• Stars
    star
    125
  • Rank 286,335 (Top 6 %)
  • Language
    Go
  • License
    MIT License
  • Created over 6 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

tcpdp is TCP dump tool with custom dumper and structured logger written in Go.

tcpdp build GitHub release Coverage Code to Test Ratio Test Execution Time

tcpdp is TCP dump tool with custom dumper and structured logger written in Go.

tcpdp has 3 modes:

  • TCP Proxy server mode
  • Probe mode ( using libpcap )
  • Read pcap file mode

Usage

tcpdp proxy : TCP proxy server mode

$ tcpdp proxy -l localhost:12345 -r localhost:1234 -d hex # hex.Dump()
$ tcpdp proxy -l localhost:55432 -r db.internal.example.com:5432 -d pg # Dump query of PostgreSQL
$ tcpdp proxy -l localhost:33306 -r db.example.com:3306 -d mysql # Dump query of MySQL

With server-starter

https://github.com/lestrrat-go/server-starter

$ start_server --port 33306 -- tcpdp proxy -s -r db.example.com:3306 -d mysql

With config file

$ tcpdp proxy -c config.toml

tcpdp probe : Probe mode (like tcpdump)

$ tcpdp probe -i lo0 -t localhost:3306 -d mysql # is almost the same setting as 'tcpdump -i lo0 host 127.0.0.1 and tcp port 3306'
$ tcpdp probe -i eth0 -t 3306 -d hex # is almost the same setting as 'tcpdump -i eth0 tcp port 3306'

tcpdp read : Read pcap file mode

$ tcpdump -i eth0 host 127.0.0.1 and tcp port 3306 -w mysql.pcap
$ tcpdp read mysql.pcap -d mysql -t 3306 -f ltsv

tcpdp config Create config

$ tcpdp config > myconfig.toml

Show current config

$ tcpdp config

config format

[tcpdp]
pidfile = "/var/run/tcpdp.pid"
dumper = "mysql"

[probe]
target = "db.example.com:3306"
interface = "en0"
bufferSize = "2MB"
immediateMode = false
snapshotLength = "auto"
internalBufferLength = 10000
filter = ""

[proxy]
useServerStarter = false
listenAddr = "localhost:3306"
remoteAddr = "db.example.com:3306"

[log]
dir = "/var/log/tcpdp"
enable = true
enableInternal = true
stdout = true
format = "ltsv"
rotateEnable = true
rotationTime = "daily"
rotationCount = 7
# You can execute arbitrary commands after rotate
# $1 = prev filename
# $2 = current filename
rotationHook = "/path/to/after_rotate.sh"
fileName = "tcpdp.log"

[dumpLog]
dir = "/var/log/dump"
enable = true
stdout = false
format = "json"
rotateEnable = true
rotationTime = "hourly"
rotationCount = 24
fileName = "dump.log"

Installation

$ go get github.com/k1LoW/tcpdp

Architecture

tcpdp proxy connection diagram

      client_addr
           ^
           |        tcpdp
+----------|---------------+
|          v               |
|  proxy_listen_addr       |
|         + ^              |
|         | |   +--------+ |
|         |<----+ dumper | |
|         | |<--+        | |
|         | |   +--------+ |
|         v +              |
|  proxy_client_addr       |
|          ^               |
+----------|---------------+
           |
           v
      remote_addr

tcpdp probe connection diagram

                    server
+--------------------------+
|                          |
|                      +---+---+
|       <--------------| eth0  |----------->
|            interface +---+---+
|            /target     ^ |
|                        | |
|         tcpdp          | |
|        +--------+      | |
|        | dumper +------+ |
|        +--------+        |
+--------------------------+

tcpdp read diagram

                  tcpdp
+--------+ STDIN +--------+ STDOUT
| *.pcap +------>+ dumper +-------->
+--------+       +--------+

tcpdp.log ( tcpdp proxy or tcpdp probe )

key description mode
ts timestamp proxy / probe / read
level log level proxy / probe
msg log message proxy / probe
error error info proxy / probe
caller error caller proxy / probe
conn_id TCP connection ID by tcpdp proxy / probe
target probe target proxy / probe
dumper dumper type proxy / probe
use_server_starter use server_starter proxy
conn_seq_num TCP comunication sequence number by tcpdp proxy
client_addr client address tcpdp.log, hex, mysql, pg
remote_addr remote address proxy
proxy_listen_addr listen address proxy
direction client to remote: -> / remote to client: <- proxy
interface probe target interface probe
mtu interface MTU (Maximum Transmission Unit) probe
mss TCP connection MSS (Max Segment Size) probe
probe_target_addr probe target address probe
filter BPF (Berkeley Packet Filter) probe
buffer_size libpcap buffer_size probe
immediate_mode libpcap immediate_mode probe
snapshot_length libpcap snapshot length probe
internal_buffer_length tcpdp internal packet buffer length probe

Dumper

mysql

MySQL query dumper

NOTICE: MySQL query dumper require --target option when tcpdp proxy tcpdp probe

key description mode
ts timestamp proxy / probe / read
conn_id TCP connection ID by tcpdp proxy / probe / read
conn_seq_num TCP comunication sequence number by tcpdp proxy
client_addr client address proxy
proxy_listen_addr listen address proxy
proxy_client_addr proxy client address proxy
remote_addr remote address proxy
direction client to remote: -> / remote to client: <- proxy
interface probe target interface probe
src_addr src address probe / read
dst_addr dst address probe / read
probe_target_addr probe target address probe
proxy_protocol_src_addr proxy protocol src address probe / proxy /read
proxy_protocol_dst_addr proxy protocol dst address probe / proxy /read
query SQL query proxy / probe / read
stmt_id statement id proxy / probe / read
stmt_prepare_query prepared statement query proxy / probe / read
stmt_execute_values prepared statement execute values proxy / probe / read
character_set character set proxy / probe / read
username username proxy / probe / read
database database proxy / probe / read
seq_num sequence number by MySQL proxy / probe / read
command_id command_id for MySQL proxy / probe / read

pg

PostgreSQL query dumper

NOTICE: PostgreSQL query dumper require --target option tcpdp proxy tcpdp probe

key description mode
ts timestamp proxy / probe / read
conn_id TCP connection ID by tcpdp proxy / probe / read
conn_seq_num TCP comunication sequence number by tcpdp proxy
client_addr client address proxy
proxy_listen_addr listen address proxy
proxy_client_addr proxy client address proxy
remote_addr remote address proxy
direction client to remote: -> / remote to client: <- proxy
interface probe target interface probe
src_addr src address probe / read
dst_addr dst address probe / read
probe_target_addr probe target address probe
proxy_protocol_src_addr proxy protocol src address probe / proxy /read
proxy_protocol_dst_addr proxy protocol dst address probe / proxy /read
query SQL query proxy / probe / read
portal_name portal Name proxy / probe / read
stmt_name prepared statement name proxy / probe / read
parse_query prepared statement query proxy / probe / read
bind_values prepared statement bind(execute) values proxy / probe / read
username username proxy / probe / read
database database proxy / probe / read
message_type message type for PostgreSQL proxy / probe / read

hex

key description mode
ts timestamp proxy / probe / read
conn_id TCP connection ID by tcpdp proxy / probe / read
conn_seq_num TCP comunication sequence number by tcpdp proxy
client_addr client address proxy
proxy_listen_addr listen address proxy
proxy_client_addr proxy client address proxy
remote_addr remote address proxy
direction client to remote: -> / remote to client: <- proxy
interface probe target interface probe
src_addr src address probe / read
dst_addr dst address probe / read
probe_target_addr probe target address probe
proxy_protocol_src_addr proxy protocol src address probe / proxy /read
proxy_protocol_dst_addr proxy protocol dst address probe / proxy /read
bytes bytes string by hex.Dump proxy / probe / read
ascii ascii string by hex.Dump proxy / probe / read

References

More Repositories

1

tbls

tbls is a CI-Friendly tool for document a database, written in Go.
Go
2,344
star
2

awspec

RSpec tests for your AWS resources.
Ruby
1,173
star
3

octocov

octocov is a toolkit for collecting code metrics (code coverage, code to test ratio and test execution time).
Go
198
star
4

ndiag

ndiag is a high-level architecture diagramming/documentation tool.
Go
176
star
5

serverless-s3-sync

A plugin to sync local directories and S3 prefixes for Serverless Framework ⚡
JavaScript
170
star
6

gh-grep

:octocat: Print lines matching a pattern in repositories using GitHub API
Go
155
star
7

runn

runn is a package/tool for running operations following a scenario.
Go
154
star
8

filt

filt is a interactive/realtime stream filter ( also known as "trial-and-error pipe" ).
Go
74
star
9

evry

Split STDIN stream and execute specified command every N lines/seconds.
Go
64
star
10

colr

🎨 colr colors strings, colorfully.
Go
59
star
11

ghput

:octocat: ghput is a CI-friendly tool that puts * on GitHub.
Go
34
star
12

harvest

🪲 Portable log aggregation tool for middle-scale system operation/troubleshooting.
Go
31
star
13

utsusemi

A tool to generate a static website by crawling the original site.
JavaScript
30
star
14

emacs-cake

Minor Mode for editing CakePHP code in Emacs
Emacs Lisp
27
star
15

sakuravps

Shell
27
star
16

emacs-drill-instructor

Enforce key-bind of Emacs. a.k.a 鬼軍曹.el
Emacs Lisp
27
star
17

frgm

frgm is a meta snippet (fragment) manager.
Go
25
star
18

holiday_jp

[DEPRECATED PROJECT] holiday_jp
Ruby
23
star
19

github-script-ruby

Write workflows scripting the GitHub API in Ruby
Ruby
23
star
20

ghdag

:octocat: ghdag is a tiny workflow engine for GitHub issue and pull request.
Go
23
star
21

fatty

Simple Git repogitory browser plugin for CakePHP
JavaScript
22
star
22

serverless-static-hosting-with-basic-auth

Serverless boilerplate for Static website hosting with Basic authentication
JavaScript
21
star
23

trivy-db-to

trivy-db-to is a tool for migrating/converting vulnerability information from Trivy DB to other datasource.
Go
19
star
24

yalog

Yet Another Logger for CakePHP
PHP
19
star
25

awsdo

awsdo is a tool to do anything using AWS temporary credentials.
Go
19
star
26

execop

ExeCop is a checker that check commands and environment variables before execute command.
Shell
18
star
27

emacs-titanium

Minor Mode for editing Titanium code in Emacs
Emacs Lisp
17
star
28

koma

Koma is an inventory monitoring tool that doesn’t require agent installation on the sever side.
Ruby
17
star
29

awsecrets

AWS credentials loader
Ruby
17
star
30

sheer-heart-attack

💣 A debugging tool that can execute any command on process/host metrics trigger 💥 .
Go
17
star
31

octocov-action

:octocat: GitHub Action for octocov
Shell
17
star
32

certman

CLI tool for AWS Certificate Manager.
Ruby
17
star
33

aws-graph

Draw AWS network graph with Graphviz.
Ruby
16
star
34

sconb

Ssh CONfig Buckup tool.
Ruby
16
star
35

docker-alpine-pandoc-ja

Pandoc for Japanese based on Alpine Linux
Dockerfile
15
star
36

model_info

CakePHP DB Schema/Model Info Plugin
PHP
13
star
37

fake

Fixture generator plugin for cAKEphp.
PHP
13
star
38

viewpath

Viewpath: View file path display plugin for CakePHP
PHP
12
star
39

CacooViewer

Simple `Cacoo' diagrams viewer.
JavaScript
12
star
40

Yacsv

Yet another CSV utility plugin for CakePHP
PHP
12
star
41

grouped_process_exporter

Exporter for grouped process
Go
11
star
42

emacs-serverspec

Serverspec minor mode
Emacs Lisp
11
star
43

dirmap

📁 dirmap is a tool for generating a directory map.
Go
11
star
44

metr

metr provides an easy way to use host/process metrics for shell script/monitoring tool.
Go
11
star
45

gh-setup

:octocat: Setup asset of Github releases.
Go
10
star
46

connected

🔌 Watch your MacBook connection ⚡
Go
10
star
47

glyph

Icon as Code
Go
10
star
48

controller_prefix

`Controller name prefix' custom route plugin for CakePHP
PHP
10
star
49

emacs-cake2

Minor Mode for editing CakePHP2 code in Emacs
Emacs Lisp
10
star
50

sshc

sshc.NewClient() returns *ssh.Client using ssh_config(5)
Go
10
star
51

tbls-ask

tbls-ask is an external subcommand of tbls for asking OpenAI using the datasource.
Go
10
star
52

tokyotyrant_php

Yet Another "Tokyo Tyrant" PHP Interface
PHP
9
star
53

pr-bullet

pr-bullet is a tool for copying pull request to multiple repositories.
Go
9
star
54

recipe

recipe - CakePHP CLI Package Installer -
PHP
9
star
55

emacs-historyf

file history library like browser
Emacs Lisp
9
star
56

escape

Auto escaping plugin for CakePHP
PHP
8
star
57

yak

Yet Another Ktai plugin for CakePHP
PHP
8
star
58

ebk

ebk is a tiny tool for ebook
Go
8
star
59

emacs-ac-cake2

Emacs Lisp
8
star
60

pear_local

PEAR Local install plugin for CakePHP
PHP
8
star
61

stopw

A stopwatch library in Go for nested time measurement.
Go
8
star
62

emacs-ac-cake

Emacs Lisp
8
star
63

duration

duration.Parse() parses a formatted string and returns the time.Duration value it represents.
Go
8
star
64

auto-complete-exuberant-ctags

Exuberant ctags auto-complete.el source
Emacs Lisp
8
star
65

has_no

Simple binding model practice plugin for CakePHP.
PHP
7
star
66

mackerel-plugin-prometheus-exporter

🐟 Mackerel plugin for scraping Prometheus exporter metrics. 🔥
Go
7
star
67

awsrm

Simple AWS Resource "READONLY" Mapper for awspec.
Ruby
7
star
68

jquery-cakephp-debugkit

Add JavaScript valiables panel to 'CakePHP DebugKit'
JavaScript
7
star
69

gh-star-history

:octocat: Show star history of repositories. ⭐
Go
7
star
70

tbls-meta

tbls-meta is an external subcommand of tbls for applying metadata managed by tbls to the datasource.
Go
6
star
71

tmpfk

Temporary foreign key add/drop tool for using ERD generator for "Keyless entry (SQL Antipatterns)" schema.
Ruby
6
star
72

DebugMemo

DebugMemo: Memo tool for development / CakePHP plugin
PHP
6
star
73

anything-exuberant-ctags

Exuberant ctags anything.el interface
Emacs Lisp
6
star
74

brewfile-desc

brewfile-desc add descriptions of formulae to Brewfile.
Go
6
star
75

po

CakePHP .po File Edit Plugin
PHP
6
star
76

ghfs

:octocat: Go io/fs implementation for GitHub remote repository
Go
5
star
77

Exception

Exception plugin for CakePHP
PHP
5
star
78

backlog-favicon-changer

Chrome Extension to change favicon for multiple Backlog projects.
JavaScript
5
star
79

emacs-yarm

Yet Another Ruby on Rails Minor Mode for Emacs
Emacs Lisp
5
star
80

calendar

Calendar plugin for CakePHP
PHP
5
star
81

anything-replace-string

replace-string() and query-string() `anything.el' interface
Emacs Lisp
5
star
82

calver

calver is a package/tool provides the ability to work with Calendar Versioning in Go.
Go
5
star
83

ssh_config_to_vuls_config

sc2vc: ssh_config to vuls config TOML format
Ruby
5
star
84

phpenv-nginx-ansible-vagrant

Ruby
5
star
85

typd

お前は今まで入力したフォームの値を覚えているのか?
JavaScript
5
star
86

Setting

Database driven setting plugin for CakePHP.
PHP
5
star
87

backslack

Bridge between Backlog and Slack
JavaScript
5
star
88

anything-hatena-bookmark

Hatena::Bookmark anything.el interface
Emacs Lisp
5
star
89

Yasd

Yet Another SoftDeletable Behavior for CakePHP
PHP
5
star
90

tbls-build

tbls-build is an external subcommand of tbls for customizing config file of tbls using other tbls.yml or schema.json.
Go
5
star
91

curlreq

curlreq creates *http.Request from curl command.
Go
4
star
92

Sample-Calendar-Application

Sample Application for the CakePHP Calendar Plugin
PHP
4
star
93

repin

repin is a tool to replace strings between keyword pair.
Go
4
star
94

lrep

lrep = l/re/p = line regular expression parser
Go
4
star
95

webroot_view

CakePHP library for use elements and helpers under app/webroot/
PHP
4
star
96

Back

Sessoin base `history back' plugin for CakePHP
PHP
4
star
97

keyp

keyp is a tool to keep public keys up to date.
Go
4
star
98

property-enum

Property based enum plugin for CakePHP 3
PHP
4
star
99

slkm

slkm is github.com/slack-go/slack wrapper package for posting message.
Go
4
star
100

emacs-key-cast

Key Storke Casting Minor Mode for Emacs
4
star