tc-dump

tc-dump is a network packet information dumping tool like tcpdump. It's based on tc-bpf.

It uses tc-filter ingress to dump incoming packets, uses tc-filter egress to dump outcoming packets.

Usage

# ./tc-dump -h
Usage: ./tc-dump [options] [pcap-filter]
    Available pcap-filter: see "man 7 pcap-filter"
    Available options:
  -d, --device strings       network devices to run tc-dump
  -m, --filter-mark uint32   filter mark for tc-dump
  -k, --keep-tc-qdisc        keep tc-qdisc when exit
pflag: help requested

An output example:

ifindex: 2(enp1s0) dir=egress mark=0x0(0)
        ETH: 56:00:03:e1:40:a6 -> fe:00:03:e1:40:a6, protocol IPv4
        IPv4: 149.28.xx.yy -> 118.200.xxx.yy, header length 20, dscp 0x10, total length 144, id 0x93f6, TTL 64, protocol TCP
        TCP: 22 -> 57680, seq 1116972675, ack 64800706, flags PSH,ACK, win 165
ifindex: 2(enp1s0) dir=egress mark=0x0(0)
        ETH: 56:00:03:e1:40:a6 -> fe:00:03:e1:40:a6, protocol IPv4
        IPv4: 149.28.xx.yy -> 118.200.xxx.yy, header length 20, dscp 0x10, total length 88, id 0x93f7, TTL 64, protocol TCP
        TCP: 22 -> 57680, seq 1116972767, ack 64800706, flags PSH,ACK, win 165
ifindex: 2(enp1s0) dir=egress mark=0x0(0)
        ETH: 56:00:03:e1:40:a6 -> fe:00:03:e1:40:a6, protocol IPv4
        IPv4: 149.28.xx.yy -> 118.200.xxx.yy, header length 20, dscp 0x10, total length 128, id 0x93f8, TTL 64, protocol TCP
        TCP: 22 -> 57680, seq 1116972803, ack 64800706, flags PSH,ACK, win 165
ifindex: 2(enp1s0) dir=egress mark=0x0(0)
        ETH: 56:00:03:e1:40:a6 -> fe:00:03:e1:40:a6, protocol IPv4
        IPv4: 149.28.xx.yy -> 118.200.xxx.yy, header length 20, dscp 0x10, total length 344, id 0x93f9, TTL 64, protocol TCP
        TCP: 22 -> 57680, seq 1116972879, ack 64800706, flags PSH,ACK, win 165
ifindex: 2(enp1s0) dir=egress mark=0x0(0)
        ETH: 56:00:03:e1:40:a6 -> fe:00:03:e1:40:a6, protocol IPv4
        IPv4: 149.28.xx.yy -> 118.200.xxx.yy, header length 20, dscp 0x10, total length 384, id 0x93fa, TTL 64, protocol TCP
        TCP: 22 -> 57680, seq 1116973171, ack 64800706, flags PSH,ACK, win 165

Requirements

tc-dump requires >= 5.2 kernel to run.

Build

With latest libpcap installed, build tc-dump with:

go generate
CGO_ENABLED=1 go build
# ignore cgo warnings

Install latest libpcap on Ubuntu:

# Get latest libpcap from https://www.tcpdump.org/
wget https://www.tcpdump.org/release/libpcap-1.10.4.tar.gz
cd libpcap-1.10.4
./configure --disable-rdma --disable-shared --disable-usb --disable-netmap --disable-bluetooth --disable-dbus --without-libnl
make
sudo make install

Recommended reference

Tcpdump advanced filters

hubways / tc-dump Goto Github PK

tc-dump's Introduction

tc-dump

Usage

Requirements

Build

Recommended reference

tc-dump's People

Contributors

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent