Skip to content

Commit

Permalink
feat(output/stdout): Add -q/--quiet flag for quiet output (#179)
Browse files Browse the repository at this point in the history 
* feat(output/stdout): Add -q/--quiet flag for quiet output

* add missing files
  • Loading branch information
@mozillazg
mozillazg authored Nov 3, 2024
1 parent 66de6f8 commit 8f7728a
Show file tree
Hide file tree
Showing 37 changed files with 1,518 additions and 105 deletions.
59 changes: 42 additions & 17 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,8 @@ Table of Contents
* Supports filtering packets by container ID, container name and pod name.
* Supports using pcap-filter(7) syntax for filtering packets.
* Directly applies filters in the kernel space.
* Supports saving captured packets in the PcapNG format for offline analysis with third-party tools such as Wireshark.
* Supports saving captured packets in the PcapNG format for offline analysis with third-party tools such as Wireshark/tshark/tcpdump.
* Supports packet capture for network interfaces under the specified network namespace.


## Installation
Expand Down Expand Up @@ -108,6 +109,16 @@ sudo ptcpdump -i any -w - port 80 | tcpdump -n -r -
sudo ptcpdump -i any -w - port 80 | tshark -r -
```


Capturing interfaces in other network namespaces:

```
sudo ptcpdump -i lo --netns /run/netns/foo --netns /run/netns/bar
sudo ptcpdump -i any --netns /run/netns/foobar
sudo ptcpdump -i any --netns /proc/26/ns/net
```


<p align="right"><a href="#top">🔝</a></p>


Expand All @@ -121,6 +132,13 @@ Default:
09:32:09.718941 eth0 wget.3553008 Out IP 172.19.0.2.33426 > 139.178.84.217.80: Flags [S], seq 4113492822, win 64240, length 0, ParentProc [python3.834381], Container [test], Pod [test.default]
```

With `-q`:

```
09:32:09.718892 vethee2a302f wget.3553008 In IP 10.244.0.2.33426 > 139.178.84.217.80: tcp 0, ParentProc [python3.834381], Container [test], Pod [test.default]
09:32:09.718941 eth0 wget.3553008 Out IP 172.19.0.2.33426 > 139.178.84.217.80: tcp 0, ParentProc [python3.834381], Container [test], Pod [test.default]
```

With `-v`:

```
Expand Down Expand Up @@ -220,6 +238,7 @@ Flags:
--delay-before-handle-packet-events duration Delay some durations before handle packet events
-Q, --direction string Choose send/receive direction for which packets should be captured. Possible values are 'in', 'out' and 'inout' (default "inout")
--docker-address string Address of Docker Engine service (default "/var/run/docker.sock")
--embed-keylog-to-pcapng -- CMD [ARGS] Write TLS Key Log file to this path (experimental: only support unstripped Go binary and must combined with -- CMD [ARGS])
--event-chan-size uint Size of event chan (default 20)
--exec-events-worker-number uint Number of worker to handle exec events (default 50)
-f, --follow-forks Trace child processes as they are created by currently traced processes when filter by process
Expand All @@ -230,6 +249,7 @@ Flags:
--log-level string Set the logging level ("debug", "info", "warn", "error", "fatal") (default "warn")
--micro Shorthands for --time-stamp-precision=micro
--nano Shorthands for --time-stamp-precision=nano
--netns strings Path to an network namespace file or name (default [/proc/self/ns/net])
-n, --no-convert-addr count Don't convert addresses (i.e., host addresses, port numbers, etc.) to names
-t, --no-timestamp Don't print a timestamp on each dump line
-#, --number Print an optional packet number at the beginning of the line
Expand All @@ -241,13 +261,16 @@ Flags:
-A, --print-data-in-ascii Print each packet (minus its link level header) in ASCII
-x, --print-data-in-hex count When parsing and printing, in addition to printing the headers of each packet, print the data of each packet in hex
-X, --print-data-in-hex-ascii count When parsing and printing, in addition to printing the headers of each packet, print the data of each packet in hex and ASCII
-q, --quiet Quiet output. Print less protocol information so output lines are shorter
-r, --read-file string Read packets from file (which was created with the -w option). e.g. ptcpdump.pcapng
-c, --receive-count uint Exit after receiving count packets
-s, --snapshot-length uint32 Snarf snaplen bytes of data from each packet rather than the default of 262144 bytes (default 262144)
--time-stamp-precision string When capturing, set the time stamp precision for the capture to the format (default "micro")
-v, --verbose count When parsing and printing, produce (slightly more) verbose output
--version Print the ptcpdump and libpcap version strings and exit
-w, --write-file string Write the raw packets to file rather than parsing and printing them out. They can later be printed with the -r option. Standard output is used if file is '-'. e.g. ptcpdump.pcapng
--write-keylog-file -- CMD [ARGS] Write TLS Key Log file to this path (experimental: only support unstripped Go binary and must combined with -- CMD [ARGS])
```

<p align="right"><a href="#top">🔝</a></p>
Expand All @@ -271,21 +294,22 @@ Flags:
| --pod-name *pod_name.namespace* | ||
| -f, --follow-forks | ||
| -- *command [args]* | ||
| --oneline | ||
| --oneline | ||
| --netns *path_to_net_ns* | ||
| --print |||
| -c *count* |||
| -Q *direction*, --direction=*direction* |||
| -D, --list-interfaces |||
| -A |||
| -x |||
| -xx |||
| -X |||
| -XX |||
| -v |||
| -vv |||
| -vvv |||
| -x || |
| -xx || |
| -X || |
| -XX || |
| -v || |
| -vv || |
| -vvv || |
| -B *bufer_size*, --buffer-size=*buffer_size* || |
| --count |||
| --count || |
| -C *file_size || |
| -d || |
| -dd || |
Expand All @@ -301,23 +325,24 @@ Flags:
| --immediate-mode || |
| -j *tstamp_type*, --time-stamp-type=*tstamp_type* || |
| -J, --list-time-stamp-types || |
| --time-stamp-precision=*tstamp_precision* |||
| --micro |||
| --nano |||
| --time-stamp-precision=*tstamp_precision* || |
| --micro || |
| --nano || |
| -K, --dont-verify-checksums || |
| -l || |
| -L, --list-data-link-types || |
| -m *module* || |
| -M *secret* || |
| -n |||
| -n || |
| -N || |
| -#, --number |||
| -#, --number || |
| -O, --no-optimize || |
| -p, --no-promiscuous-mode |||
| -q |||
| -S, --absolute-tcp-sequence-numbers || |
| -s *snaplen*, --snapshot-length=*snaplen* |||
| -s *snaplen*, --snapshot-length=*snaplen* || |
| -T *type* || |
| -t |||
| -t || |
| -tt |||
| -ttt |||
| -tttt |||
Expand Down
Loading

0 comments on commit 8f7728a

Please sign in to comment.