Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/asphaltt/tc-dump
A network packet info dumping tool like tcpdump based on `tc-bpf`.
https://github.com/asphaltt/tc-dump
ebpf ebpf-co-re go golang skb tc tc-dump
Last synced: about 1 month ago
JSON representation
A network packet info dumping tool like tcpdump based on `tc-bpf`.
- Host: GitHub
- URL: https://github.com/asphaltt/tc-dump
- Owner: Asphaltt
- License: apache-2.0
- Created: 2022-08-22T13:54:24.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-11-28T12:43:53.000Z (about 1 year ago)
- Last Synced: 2024-04-17T23:59:05.890Z (8 months ago)
- Topics: ebpf, ebpf-co-re, go, golang, skb, tc, tc-dump
- Language: C
- Homepage:
- Size: 1.23 MB
- Stars: 31
- Watchers: 2
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# tc-dump
`tc-dump` is a network packet information dumping tool like tcpdump. It's based
on [tc-bpf](https://man7.org/linux/man-pages/man8/tc-bpf.8.html).It uses tc-filter ingress to dump incoming packets, uses tc-filter egress to
dump outcoming packets.## Usage
```bash
# ./tc-dump -h
Usage: ./tc-dump [options] [pcap-filter]
Available pcap-filter: see "man 7 pcap-filter"
Available options:
-d, --device strings network devices to run tc-dump
-m, --filter-mark uint32 filter mark for tc-dump
-k, --keep-tc-qdisc keep tc-qdisc when exit
pflag: help requested
```An output example:
```bash
ifindex: 2(enp1s0) dir=egress mark=0x0(0)
ETH: 56:00:03:e1:40:a6 -> fe:00:03:e1:40:a6, protocol IPv4
IPv4: 149.28.xx.yy -> 118.200.xxx.yy, header length 20, dscp 0x10, total length 144, id 0x93f6, TTL 64, protocol TCP
TCP: 22 -> 57680, seq 1116972675, ack 64800706, flags PSH,ACK, win 165
ifindex: 2(enp1s0) dir=egress mark=0x0(0)
ETH: 56:00:03:e1:40:a6 -> fe:00:03:e1:40:a6, protocol IPv4
IPv4: 149.28.xx.yy -> 118.200.xxx.yy, header length 20, dscp 0x10, total length 88, id 0x93f7, TTL 64, protocol TCP
TCP: 22 -> 57680, seq 1116972767, ack 64800706, flags PSH,ACK, win 165
ifindex: 2(enp1s0) dir=egress mark=0x0(0)
ETH: 56:00:03:e1:40:a6 -> fe:00:03:e1:40:a6, protocol IPv4
IPv4: 149.28.xx.yy -> 118.200.xxx.yy, header length 20, dscp 0x10, total length 128, id 0x93f8, TTL 64, protocol TCP
TCP: 22 -> 57680, seq 1116972803, ack 64800706, flags PSH,ACK, win 165
ifindex: 2(enp1s0) dir=egress mark=0x0(0)
ETH: 56:00:03:e1:40:a6 -> fe:00:03:e1:40:a6, protocol IPv4
IPv4: 149.28.xx.yy -> 118.200.xxx.yy, header length 20, dscp 0x10, total length 344, id 0x93f9, TTL 64, protocol TCP
TCP: 22 -> 57680, seq 1116972879, ack 64800706, flags PSH,ACK, win 165
ifindex: 2(enp1s0) dir=egress mark=0x0(0)
ETH: 56:00:03:e1:40:a6 -> fe:00:03:e1:40:a6, protocol IPv4
IPv4: 149.28.xx.yy -> 118.200.xxx.yy, header length 20, dscp 0x10, total length 384, id 0x93fa, TTL 64, protocol TCP
TCP: 22 -> 57680, seq 1116973171, ack 64800706, flags PSH,ACK, win 165
```## Requirements
`tc-dump` requires >= 5.2 kernel to run.
## Build
With latest `libpcap` installed, build `tc-dump` with:
```bash
go generate
CGO_ENABLED=1 go build
# ignore cgo warnings
```Install latest `libpcap` on Ubuntu:
```bash
# Get latest libpcap from https://www.tcpdump.org/
wget https://www.tcpdump.org/release/libpcap-1.10.4.tar.gz
cd libpcap-1.10.4
./configure --disable-rdma --disable-shared --disable-usb --disable-netmap --disable-bluetooth --disable-dbus --without-libnl
make
sudo make install
```## Recommended reference
1. [Tcpdump advanced filters](https://blog.wains.be/2007/2007-10-01-tcpdump-advanced-filters/)