In this assignment you will develop a passive network monitoring applicationwritten in Go using the GoPacket library. Your program, called mydump, willcapture the traffic from a network interface in promiscuous mode (or read thepackets from a pcap trace file) and print a record for each packet in itsstandard output, much like a simplified version of tcpdump. The user should beable to specify a BPF filter for capturing a subset of the traffic, and/or astring pattern for capturing only packets with matching payloads.
Your program should conform to the following specification:
go run mydump.go [-i interface] [-r file] [-s string] expression
-i Live capture from the network device <interface> (e.g., eth0). If notspecified, mydump should automatically select a default interface tolisten on (hint 1). Capture should continue indefinitely until the userterminates the program.
-r Read packets from <file> in tcpdump format (hint 2).
-s Keep only packets that contain <string> in their payload (after any BPFfilter is applied). You are not required to implement wildcard or regularexpression matching. A simple string matching operation should suffice.
<expression> is a BPF filter that specifies which packets will be dumped. Ifno filter is given, all packets seen on the interface (or contained in thetrace) should be dumped. Otherwise, only packets matching <expression> shouldbe dumped.
For each packet, mydump prints a record containing the timestamp, source anddestination MAC addresses, EtherType (as a hexadecimal number), packet length,source and destination IP addresses, protocol type (you need to support onlyTCP, UDP, ICMP, and OTHER), source and destination ports (for TCP andUDP packets), the TCP flags in case of TCP packets, and the raw content of thepacket payload (hint 3). You are free, but not required, to enrich the outputwith other useful information from the packet headers (e.g., IP/TCP options,ICMP message types). You do not need to support any link layer protocol otherthan Ethernet. Support for IPv6 is also optional.
Your program should be compatible with modern Linux distributions. Yoursubmission will be tested on Ubuntu.
Hints:
0. Some useful resources:
https://www.tcpdump.org/pcap.htmlhttps://www.tcpdump.org/index.html#documentationhttps://pkg.go.dev/github.com/google/gopacket/https://pkg.go.dev/github.com/google/gopacket/pcaphttps://golang.org/doc/https://golang.org/pkg/encoding/hex/#example_Dumphttps://gobyexample.com/
1. pcap.FindAllDevs()
2. pcap.OpenOffline()
3. Your output should conform to the following format:
2021-02-16 13:14:33.224487 01:00:5E:7F:FF:7F -> C4:3D:C7:17:6F:17 type 0x800 len 9210.0.0.1:137 -> 10.0.0.255:137 UDPEB 71 01 10 00 01 00 00 00 00 00 00 20 45 42 45 .q. EBE4A 45 42 46 44 43 41 43 41 43 41 43 41 43 41 43 JEBFDCACACACACAC41 43 41 43 41 43 41 43 41 43 41 41 41 00 00 20 ACACACACACAAA..00 01 ..
2021-02-16 14:44:32.483327 00:1E:4F:A6:2D:77 -> 00:00:5E:00:01:64 type 0x800 len 98130.245.50.111 -> 130.245.20.2 ICMP3E 1C F8 49 8E 2A 01 00 08 09 0A 0B 0C 0D 0E 0F >..I.*.10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F .20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F !#$%&'()*+,-./30 31 32 33 34 35 36 37 01234567
2021-02-16 15:04:13.064632 D0:C7:89:A9:C7:40 -> 00:06:5B:FE:42:1A type 0x800 len 74192.168.0.1:2365 -> 192.168.1.2:80 TCP SYN
2021-02-16 15:04:13.131911 00:06:5B:FE:42:1A -> D0:C7:89:A9:C7:40 type 0x800 len 74192.168.1.2:80 -> 192.168.0.1:2365 TCP SYN ACK
2021-02-16 15:04:13.131969 D0:C7:89:A9:C7:40 -> 00:06:5B:FE:42:1A type 0x800 len 66192.168.0.1:2365 -> 192.168.1.2:80 TCP ACK
2021-02-16 15:04:13.132287 D0:C7:89:A9:C7:40 -> 00:06:5B:FE:42:1A type 0x800 len 168192.168.0.1:2365 -> 192.168.1.2:80 TCP PSH ACK47 45 54 20 2F 20 48 54 54 50 2F 31 2E 30 0D 0A GET / HTTP/1.0..55 73 65 72 2D 41 67 65 6E 74 3A 20 57 67 65 74 User-Agent: Wget2F 31 2E 31 31 2E 34 0D 0A 41 63 63 65 70 74 3A /1.11.4..Accept:20 2A 2F 2A 0D 0A 48 6F 73 74 3A 20 77 77 77 2E */*..Host: www.67 6F 6F 67 6C 65 2E 63 6F 6D 0D 0A 43 6F 6E 6E google.com..Conn65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D 41 6C 69 ection: Keep-Ali76 65 0D 0A 0D 0A ve.
2021-02-16 15:04:14.283347 00:0C:29:E9:94:8E -> C4:3D:C7:17:6F:99 type 0x806 len 4200 01 08 00 06 04 00 02 00 0c 29 e9 94 8e c0 a8 .)..00 c8 c4 3d c7 17 6f 99 56 00 21 14 =..o.V.!.
Reviews
There are no reviews yet.