰ͜ͷόΠτྻ͕͋ΔΜͩΑʜʯ
    ʮ)551ͩͱ͜Μͳ͜ͱͳ͍ͷʹʜʯ
    ͱ΢ϯ΢ϯ͏ͳΓ·͠ΐ͏

51. 
     5IBOL
    ZPV ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU