How to capture all the packets, like as wireshark, at the network interface by golang.org/x/net package
3,680 views
Skip to first unread message
Mervin.Wang
Dec 7, 2015, 12:31:51 AM12/7/15
to golang-nuts
I want to capture all the data packets passing the network interface by golang.org/x/net package. How to implement?
Giulio Iotti
Dec 7, 2015, 6:10:49 AM12/7/15
to golang-nuts
On Monday, December 7, 2015 at 6:31:51 AM UTC+1, Mervin.Wang wrote:
I want to capture all the data packets passing the network interface by golang.org/x/net package. How to implement?
It's not so easy, and golang.org/x/net is not very helpful in this case.
You need to:
1. Set your network interface in promiscuous mode. This is OS dependent and will need privileges.
2. Read from the raw socket.
3. Do what you want with the packets.
Unless you are implementing some kind of real-time packet processor, the easy solution is to read and work with a pcap file. You can easily capture packets into a pcap file using tcpdump.
Otherwise, on Linux you can use C or port examples like these[1] to Go.
--
Giulio Iotti
C Banning
Dec 7, 2015, 6:34:13 AM12/7/15
to golang-nuts
Tony Carter
Dec 7, 2015, 1:25:15 PM12/7/15
to golang-nuts
On Monday, December 7, 2015 at 12:31:51 AM UTC-5, Mervin.Wang wrote:
I want to capture all the data packets passing the network interface by golang.org/x/net package. How to implement?
Here is a good example: github.com/google/stenographer
and a good tutorial: http://www.devdungeon.com/content/packet-capture-injection-and-analysis-gopacket
David Stainton
Jan 6, 2016, 12:00:56 PM1/6/16
to golang-nuts
yes using raw sockets to capture packets works fine in Linux... but
not on BSDs. that is... unless you are throwing around the term "raw
socket" to mean "whatever capture method is available such as the BSD
BPF etc.".
gopacket can use libpcap... but i don't see any reason to use libpcap
since gopacket also supports other packet capture methods that are
much faster and safer (without linking to an old C library)... such as
AF_PACKET which is Linux only. And if you want to capture packets on a
BSD system then gopacket supports BPF. I've tested it on OpenBSD,
NetBSD and FreeBSD.
if you do care about having super duper performance then you must
write your go library that uses faster capture methods such as netmap
or DPDK; oh but then you have memory safety issues with DPDK. Do you
want it fast, safe or correct?
You might be able to have all three properties;
Safe, Correct, and Fast Low-Level Networking by Robert Clipsham
http://octarineparrot.com/assets/msci_paper.pdf
Cheers,
David
> --
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-nuts...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
not on BSDs. that is... unless you are throwing around the term "raw
socket" to mean "whatever capture method is available such as the BSD
BPF etc.".
gopacket can use libpcap... but i don't see any reason to use libpcap
since gopacket also supports other packet capture methods that are
much faster and safer (without linking to an old C library)... such as
AF_PACKET which is Linux only. And if you want to capture packets on a
BSD system then gopacket supports BPF. I've tested it on OpenBSD,
NetBSD and FreeBSD.
if you do care about having super duper performance then you must
write your go library that uses faster capture methods such as netmap
or DPDK; oh but then you have memory safety issues with DPDK. Do you
want it fast, safe or correct?
You might be able to have all three properties;
Safe, Correct, and Fast Low-Level Networking by Robert Clipsham
http://octarineparrot.com/assets/msci_paper.pdf
Cheers,
David
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-nuts...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages