Network packet capture with Go?

<p>tl;dr: New to Go. Can you recommend a library for capturing network packet data?</p> <p>As a learning exercise, I&#39;m interested in writing something similar to <a href="http://etherape.sourceforge.net/">Etherape</a> in Go. Digging around on GitHub I see a wrapper for libpcap and and another library for generating Berkeley Packet Filter VM programs. I&#39;m not sure how either of those approaches would align with common practice for Go programs if at all.</p> <p>Perhaps someone can share a library/package they&#39;ve used and can recommend?</p> <p>Thx</p> <hr/>**评论：**<br/><br/>Mythiix: <pre><p><a href="https://github.com/google/gopacket">gopacket</a> is probably a good place to start</p> <p>A <a href="http://www.devdungeon.com/content/packet-capture-injection-and-analysis-gopacket">tutorial/walk through</a> with code examples. It also includes John Leon&#39;s 2016 GopherCon presentation</p></pre>lunarsunrise: <pre><p>I&#39;ve used <code>gopacket</code> for a couple of things in this area, including to perform full-scale traffic analysis while troubleshooting some particularly weird behavior in a production system.</p> <p>I think it&#39;s a great suggestion!</p></pre>nrvale00: <pre><p>Indeed, that looks promising. Added to &#34;Watch Later&#34;. Thanks for the share. :)</p></pre>PM_ME_YOUR_ESC_KEY: <pre><p>Perhaps have a look at PacketBeat on Github?</p></pre>nrvale00: <pre><p>But doesn&#39;t that require an ELK stack? The use-case is simple enough and the data impermanent enough that I was hoping to keep it relatively self-contained app a la Etherape.</p></pre>PM_ME_YOUR_ESC_KEY: <pre><p>I meant look inside to see what it uses. It&#39;s open source and written in go. :) </p></pre>RIC_FLAIR-WOOO: <pre><p>Spoiler: it uses gopacket (<a href="https://github.com/elastic/beats/blob/master/packetbeat/sniffer/sniffer.go" rel="nofollow">https://github.com/elastic/beats/blob/master/packetbeat/sniffer/sniffer.go</a>)</p></pre>_boardwalk: <pre><p>You could just run tcpdump as a child process and use the output (the binary, not the text summary). It&#39;s pretty easy to parse.</p></pre>nrvale00: <pre><p>It&#39;s a thought...though I have to wonder about the performance implications of scraping stdout for info on the communicating nodes if you had more than even a handful of nodes.</p></pre>