package network import ( "fmt" "gbase/glog" "github.com/google/gopacket" "github.com/google/gopacket/layers" "github.com/google/gopacket/pcap" "os" "strings" "time" ) func GetLoopbackInterface() (loopbackInterfaceName string, err error) { // 获取所有网络接口 interfaces, err := pcap.FindAllDevs() if err != nil { glog.XWarning(fmt.Sprintf("pcap.FindAllDevs error : %v\n", err)) return } found := false // 遍历所有接口,找到环回接口 for _, iface := range interfaces { if isLoopback(iface) { //fmt.Printf("Name: %s, Description: %s\n", iface.Name, iface.Description) loopbackInterfaceName = iface.Name found = true break } } if !found { glog.XWarning("No loopback interface found") return loopbackInterfaceName, fmt.Errorf("No loopback interface found") } return loopbackInterfaceName, nil } func GetAllLoopbackInterface() (interfaceNames []string, err error) { interfaceNames = []string{} // 获取所有网络接口 interfaces, err := pcap.FindAllDevs() if err != nil { glog.XWarning(fmt.Sprintf("pcap.FindAllDevs error : %v\n", err)) return interfaceNames, err } for _, face := range interfaces { for _, address := range face.Addresses { println(face.Name + "-----------------" + address.IP.String()) } interfaceNames = append(interfaceNames, face.Name) } return interfaceNames, nil } // 判断接口是否是环回接口 func isLoopback(iface pcap.Interface) bool { for _, address := range iface.Addresses { if address.IP.IsLoopback() { return true } } return false } func Sniffer(interfaceName, sqlName string, port int) (err error) { // 打开环回接口 handle, err := pcap.OpenLive(interfaceName, 1600, true, pcap.BlockForever) if err != nil { glog.XWarning(fmt.Sprintf("pcap.OpenLive %v error : %v\n", interfaceName, err)) return err } defer handle.Close() // 设置过滤器,只捕获 TCP 1433 端口(SQL Server 端口)的数据包 filter := fmt.Sprintf("tcp and port %v", port) err = handle.SetBPFFilter(filter) if err != nil { glog.XWarning(fmt.Sprintf("handle.SetBPFFilter error : %v\n", err)) return err } glog.XWarning(fmt.Sprintf("Listening on %s\n", interfaceName)) filename := fmt.Sprintf("%v%v.txt", sqlName, time.Now().Format("20060102030405")) fileHandle, err := os.Create(filename) if err != nil { glog.XWarning(fmt.Sprintf("os.Create %v error : %v\n", filename, err)) return err } defer fileHandle.Close() // 创建数据包源 packetSource := gopacket.NewPacketSource(handle, handle.LinkType()) for packet := range packetSource.Packets() { sqlStatement, err := processPacket(packet) if err == nil { fileHandle.Write([]byte(sqlStatement + "\n")) } } return nil } func processPacket(packet gopacket.Packet) (sqlStatement string, err error) { // 检测是否存在任何错误 errs := packet.ErrorLayer() if err != nil { glog.XWarning(fmt.Sprintf("decoding packet error : %v\n", errs.Error())) return } // 解析 TCP 层 tcpLayer := packet.Layer(layers.LayerTypeTCP) if tcpLayer == nil { return } // 打印应用层/有效载荷 applicationLayer := packet.ApplicationLayer() if applicationLayer == nil { return } payload := applicationLayer.Payload() sqlStatement = extractSQLFromPayload(payload) if sqlStatement != "" { return sqlStatement, nil } return sqlStatement, nil } func extractSQLFromPayload(payload []byte) string { // 将字节转换为字符串 data := string(payload) data = strings.ReplaceAll(data, "\r", "") data = strings.ReplaceAll(data, "\n", "") data = strings.ReplaceAll(data, "\r\n", "") data = strings.ReplaceAll(data, "\t", "") // 检查是否包含 SQL 关键字 if containsSQLKeyword(data) { return data } return "" } func containsSQLKeyword(data string) bool { keywords := []string{"INSERT", "UPDATE", "DELETE", "SELECT"} for _, keyword := range keywords { if strings.Contains(strings.ToUpper(data), keyword) { return true } } return false }