GitPedia

Tcpdp

tcpdp is TCP dump tool with custom dumper and structured logger written in Go.

From k1LoW·Updated October 27, 2024·View on GitHub·

tcpdp is TCP dump tool with custom dumper and structured logger written in Go. The project is written primarily in Go, distributed under the MIT License license, first published in 2018. Key topics include: mysql, pcap-parser, postgresql, tcp-dump, tcp-proxy.

Latest release: v0.23.9
March 28, 2024View Changelog →

tcpdp build GitHub release Coverage Code to Test Ratio Test Execution Time

tcpdp is TCP dump tool with custom dumper and structured logger written in Go.

tcpdp has 3 modes:

  • TCP Proxy server mode
  • Probe mode ( using libpcap )
  • Read pcap file mode

Usage

tcpdp proxy : TCP proxy server mode

console
$ tcpdp proxy -l localhost:12345 -r localhost:1234 -d hex # hex.Dump()
console
$ tcpdp proxy -l localhost:55432 -r db.internal.example.com:5432 -d pg # Dump query of PostgreSQL
console
$ tcpdp proxy -l localhost:33306 -r db.example.com:3306 -d mysql # Dump query of MySQL

With server-starter

https://github.com/lestrrat-go/server-starter

console
$ start_server --port 33306 -- tcpdp proxy -s -r db.example.com:3306 -d mysql

With config file

console
$ tcpdp proxy -c config.toml

tcpdp probe : Probe mode (like tcpdump)

console
$ tcpdp probe -i lo0 -t localhost:3306 -d mysql # is almost the same setting as 'tcpdump -i lo0 host 127.0.0.1 and tcp port 3306'
console
$ tcpdp probe -i eth0 -t 3306 -d hex # is almost the same setting as 'tcpdump -i eth0 tcp port 3306'

tcpdp read : Read pcap file mode

console
$ tcpdump -i eth0 host 127.0.0.1 and tcp port 3306 -w mysql.pcap
$ tcpdp read mysql.pcap -d mysql -t 3306 -f ltsv

tcpdp config Create config

console
$ tcpdp config > myconfig.toml

Show current config

console
$ tcpdp config

config format

toml
[tcpdp]
pidfile = "/var/run/tcpdp.pid"
dumper = "mysql"

[probe]
target = "db.example.com:3306"
interface = "en0"
bufferSize = "2MB"
immediateMode = false
snapshotLength = "auto"
internalBufferLength = 10000
filter = ""

[proxy]
useServerStarter = false
listenAddr = "localhost:3306"
remoteAddr = "db.example.com:3306"

[log]
dir = "/var/log/tcpdp"
enable = true
enableInternal = true
stdout = true
format = "ltsv"
rotateEnable = true
rotationTime = "daily"
rotationCount = 7
# You can execute arbitrary commands after rotate
# $1 = prev filename
# $2 = current filename
rotationHook = "/path/to/after_rotate.sh"
fileName = "tcpdp.log"

[dumpLog]
dir = "/var/log/dump"
enable = true
stdout = false
format = "json"
rotateEnable = true
rotationTime = "hourly"
rotationCount = 24
fileName = "dump.log"

Installation

console
$ go get github.com/k1LoW/tcpdp

Architecture

tcpdp proxy connection diagram

      client_addr
           ^
           |        tcpdp
+----------|---------------+
|          v               |
|  proxy_listen_addr       |
|         + ^              |
|         | |   +--------+ |
|         |<----+ dumper | |
|         | |<--+        | |
|         | |   +--------+ |
|         v +              |
|  proxy_client_addr       |
|          ^               |
+----------|---------------+
           |
           v
      remote_addr

tcpdp probe connection diagram

                    server
+--------------------------+
|                          |
|                      +---+---+
|       <--------------| eth0  |----------->
|            interface +---+---+
|            /target     ^ |
|                        | |
|         tcpdp          | |
|        +--------+      | |
|        | dumper +------+ |
|        +--------+        |
+--------------------------+

tcpdp read diagram

                  tcpdp
+--------+ STDIN +--------+ STDOUT
| *.pcap +------>+ dumper +-------->
+--------+       +--------+

tcpdp.log ( tcpdp proxy or tcpdp probe )

keydescriptionmode
tstimestampproxy / probe / read
levellog levelproxy / probe
msglog messageproxy / probe
errorerror infoproxy / probe
callererror callerproxy / probe
conn_idTCP connection ID by tcpdpproxy / probe
targetprobe targetproxy / probe
dumperdumper typeproxy / probe
use_server_starteruse server_starterproxy
conn_seq_numTCP comunication sequence number by tcpdpproxy
client_addrclient addresstcpdp.log, hex, mysql, pg
remote_addrremote addressproxy
proxy_listen_addrlisten addressproxy
directionclient to remote: -> / remote to client: <-proxy
interfaceprobe target interfaceprobe
mtuinterface MTU (Maximum Transmission Unit)probe
mssTCP connection MSS (Max Segment Size)probe
probe_target_addrprobe target addressprobe
filterBPF (Berkeley Packet Filter)probe
buffer_sizelibpcap buffer_sizeprobe
immediate_modelibpcap immediate_modeprobe
snapshot_lengthlibpcap snapshot lengthprobe
internal_buffer_lengthtcpdp internal packet buffer lengthprobe

Dumper

mysql

MySQL query dumper

NOTICE: MySQL query dumper require --target option when tcpdp proxy tcpdp probe

keydescriptionmode
tstimestampproxy / probe / read
conn_idTCP connection ID by tcpdpproxy / probe / read
conn_seq_numTCP comunication sequence number by tcpdpproxy
client_addrclient addressproxy
proxy_listen_addrlisten addressproxy
proxy_client_addrproxy client addressproxy
remote_addrremote addressproxy
directionclient to remote: -> / remote to client: <-proxy
interfaceprobe target interfaceprobe
src_addrsrc addressprobe / read
dst_addrdst addressprobe / read
probe_target_addrprobe target addressprobe
proxy_protocol_src_addrproxy protocol src addressprobe / proxy /read
proxy_protocol_dst_addrproxy protocol dst addressprobe / proxy /read
querySQL queryproxy / probe / read
stmt_idstatement idproxy / probe / read
stmt_prepare_queryprepared statement queryproxy / probe / read
stmt_execute_valuesprepared statement execute valuesproxy / probe / read
character_setcharacter setproxy / probe / read
usernameusernameproxy / probe / read
databasedatabaseproxy / probe / read
seq_numsequence number by MySQLproxy / probe / read
command_idcommand_id for MySQLproxy / probe / read

pg

PostgreSQL query dumper

NOTICE: PostgreSQL query dumper require --target option tcpdp proxy tcpdp probe

keydescriptionmode
tstimestampproxy / probe / read
conn_idTCP connection ID by tcpdpproxy / probe / read
conn_seq_numTCP comunication sequence number by tcpdpproxy
client_addrclient addressproxy
proxy_listen_addrlisten addressproxy
proxy_client_addrproxy client addressproxy
remote_addrremote addressproxy
directionclient to remote: -> / remote to client: <-proxy
interfaceprobe target interfaceprobe
src_addrsrc addressprobe / read
dst_addrdst addressprobe / read
probe_target_addrprobe target addressprobe
proxy_protocol_src_addrproxy protocol src addressprobe / proxy /read
proxy_protocol_dst_addrproxy protocol dst addressprobe / proxy /read
querySQL queryproxy / probe / read
portal_nameportal Nameproxy / probe / read
stmt_nameprepared statement nameproxy / probe / read
parse_queryprepared statement queryproxy / probe / read
bind_valuesprepared statement bind(execute) valuesproxy / probe / read
usernameusernameproxy / probe / read
databasedatabaseproxy / probe / read
message_typemessage type for PostgreSQLproxy / probe / read

hex

keydescriptionmode
tstimestampproxy / probe / read
conn_idTCP connection ID by tcpdpproxy / probe / read
conn_seq_numTCP comunication sequence number by tcpdpproxy
client_addrclient addressproxy
proxy_listen_addrlisten addressproxy
proxy_client_addrproxy client addressproxy
remote_addrremote addressproxy
directionclient to remote: -> / remote to client: <-proxy
interfaceprobe target interfaceprobe
src_addrsrc addressprobe / read
dst_addrdst addressprobe / read
probe_target_addrprobe target addressprobe
proxy_protocol_src_addrproxy protocol src addressprobe / proxy /read
proxy_protocol_dst_addrproxy protocol dst addressprobe / proxy /read
bytesbytes string by hex.Dumpproxy / probe / read
asciiascii string by hex.Dumpproxy / probe / read

References

Contributors

Showing top 7 contributors by commit count.

k1LoW

k1LoW

570 commits

github-actions[bot]

github-actions[bot]

20 commits

dependabot[bot]

dependabot[bot]

2 commits

kentaro

kentaro

1 commits

hfm

hfm

1 commits

rnakamine

rnakamine

1 commits

Drumato

Drumato

1 commits

View all contributors on GitHub →

This article is auto-generated from k1LoW/tcpdp via the GitHub API.Last fetched: 6/1/2026