teecp

command module

v0.0.0-...-abce8fb Latest Latest Go to latest Published: May 21, 2019 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/RobinUS2/teecp

Links

Open Source Insights

README ¶

teecp

TCP tee implementation (Linux, Mac OS X, Windows) - duplicate TCP packets

Purpose

Run outside of the regular traffic flow, listen to the TCP packets and duplicate them to other sources with minimal impact. This means it needs no changes in the existing applications that run there. For example you run a process on port 1234 TCP. You can start the copying process teecp that monitors that TCP port and copies all the individual packets to another location.

How does it work?

It relies on the promiscuous mode ethernet sniffing mode which is also used by tools like WireShark, WinPcap, tcpdump, etc.

It is built around Google's gopacket library and written in GoLang.

By default the payload of the packet is forwarded (without the encapsulating layers). It is however possible to forward the entire packet payload without any filters.

How to run?

The below will listen on interface lo0, filter traffic on port 1234, log all details (very verbose, turn off in production), and copy it's packet payloads (by default TCP & UDP) towards localhost port 8080.

./teecp --device=lo0 --bpf='port 1234' --verbose=true --output-tcp 'localhost:8080'

The --bpf flag can handle Berkeley Packet Filter syntax.

A handful of examples:

Example	Syntax
TCP only	tcp
TCP for a specific port	tcp port 1234
+ specific source	tcp port 1234 and src 1.2.3.4
+ specific destination	tcp port 1234 and src 1.2.3.4 and dst 10.0.0.1

Keep alive

By default TCP connections are closed after forwarding a packet. It is possible to enable keep alive like this:

--output-tcp 'localhost:8080|keepalive'

Build & test

The application relies upon libpcap (for compiling Windows binaries, download developer pack) and GoLang.

OS X via Homebrew

brew install libpcap

Ubuntu, Debian via APT

apt-get install -y libpcap-dev

Putting it all together

go vet . && go fmt . && go test -v . && go build . && ./teecp --device=lo0 --bpf='port 1234' --verbose=true --output-tcp "test.com:123"

Used by

Route42
open a PR and add YourCompany!

GoReplay HTTP(S) https://github.com/buger/goreplay
TCPCopy https://github.com/session-replay-tools/tcpcopy
Duplicator https://github.com/agnoster/duplicator
IPTables iptables -t mangle -A POSTROUTING -p tcp --dport 1234 -j TEE --gateway IP_HOST_B

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
forwarder

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

README ¶

teecp

Purpose

How does it work?

How to run?

Keep alive

Build & test

Used by

Related projects

Documentation ¶

Source Files ¶

Directories ¶