Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GoでTCPパケットを読む / Fukuoka.go #12

GoでTCPパケットを読む / Fukuoka.go #12

Fukuoka.go #12

69b93af68320a590f607c296e8edff73?s=128

Ken’ichiro Oyama

October 07, 2018
Tweet

Transcript

  1. খࢁ݈Ұ࿠(.01FQBCP *OD 'VLVPLBHP (PͰ5$1ύέοτΛಡΉ

  2. γχΞΤϯδχΞ খࢁ݈Ұ࿠!L-P8 ϗεςΟϯάࣄۀ෦ϗεςΟϯάάϧʔϓϚωʔδυΫϥ΢υνʔϜ IUUQTHJUIVCDPNL-P8  

  3. UDQEVNQ

  4. UDQEVNQͱ͸ɺίϚϯυϥΠϯ্Ͱར༻͢Δ Ұൠతͳܭࢉػωο τϫʔΫௐࠪ πʔϧͰ͋ΔɻUDQEVNQʹΑΓɺར༻ऀ͸ίϚϯ υΛ࣮ߦͨ͠ܭࢉػ͕ͭͳ͕͍ͬͯΔωοτϫʔΫ্ΛྲྀΕΔ5$1*1ͳ ͲͷύέοτΛԣऔͬͯɺදࣔͤ͞Δ͜ͱ͕ग़དྷΔɻ͜ͷϓϩάϥϜ͸ ։ൃ౰࣌ʹϩʔϨϯεɾόʔΫϦʔݚڀॴωοτϫʔΫݚڀάϧʔϓʹॴ ଐ͍ͯͨ͠όϯɾδΣΠίϒιϯɺ$SBJH-FSFTɺ4UFWFO.D$BOOFʹ Αͬͯॻ͔Εͨɻ ग़యϑϦʔඦՊࣄయʰ΢ΟΩϖσΟΞʢ8JLJQFEJBʣʱ

  5. ҰൠతͳπʔϧͰ͋Δ

  6. None
  7. UDQEVNQͱΘͨ͠ wશ͘࢖ͬͨ͜ͱ͋Γ·ͤΜͰͨ͠ wʮϦΫΤετΛ౤͛Ε͹Ϩεϙϯε͕ฦͬͯ͘Δ͠ɺ ΫΤϦΛ౤͛Ε͹݁Ռ͕ฦͬͯ͘Δʯͦ͏ࢥ͍ͬͯͨ ࣌ظ͕ࢲʹ΋͋Γ·ͨ͠ʢ͍ͭ࠷ۙ·Ͱʣ wࠓͰ΋·ͱ΋ʹ࢖͑ͳ͍Ͱ͢ wҰํɺνʔϜϝϯόʔ͸ۭؾͷΑ͏ʹ࢖͍·͢

  8. 5$1ύέοτͱ͔όΠφϦΛ ಡΉͳΜͯ SZ

  9. IUUQTTQFBLFSEFDLDPNFEWBLGHPUFIBJOBSJXPEVNVQMVTB

  10. None
  11. None
  12. ͸͍ʂʂʂ

  13. ͦΕͰ͸ ؆୯ͳUDQEVNQΛ ࡞ͬͯΈ·͠ΐ͏

  14. ࠓճ࣮૷͢ΔUDQEVNQͷίϚϯυ $ tcpdump -X -i eth0 tcp and port 80

  15. ࠓճ࣮૷͢ΔUDQEVNQͷίϚϯυ $ tcpdump -X -i eth0 tcp and port 80

    ग़ྗϑΥʔϚοτ ωοτϫʔΫΠϯλʔϑΣʔεͷࢦఆ ϑΟϧλϦϯά
  16. ग़ྗ͸͜Μͳײ͡

  17. Ͱ͸࡞͍͖ͬͯ·͠ΐ͏

  18. ·ͣϓϩδΣΫτσΟϨΫτϦΛ࡞੒ $ go version go version go1.11 darwin/amd64 $ mkdir

    mydump $ cd mydump/ $ echo 'module "github.com/k1LoW/mydump"' > go.mod
  19. NBJOHP 1 package main 2 3 import ( 4 "encoding/hex"

    5 "fmt" 6 "log" 7 8 "github.com/google/gopacket" 9 "github.com/google/gopacket/pcap" 10 ) 11 12 func main() { 13 device := "eth0" 14 filter := "tcp and port 80" 15 16 handle, err := pcap.OpenLive( 17 device, int32(0xFFFF), true, pcap.BlockForever, 18 ) 19 if err != nil { 20 log.Fatal(err) 21 } 22 defer handle.Close() 23 if err := handle.SetBPFFilter(filter); err != nil { 24 log.Fatal(err) 25 } 26 27 packetSource := gopacket.NewPacketSource(handle, handle.LinkType()) 28 for packet := range packetSource.Packets() { 29 fmt.Printf(“%s\n", packet) 30 fmt.Printf("%s", hex.Dump(packet.Data())) 31 } 32 }
  20. ࣮ߦ $ sudo go run main.go

  21. Ͱ͖ͨ

  22. Ͱ͖ͨ

  23. Ͱ͖ͨ

  24. ιʔείʔυղઆ

  25. NBJOHP- 1 package main 2 3 import ( 4 "encoding/hex"

    5 "fmt" 6 "log" 7 8 "github.com/google/gopacket" 9 "github.com/google/gopacket/pcap" 10 )
  26. HPPHMFHPQBDLFU

  27. HPPHMFHPQBDLFU w(PPHMF੡ͷύέοτॲཧ༻ͷϥΠϒϥϦ wIUUQTHJUIVCDPNHPPHMFHPQBDLFU wύέοτ͕ಡΊΔͷ͸͜ͷϥΠϒϥϦͷ͓͔͛ wQDBQϑΝΠϧͷಡΈࠐΈ΋ՄೳʹͳΔ wMJCQDBQΛར༻͍ͯ͠ΔDHP

  28. NBJOHP- 12 func main() { 13 device := "eth0" 14

    filter := "tcp and port 80" 15 16 handle, err := pcap.OpenLive( 17 device, int32(0xFFFF), true, pcap.BlockForever, 18 ) 19 if err != nil { 20 log.Fatal(err) 21 } 22 defer handle.Close() ࠓճ͸ݻఆɻҾ਺Ͱ༩͑ΒΕΔΑ͏ʹͳͬͨΒ ΑΓUDQEVNQͬΆ͍ ΠϯλʔϑΣʔεʹΞλον
  29. NBJOHP- 23 if err := handle.SetBPFFilter(filter); err != nil {

    24 log.Fatal(err) 25 } #1' #FSLFMFZ1BDLFU'JMUFS Λઃఆ
  30. #1'

  31. IUUQTTQFBLFSEFDLDPNUBLVNBLVNFFCQGHFUUJOHTUBSUFE

  32. NBJOHP- 27 packetSource := gopacket.NewPacketSource( handle, handle.LinkType()) 28 for packet

    := range packetSource.Packets() { 29 fmt.Printf(“%s\n", packet) 30 fmt.Printf("%s", hex.Dump(packet.Data())) 31 } 32 } ύέοτ͕νϟϯωϧΛ௨ͯ͡΍ͬͯ͘ΔͷͰGPSͰड͚औΔ ग़ྗ
  33. ιʔείʔυղઆऴྃ

  34. fmt.Printf(“%s\n", packet)

  35. PACKET: 450 bytes, wire length 450 cap length 450 @

    2018-10-04 19:02:36.200155 +0900 JST - Layer 1 (14 bytes) = Ethernet {Contents=[..14..] Payload=[..436..] SrcMAC=8c:85:90:ae:ae:c2 DstMAC=2c:33:11:ca:c8:be EthernetType=IPv4 Length=0} - Layer 2 (20 bytes) = IPv4 {Contents=[..20..] Payload=[..416..] Version=4 IHL=5 TOS=0 Length=436 Id=0 Flags=DF FragOffset=0 TTL=64 Protocol=TCP Checksum=24376 SrcIP=192.168.75.96 DstIP=108.177.97.82 Options=[] Padding=[]} - Layer 3 (32 bytes) = TCP {Contents=[..32..] Payload=[..384..] SrcPort=51190 DstPort=80(http) Seq=1867296718 Ack=2345355645 DataOffset=8 FIN=false SYN=false RST=false PSH=true ACK=true URG=false ECE=false CWR=false NS=false Window= 4096 Checksum=19074 Urgent=0 Options=[TCPOption(NOP:), TCPOption(NOP:), TCPOption(Timestamps:958590780/3024242800 0x3922ef3cb4424870)] Padding=[]} - Layer 4 (384 bytes) ^C1 63 69 6e 74 6f 73 |la/5.0 (Macintos|
  36. PACKET: 450 bytes, wire length 450 cap length 450 @

    2018-10-04 19:02:36.200155 +0900 JST - Layer 1 (14 bytes) = Ethernet {Contents=[..14..] Payload=[..436..] SrcMAC=8c:85:90:ae:ae:c2 DstMAC=2c:33:11:ca:c8:be EthernetType=IPv4 Length=0} - Layer 2 (20 bytes) = IPv4 {Contents=[..20..] Payload=[..416..] Version=4 IHL=5 TOS=0 Length=436 Id=0 Flags=DF FragOffset=0 TTL=64 Protocol=TCP Checksum=24376 SrcIP=192.168.75.96 DstIP=108.177.97.82 Options=[] Padding=[]} - Layer 3 (32 bytes) = TCP {Contents=[..32..] Payload=[..384..] SrcPort=51190 DstPort=80(http) Seq=1867296718 Ack=2345355645 DataOffset=8 FIN=false SYN=false RST=false PSH=true ACK=true URG=false ECE=false CWR=false NS=false Window= 4096 Checksum=19074 Urgent=0 Options=[TCPOption(NOP:), TCPOption(NOP:), TCPOption(Timestamps:958590780/3024242800 0x3922ef3cb4424870)] Padding=[]} - Layer 4 (384 bytes) ^C1 63 69 6e 74 6f 73 |la/5.0 (Macintos|
  37. None
  38. 4USJOHFS͕ઃఆ͞Ε͍ͯΔͧʂ func(* p) String()͕ఆٛ͞Ε͍ͯΔ

  39. ࣮ମ͸QBDLFUFBHFS1BDLFUͳͷͰ HJUIVCDPNHPPHMFHPQBDLFUQBDLFUHP- ͔ΒίʔυΛ८ΕΔ

  40. ͭ·Γ HPPHMFHPQBDLFUͷ࢖͍ํ͕ Θ͔Δ

  41. ੋඇ͓͏ͪͰಡΜͰΈ͍ͯͩ͘͞

  42. HPPHMFHPQBDLFUͰ 5$1ύέοτΛಡΉ

  43. 5$1ύέοτͬ͘͟Γ &UIFSOFU CZUF *1ϔομ CZUF 5$1ϔομ CZUF ࢒Γ 5$1Φϓγϣϯ /CZUF

    σʔλ ྫ͑͹)551΍.Z42-ͷϓϩτίϧ͸͔͜͜Β ελʔτ͍ͯ͠Δ
  44. HPPHMFHPQBDLFU

  45. HPPHMFHPQBDLFU &UIFSOFU CZUF *1ϔομ CZUF 5$1ϔομ CZUF ࢒Γ 5$1Φϓγϣϯ /CZUF

    σʔλ -BZFS -BZFS*1W -BZFS5$1 -BZFS1BZMPBE
  46. -BZFS1BZMPBE ΛಡΊ͹͍͍ͷͰศར tcpLayer := packet.Layer(layers.LayerTypeTCP) data := tcpLayer.LayerPayload() fmt.Printf(“%s”, hex.Dump(data))

    w)551΋.Z42-΋1PTUHSF42-΋͔͜͜ΒCZUFͮͭ ղੳ͢Ε͹·ͣ͸0,
  47. ͜ΕͰ҆৺ͯ͠ 5$1ύέοτղੳΛ͸͡ΊΒΕ·͢Ͷʂ

  48. ࠷ۙΘͨ͠΋ 5$1ύέοτղੳΛ͸͡Ί·ͨ͠

  49. (PͰ5$1ύέοτղੳΛͯ͠Έ·͠ΐ͏ʂ ίʔυʹམͱ͠ࠐΊͨΒͬͪ͜ͷ΋ͷʂ

  50. Έͳ͞Μ΋ੋඇ 5$1ύέοτΛCZUFͮͭಡΜͰ ʮͳΜͰ͜ͷόΠτྻ͕͋ΔΜͩΑʜʯ ʮ)551ͩͱ͜Μͳ͜ͱͳ͍ͷʹʜʯ ͱ΢ϯ΢ϯ͏ͳΓ·͠ΐ͏

  51.   5IBOLZPV ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU