Listens to memcached protocol (documentation) traffic via pcap. Logs protocol violations and writes the offending tcp session to a file for replay.
--interfaceor-i: The interface to sniff. Defaults toeth0in Linux oren0on a Mac.--filteror-f: Filter on the interface. Documentation here. Defaults totcp and port 11211.--snaplengthor-s: Maximum size to read for each packet. Defaults to1600.--promiscuousor-p: Puts the interface into promiscuous mode.--timeoutor-t: Timeout on a connection. Defaults toBlockForever. Please see the documentation on timeouts here for more information on setting this value safely.
This application was written in Go 1.6. Other versions of go have not been tested.
Changes to the memcached protocol parser will not be reflected in the application unless recompiled via Ragel. However, changes outside the protocol parser or simply building the application does not require anything other than the basic Go toolchain and dependencies.
- logrus
- gopacket with gopacket/layers and gopacket/pcap
- minio/cli
This application must be run as root to engage the pcap listener. It will not return any data otherwise.
The Python-based memcache-sniffer project is what made the idea of this possible. Having the Ragel State Machine Compiler allowed this to be written in about a day.