windows 下使用`gopacket`抓包

韦轩 · · 3531 次点击 · · 开始浏览    
这是一个创建于 的文章,其中的信息可能已经有所发展或是发生改变。

安装gopacket

go get github.com/google/gopacket/pcap

安装gcc

安装 http://tdm-gcc.tdragon.net/download

安装winpcapwinpcap develop package

https://www.winpcap.org/install/default.htm

解压WpdPack_4_1_2.zipD盘根目录

测试

package main

import (
    "fmt"
    "log"
    "github.com/google/gopacket/pcap"
)

func main() {
    // Find all devices
    devices, err := pcap.FindAllDevs()
    if err != nil {
        log.Fatal(err)
    }

    // Print device information
    fmt.Println("Devices found:")
    for _, d := range devices {
        fmt.Println("\nName: ", d.Name)
        fmt.Println("Description: ", d.Description)
        fmt.Println("Devices addresses: ", d.Description)

        for _, address := range d.Addresses {
            fmt.Println("- IP address: ", address.IP)
            fmt.Println("- Subnet mask: ", address.Netmask)
        }
    }
}

报错

fatal error: pcap.h: No such file or directory

打开 github.com/google/gopacket/pcap/pcap.go

里面WpdPack的位置是写死的c盘,修改WpdPack_4_1_2.zip解压后的位置

#cgo solaris LDFLAGS: -L /opt/local/lib -lpcap
#cgo linux LDFLAGS: -lpcap
#cgo dragonfly LDFLAGS: -lpcap
#cgo freebsd LDFLAGS: -lpcap
#cgo openbsd LDFLAGS: -lpcap
#cgo darwin LDFLAGS: -lpcap
#cgo windows CFLAGS: -I D:/WpdPack/Include        //修改为 上一步安装的dev 包的位置 安装在`D 盘`
#cgo windows,386 LDFLAGS: -L D:/WpdPack/Lib -lwpcap
#cgo windows,amd64 LDFLAGS: -L D:/WpdPack/Lib/x64 -lwpcap
#include <stdlib.h>
#include <pcap.h>

collect2.exe: error ld returned 1 exit status

参考https://stackoverflow.com/questions/38047858/compile-gopacket-on-windows-64bit

OK so I have figured it out.
In order to compile gopacket 64bit on windows you need to do the following:

1. Install go_amd64 (add go binaries to your PATH)
2. Install TDM GCC x64 (add TDM-GCC binaries to your PATH)
3. Also add TDM-GCC\x86_64-w64-mingw32\bin to your PATH
4. Install Winpcap Download Winpcap developer's pack and extract it to C:\

Now the point is that there are missing linux static libraries files
(libwpcap.a and libpacket.a) from lib/x64 folder. I don't know why they weren't
included in the developers pack but anyway that's how we can generate them:
5. find wpcap.dll and packet.dll in your PC (typically in c:\windows\system32
6. copy them to some other temp folder or else you'll have to supply Admin privs to the following commands
7. run gendef on those files gendef wpcap.dll and gendef packet.dll (obtainable with MinGW Installation Manager, package mingw32-gendef)
8. this will generate .def files
9. Now we'll generate the static libraries files:
    run dlltool --as-flags=--64 -m i386:x86-64 -k --output-lib libwpcap.a --input-def wpcap.def
    and dlltool --as-flags=--64 -m i386:x86-64 -k --output-lib libpacket.a --input-def packet.def
    Now just copy both libwpcap.a and libpacket.a to c:\WpdPack\Lib\x64

测试

抓包

package main

import (
    "log"
    "github.com/google/gopacket/pcap"
    "github.com/google/gopacket"
    "time"
)

func main() {
    handle, err := pcap.OpenLive("\\Device\\NPF_{713C668E-58F6-4831-90A5-73FEEC913A39}", 1024, false, 30*time.Second)
    if err != nil {
        log.Fatal(err)
    }
    defer handle.Close()

    packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
    for packet := range packetSource.Packets() {
        // Process packet here
        log.Println(packet)
    }
}

输出

2018/01/06 23:09:47 PACKET: 121 bytes, wire length 121 cap length 121 @ 2018-01-06 23:09:30.312665 +0800 CST
- Layer 1 (14 bytes) = Ethernet    {Contents=[..14..] Payload=[..107..] SrcMAC=00:6b:8e:4e:ba:2d DstMAC=c0:7c:d1:f2:d0:b2 EthernetType=IPv4 Length=0}
- Layer 2 (20 bytes) = IPv4    {Contents=[..20..] Payload=[..87..] Version=4 IHL=5 TOS=0 Length=107 Id=59952 Flags=DF FragOffset=0 TTL=54 Protocol=UDP Checksum=60643 SrcIP=125.39.45.58 DstIP=192.168.2.100 Options=[] Padding=[]}
- Layer 3 (08 bytes) = UDP    {Contents=[..8..] Payload=[..79..] SrcPort=8000(irdmi) DstPort=4018(talarian-mcast4) Length=87 Checksum=58425}
- Layer 4 (79 bytes) = Payload    79 byte(s)

2018/01/06 23:09:47 PACKET: 55 bytes, wire length 55 cap length 55 @ 2018-01-06 23:09:30.666074 +0800 CST
- Layer 1 (14 bytes) = Ethernet    {Contents=[..14..] Payload=[..41..] SrcMAC=c0:7c:d1:f2:d0:b2 DstMAC=00:6b:8e:4e:ba:2d EthernetType=IPv4 Length=0}
- Layer 2 (20 bytes) = IPv4    {Contents=[..20..] Payload=[..21..] Version=4 IHL=5 TOS=0 Length=41 Id=29729 Flags=DF FragOffset=0 TTL=64 Protocol=TCP Checksum=1532 SrcIP=192.168.2.100 DstIP=64.233.188.188 Options=[] Padding=[]}
- Layer 3 (20 bytes) = TCP    {Contents=[..20..] Payload=[0] SrcPort=26750 DstPort=5228(hpvroom) Seq=2557674006 Ack=3496291841 DataOffset=5 FIN=false SYN=false RST=false PSH=false ACK=true URG=false ECE=false CWR=false NS=false Window=254 Checksum=55368 Urgent=0 Options=[] Padding=[]}
- Layer 4 (01 bytes) = Payload    1 byte(s)

有疑问加站长微信联系(非本文作者)

本文来自:Segmentfault

感谢作者:韦轩

查看原文:windows 下使用`gopacket`抓包

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

3531 次点击  
加入收藏 微博
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传