new:1.network cap

go.mod

@@ -23,6 +23,7 @@ require (
 	github.com/go-sqlite/sqlite3 v0.0.0-20180313105335-53dd8e640ee7 // indirect
 	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	github.com/gonuts/binary v0.2.0 // indirect
+	github.com/google/gopacket v1.1.19 // indirect
 	github.com/google/uuid v1.5.0 // indirect
 	github.com/jxeng/shortcut v1.0.2 // indirect
 	github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 // indirect

go.sum

@@ -54,6 +54,8 @@ github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-github/v27 v27.0.4/go.mod h1:/0Gr8pJ55COkmv+S/yPKCczSkUPIM/LnFyubufRNIS0=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
+github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
+github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
@@ -102,6 +104,7 @@ go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -112,7 +115,9 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -162,6 +167,8 @@ golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBn
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190624190245-7f2218787638/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=

network/npcap.go

@@ -0,0 +1,162 @@
+package network
+
+import (
+	"fmt"
+	"gbase/glog"
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+	"github.com/google/gopacket/pcap"
+	"os"
+	"strings"
+	"time"
+)
+
+func GetLoopbackInterface() (loopbackInterfaceName string, err error) {
+
+	// 获取所有网络接口
+	interfaces, err := pcap.FindAllDevs()
+	if err != nil {
+		glog.XWarning(fmt.Sprintf("pcap.FindAllDevs error : %v\n", err))
+		return
+	}
+
+	found := false
+
+	// 遍历所有接口，找到环回接口
+	for _, iface := range interfaces {
+
+		if isLoopback(iface) {
+			//fmt.Printf("Name: %s, Description: %s\n", iface.Name, iface.Description)
+			loopbackInterfaceName = iface.Name
+			found = true
+			break
+		}
+	}
+
+	if !found {
+		glog.XWarning("No loopback interface found")
+		return loopbackInterfaceName, fmt.Errorf("No loopback interface found")
+	}
+
+	return loopbackInterfaceName, nil
+}
+
+func GetAllLoopbackInterface() (interfaceNames []string, err error) {
+	interfaceNames = []string{}
+	// 获取所有网络接口
+	interfaces, err := pcap.FindAllDevs()
+	if err != nil {
+		glog.XWarning(fmt.Sprintf("pcap.FindAllDevs error : %v\n", err))
+		return interfaceNames, err
+	}
+
+	for _, face := range interfaces {
+
+		for _, address := range face.Addresses {
+
+			println(face.Name + "-----------------" + address.IP.String())
+
+		}
+		interfaceNames = append(interfaceNames, face.Name)
+	}
+	return interfaceNames, nil
+}
+
+// 判断接口是否是环回接口
+func isLoopback(iface pcap.Interface) bool {
+	for _, address := range iface.Addresses {
+		if address.IP.IsLoopback() {
+			return true
+		}
+	}
+	return false
+}
+
+func Sniffer(interfaceName, sqlName string, port int) (err error) {
+	// 打开环回接口
+	handle, err := pcap.OpenLive(interfaceName, 1600, true, pcap.BlockForever)
+	if err != nil {
+		glog.XWarning(fmt.Sprintf("pcap.OpenLive %v error : %v\n", interfaceName, err))
+		return err
+	}
+	defer handle.Close()
+
+	// 设置过滤器，只捕获 TCP 1433 端口（SQL Server 端口）的数据包
+	filter := fmt.Sprintf("tcp and port %v", port)
+	err = handle.SetBPFFilter(filter)
+	if err != nil {
+		glog.XWarning(fmt.Sprintf("handle.SetBPFFilter error : %v\n", err))
+		return err
+	}
+	glog.XWarning(fmt.Sprintf("Listening on %s\n", interfaceName))
+
+	filename := fmt.Sprintf("%v%v.txt", sqlName, time.Now().Format("20060102030405"))
+	fileHandle, err := os.Create(filename)
+	if err != nil {
+		glog.XWarning(fmt.Sprintf("os.Create %v error : %v\n", filename, err))
+		return err
+	}
+	defer fileHandle.Close()
+
+	// 创建数据包源
+	packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
+	for packet := range packetSource.Packets() {
+		sqlStatement, err := processPacket(packet)
+		if err == nil {
+			fileHandle.Write([]byte(sqlStatement + "\n"))
+		}
+	}
+	return nil
+}
+func processPacket(packet gopacket.Packet) (sqlStatement string, err error) {
+	// 检测是否存在任何错误
+	errs := packet.ErrorLayer()
+	if err != nil {
+		glog.XWarning(fmt.Sprintf("decoding packet error : %v\n", errs.Error()))
+		return
+	}
+
+	// 解析 TCP 层
+	tcpLayer := packet.Layer(layers.LayerTypeTCP)
+	if tcpLayer == nil {
+		return
+	}
+
+	// 打印应用层/有效载荷
+	applicationLayer := packet.ApplicationLayer()
+	if applicationLayer == nil {
+		return
+	}
+
+	payload := applicationLayer.Payload()
+	sqlStatement = extractSQLFromPayload(payload)
+	if sqlStatement != "" {
+		return sqlStatement, nil
+	}
+
+	return sqlStatement, nil
+}
+
+func extractSQLFromPayload(payload []byte) string {
+	// 将字节转换为字符串
+	data := string(payload)
+	data = strings.ReplaceAll(data, "\r", "")
+	data = strings.ReplaceAll(data, "\n", "")
+	data = strings.ReplaceAll(data, "\r\n", "")
+	data = strings.ReplaceAll(data, "\t", "")
+	// 检查是否包含 SQL 关键字
+	if containsSQLKeyword(data) {
+		return data
+	}
+	return ""
+}
+
+func containsSQLKeyword(data string) bool {
+	keywords := []string{"INSERT", "UPDATE", "DELETE", "SELECT"}
+	for _, keyword := range keywords {
+		if strings.Contains(strings.ToUpper(data), keyword) {
+			return true
+		}
+	}
+	return false
+}