Network packet capture with Go?

blov · · 538 次点击    
这是一个分享于 的资源,其中的信息可能已经有所发展或是发生改变。
<p>tl;dr: New to Go. Can you recommend a library for capturing network packet data?</p> <p>As a learning exercise, I&#39;m interested in writing something similar to <a href="http://etherape.sourceforge.net/">Etherape</a> in Go. Digging around on GitHub I see a wrapper for libpcap and and another library for generating Berkeley Packet Filter VM programs. I&#39;m not sure how either of those approaches would align with common practice for Go programs if at all.</p> <p>Perhaps someone can share a library/package they&#39;ve used and can recommend?</p> <p>Thx</p> <hr/>**评论:**<br/><br/>Mythiix: <pre><p><a href="https://github.com/google/gopacket">gopacket</a> is probably a good place to start</p> <p>A <a href="http://www.devdungeon.com/content/packet-capture-injection-and-analysis-gopacket">tutorial/walk through</a> with code examples. It also includes John Leon&#39;s 2016 GopherCon presentation</p></pre>lunarsunrise: <pre><p>I&#39;ve used <code>gopacket</code> for a couple of things in this area, including to perform full-scale traffic analysis while troubleshooting some particularly weird behavior in a production system.</p> <p>I think it&#39;s a great suggestion!</p></pre>nrvale00: <pre><p>Indeed, that looks promising. Added to &#34;Watch Later&#34;. Thanks for the share. :)</p></pre>PM_ME_YOUR_ESC_KEY: <pre><p>Perhaps have a look at PacketBeat on Github?</p></pre>nrvale00: <pre><p>But doesn&#39;t that require an ELK stack? The use-case is simple enough and the data impermanent enough that I was hoping to keep it relatively self-contained app a la Etherape.</p></pre>PM_ME_YOUR_ESC_KEY: <pre><p>I meant look inside to see what it uses. It&#39;s open source and written in go. :) </p></pre>RIC_FLAIR-WOOO: <pre><p>Spoiler: it uses gopacket (<a href="https://github.com/elastic/beats/blob/master/packetbeat/sniffer/sniffer.go" rel="nofollow">https://github.com/elastic/beats/blob/master/packetbeat/sniffer/sniffer.go</a>)</p></pre>_boardwalk: <pre><p>You could just run tcpdump as a child process and use the output (the binary, not the text summary). It&#39;s pretty easy to parse.</p></pre>nrvale00: <pre><p>It&#39;s a thought...though I have to wonder about the performance implications of scraping stdout for info on the communicating nodes if you had more than even a handful of nodes.</p></pre>

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

538 次点击  
加入收藏 微博
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传