|
|
//go:build windows && !arm64
|
|
|
|
|
|
package tcm
|
|
|
|
|
|
import "github.com/spf13/cobra"
|
|
|
|
|
|
var nf = NewLibpcap()
|
|
|
var Cmd = &cobra.Command{
|
|
|
Use: "tcm",
|
|
|
Short: "TCP连接监视工具",
|
|
|
Run: func(cmd *cobra.Command, args []string) {
|
|
|
nf.Run()
|
|
|
},
|
|
|
}
|
|
|
|
|
|
func init() {
|
|
|
Cmd.Flags().StringSliceVarP(&nf.target, "target", "t", []string{}, "监控的ip地址,可多个,本工具各类延迟等tcp操作仅对此类ip生效")
|
|
|
Cmd.Flags().StringSliceVarP(&nf.targetCmd, "cmd", "c", []string{}, "触发报文drop的关键词,utf8格式,如:show variables")
|
|
|
Cmd.Flags().BoolVarP(&nf.targetAsHex, "cmd-as-hex", "x", false, "启用此选项,cmd选项请传入hex字符,而不是utf-8")
|
|
|
Cmd.Flags().StringVarP(&nf.saveFile, "save", "w", "", "保存文件路径,将会保存所有报文到此文件")
|
|
|
//Cmd.Flags().BoolVarP(&nf.interactive, "interactive", "i", false, "启用交互模式,可输入命令:allow <ip>,drop <ip>,delay <ms>,loss <number%>")
|
|
|
Cmd.Flags().BoolVarP(&nf.showAll, "display-all", "D", false, "显示所有报文,包括非target对象")
|
|
|
Cmd.Flags().BoolVarP(&nf.showAsHex, "as-hex", "a", false, "显示报文的hex内容")
|
|
|
Cmd.Flags().BoolVarP(&nf.showPayload, "show-payload", "S", false, "显示报文的payload")
|
|
|
Cmd.Flags().IntVarP(&nf.maxShowPayloadSize, "payload-maxlen", "m", 200, "显示payload的最大长度")
|
|
|
Cmd.Flags().BoolVarP(&nf.noShowMode, "no-show", "N", false, "不显示任何tcp报文,只统计数量")
|
|
|
Cmd.Flags().BoolVarP(&nf.useRST, "rst", "r", false, "触发封禁关键词后,同步发送RST报文")
|
|
|
Cmd.Flags().StringVarP(&nf.rstMode, "rstmode", "R", "reverse", "RST报文发送模式,可选值:both,target,reverse")
|
|
|
Cmd.Flags().StringVarP(&nf.eth, "eth", "e", "", "监听网卡名,如eth0")
|
|
|
Cmd.Flags().StringVarP(&nf.bpf, "bpf", "b", "tcp", "BPF过滤,如tcp port 80")
|
|
|
Cmd.Flags().StringVarP(&nf.host, "host", "i", "", "监听主机名,如127.0.0.1")
|
|
|
Cmd.Flags().StringSliceVarP(&nf.Flags, "flags", "f", nil, "tcp flags匹配,如:SYN,ACK")
|
|
|
Cmd.Flags().IntVarP(&nf.CapFileCacheNum, "write-cache", "W", 0, "命中匹配写入文件报文缓存,如果为0 ,则忽略匹配条件")
|
|
|
|
|
|
}
|