Skip to content

Latest commit

 

History

History
163 lines (143 loc) · 7.46 KB

README.md

File metadata and controls

163 lines (143 loc) · 7.46 KB

This is a TCP/IP debugger/proxy allowing to intercept the network traffic. It can serve multiple connections in parallel.

Prerequisites

This program is written in Go and requires at least the release 1.

Usage

For example:

go run gotcpspy.go -host=ftp.idsoftware.com -port 21 -listen_port=8081

It starts running with the message:

Start listening on port 8081 and forwarding data to ftp.idsoftware.com:21

In a separate console you can run:

telnet localhost 8081

and enter something, for example, USER test <ENTER>, PASS test@test.org <ENTER> and finally QUIT <ENTER>.

It should produce three logs.

Bidirectional dump

log-2012.04.20-12.10.12-0001-10.44.2.21-26311-192.246.40.185-21.log

Connected to ftp.idsoftware.com:21 at 2012.04.20-12.10.12
Received (#0, 00000000) 24 bytes from 10.44.2.21-26311
00000000  32 32 30 2d 66 74 70 2e  69 64 73 6f 66 74 77 61  |220-ftp.idsoftwa|
00000010  72 65 2e 63 6f 6d 0d 0a                           |re.com..|
Sent (#0) to 127.0.0.1-8081
Received (#1, 00000018) 353 bytes from 10.44.2.21-26311
00000000  32 32 30 2d 2d 2d 2d 2d  2d 2d 2d 2d 2d 2d 2d 2d  |220-------------|
00000010  2d 2d 2d 2d 2d 2d 2d 2d  2d 2d 2d 2d 2d 2d 2d 2d  |----------------|
00000020  2d 0d 0a 32 32 30 2d 57  65 6c 63 6f 6d 65 20 74  |-..220-Welcome t|
00000030  6f 20 66 74 70 2e 69 64  73 6f 66 74 77 61 72 65  |o ftp.idsoftware|
00000040  2e 63 6f 6d 0d 0a 32 32  30 2d 2d 2d 2d 2d 2d 2d  |.com..220-------|
00000050  2d 2d 2d 2d 2d 2d 2d 2d  2d 2d 2d 2d 2d 2d 2d 2d  |----------------|
00000060  2d 2d 2d 2d 2d 2d 2d 0d  0a 32 32 30 2d 0d 0a 32  |-------..220-..2|
00000070  32 30 2d 43 6f 6e 6e 65  63 74 69 6f 6e 20 66 72  |20-Connection fr|
00000080  6f 6d 20 38 30 2e 31 36  39 2e 33 34 2e 31 39 34  |om 80.169.34.194|
00000090  20 6c 6f 67 67 65 64 0d  0a 32 32 30 2d 59 6f 75  | logged..220-You|
000000a0  20 61 72 65 20 75 73 65  72 20 32 30 20 6f 66 20  | are user 20 of |
000000b0  31 35 30 20 61 76 61 69  6c 61 62 6c 65 20 63 6f  |150 available co|
000000c0  6e 6e 65 63 74 69 6f 6e  73 2e 0d 0a 32 32 30 2d  |nnections...220-|
000000d0  0d 0a 32 32 30 2d 41 76  65 72 61 67 65 20 74 68  |..220-Average th|
000000e0  72 6f 75 67 68 70 75 74  20 66 6f 72 20 74 68 69  |roughput for thi|
000000f0  73 20 73 65 72 76 65 72  20 69 73 20 32 34 38 2e  |s server is 248.|
00000100  38 38 37 20 4b 42 70 73  2e 0d 0a 32 32 30 2d 35  |887 KBps...220-5|
00000110  35 37 34 20 70 65 6f 70  6c 65 20 68 61 76 65 20  |574 people have |
00000120  76 69 73 69 74 65 64 20  74 68 69 73 20 73 69 74  |visited this sit|
00000130  65 20 69 6e 20 74 68 65  20 6c 61 73 74 20 32 34  |e in the last 24|
00000140  20 68 6f 75 72 73 2e 0d  0a 32 32 30 2d 0d 0a 32  | hours...220-..2|
00000150  32 30 2d 0d 0a 32 32 30  2d 0d 0a 32 32 30 20 0d  |20-..220-..220 .|
00000160  0a                                                |.|
Sent (#1) to 127.0.0.1-8081
Received (#0, 00000000) 1 bytes from 127.0.0.1-8081
00000000  55                                                |U|
Sent (#0) to 10.44.2.21-26311
Received (#1, 00000001) 1 bytes from 127.0.0.1-8081
00000000  53                                                |S|
Sent (#1) to 10.44.2.21-26311
Received (#2, 00000002) 10 bytes from 127.0.0.1-8081
00000000  45 52 20 61 6e 6f 6e 79  6d 6f                    |ER anonymo|
Sent (#2) to 10.44.2.21-26311
Received (#3, 0000000C) 2 bytes from 127.0.0.1-8081
00000000  75 73                                             |us|
Sent (#3) to 10.44.2.21-26311
Received (#4, 0000000E) 2 bytes from 127.0.0.1-8081
00000000  0d 0a                                             |..|
Sent (#4) to 10.44.2.21-26311
Received (#2, 00000179) 70 bytes from 10.44.2.21-26311
00000000  33 33 31 20 55 73 65 72  20 6e 61 6d 65 20 6f 6b  |331 User name ok|
00000010  61 79 2c 20 70 6c 65 61  73 65 20 73 65 6e 64 20  |ay, please send |
00000020  63 6f 6d 70 6c 65 74 65  20 45 2d 6d 61 69 6c 20  |complete E-mail |
00000030  61 64 64 72 65 73 73 20  61 73 20 70 61 73 73 77  |address as passw|
00000040  6f 72 64 2e 0d 0a                                 |ord...|
Sent (#2) to 127.0.0.1-8081
Received (#5, 00000010) 1 bytes from 127.0.0.1-8081
00000000  50                                                |P|
Sent (#5) to 10.44.2.21-26311
Received (#6, 00000011) 3 bytes from 127.0.0.1-8081
00000000  41 53 53                                          |ASS|
Sent (#6) to 10.44.2.21-26311
Received (#7, 00000014) 2 bytes from 127.0.0.1-8081
00000000  20 74                                             | t|
Sent (#7) to 10.44.2.21-26311
Received (#8, 00000016) 1 bytes from 127.0.0.1-8081
00000000  65                                                |e|
Sent (#8) to 10.44.2.21-26311
Received (#9, 00000017) 1 bytes from 127.0.0.1-8081
00000000  73                                                |s|
Sent (#9) to 10.44.2.21-26311
Received (#10, 00000018) 2 bytes from 127.0.0.1-8081
00000000  74 40                                             |t@|
Sent (#10) to 10.44.2.21-26311
Received (#11, 0000001A) 6 bytes from 127.0.0.1-8081
00000000  6e 61 6d 65 2e 6f                                 |name.o|
Sent (#11) to 10.44.2.21-26311
Received (#12, 00000020) 2 bytes from 127.0.0.1-8081
00000000  72 67                                             |rg|
Sent (#12) to 10.44.2.21-26311
Received (#13, 00000022) 2 bytes from 127.0.0.1-8081
00000000  0d 0a                                             |..|
Sent (#13) to 10.44.2.21-26311
Received (#3, 000001BF) 30 bytes from 10.44.2.21-26311
00000000  32 33 30 20 55 73 65 72  20 6c 6f 67 67 65 64 20  |230 User logged |
00000010  69 6e 2c 20 70 72 6f 63  65 65 64 2e 0d 0a        |in, proceed...|
Sent (#3) to 127.0.0.1-8081
Received (#14, 00000024) 1 bytes from 127.0.0.1-8081
00000000  51                                                |Q|
Sent (#14) to 10.44.2.21-26311
Received (#15, 00000025) 3 bytes from 127.0.0.1-8081
00000000  55 49 54                                          |UIT|
Sent (#15) to 10.44.2.21-26311
Received (#16, 00000028) 2 bytes from 127.0.0.1-8081
00000000  0d 0a                                             |..|
Sent (#16) to 10.44.2.21-26311
Received (#4, 000001DD) 14 bytes from 10.44.2.21-26311
00000000  32 32 31 20 47 6f 6f 64  62 79 65 21 0d 0a        |221 Goodbye!..|
Sent (#4) to 127.0.0.1-8081
Disconnected from 10.44.2.21-26311
Disconnected from 127.0.0.1-8081
Finished at 2012.04.20-12.10.12, duration 16.5769481s

Outgoing binary log

log-binary-2012.04.20-12.10.12-0001-10.44.2.21-26311.log

USER anonymous
PASS test@name.org
QUIT

Incoming binary log

log-binary-2012.04.20-12.10.12-0001-192.246.40.185-21.log

220-ftp.idsoftware.com
220------------------------------
220-Welcome to ftp.idsoftware.com
220------------------------------
220-
220-Connection from 80.169.34.194 logged
220-You are user 20 of 150 available connections.
220-
220-Average throughput for this server is 248.887 KBps.
220-5574 people have visited this site in the last 24 hours.
220-
220-
220-
220 
331 User name okay, please send complete E-mail address as password.
230 User logged in, proceed.
221 Goodbye!