Raw Socket Sniffing in Golang
Asked Answered
L

2

16

I have a question concerning tcp packet sniffing with golang. We have written a small tool which captures all incoming TCP packets comming from a fibre Tap.

The current implementation uses a libpcap wrapper under Linux. We need to port this tool to Windows. Of course, it is not possible at the moment.

So my question is, is there a cross platform solution for sniffing packets? We only need TCP packets, IP headers , no Ethernet Data and not all features of libpcap.

If there is no cross platform solution, two Code implementation would be ok, too. I know one can use raw sockets under Linux (and with some limitations under Windows). Does Golang support raw sockets and is there an example implementation for sniffing packets with sockets?

Tanks!! :-)

Luellaluelle answered 23/1, 2014 at 22:5 Comment(1)
"The current implementation uses a libpcap wrapper under Linux. We need to port this tool to Windows. Of course, it is not possible at the moment." Presumably because WinPcap won't work for some reason, right?Tootle
A
7

You should be able to use the ipv4 package from go.net.

Package ipv4 implements IP-level socket options for the Internet Protocol version 4.

The ipv4.RawConn type and it's associated methods should work cross-platform.

A RawConn represents a packet network endpoint that uses the IPv4 transport. It is used to control several IP-level socket options including IPv4 header manipulation. It also provides datagram based network I/O methods specific to the IPv4 and higher layer protocols that handle IPv4 datagram directly such as OSPF, GRE.

There is also an equivalent package for ipv6.

Anthonyanthophore answered 23/1, 2014 at 23:17 Comment(1)
Link in your response is no longer validArena
I
6

Take a look at https://github.com/google/gopacket since it supports pcap (requires cgo for this) and can decode a number of protocols including tcp/ip.

Insignificancy answered 3/10, 2014 at 14:39 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.