jschwinger233 / grpcdump Public
JSON output makes convenience to filter as long as you are familar with jq, such as grpcdump -i lo -p 2379 -f rpc.proto -o json | jq '. | select(.dport==44082)' to filter out the frames from etcd to client with port 44082.
Why parsing from pcap is important? This is because grpcdump doesn't need to implement BPF filter (see man 7 pcap-filter) like gateway snup and ip[2:2] > 576; all you need to do, is to use tcpdump to generate a pcap file, then grpcdump will do the remaining.
GRPC on HTTP2 has an amazing feature: hpack header compression, which also causes trouble because we can't always capture the complete traffic from the beginning of connection, leaving us unable to hpack-decode the headers thereafter.
The data frame fails to be parsed because the watch request has been sent ahead of grpcdump's sniffing, and the missing request header makes it impossible to parse the data.
One of my favorite feature in Chrome's developer tools is Copy As cURL, so I was wondering if I can do something similar to that.
