Hi, friends,
I am trying to create a very simple network sniffer. Initially I implemented it with libpcap, but I got not only performance issue, but also timing issue. Now I am trying to replace libpcap with afpacket. However, I am not able to get any packet from the GRE tunneled terminated at the listening NIC.
I know I have quite a few packets terminated at this NIC. If using pcap as below, then I see all those packets, decoded up to the GRE layer, and its payload.
But switching to afpacket, I can only get non-GRE packet, such as IGMP, ICMP, etc. (These packets are also seen in the above pcap version). I can see normal TCP packets as well, but no GRE packets, they are not even read from wire as far as I can see, since there is no decoding error at all.
So, my dear gophers, what have I done wrong? Any help is appreciated. I have googled quite a bit, but does not really get any useful answer.
Do I need to somehow magically enable the promiscuous mode? I don't see an option in afpacket.
Here is my code snippet
//pcap version
handle, err = pcap.OpenLive(device, snapshot_len, promiscuous, timeout)
if err == nil {
Info.Println("Open interface ", device, "successfully")
}
defer handle.Close()
//afpacket version
handle, err := afpacket.NewTPacket(afpacket.OptInterface(device))
if err != nil {
Error.Printf("Error opening afpacket interface: %s", err)
}
defer handle.Close()
//create a source and listen to it
packetSource := gopacket.NewPacketSource(handle, layers.LinkTypeEthernet)
for {
packet, err := packetSource.NextPacket()
// Iterate over all layers, printing out each layer type
for _, layer := range packet.Layers() {
fmt.Println("PACKET LAYER:", layer.LayerType())
}
Here is my code snippet,