golibwireshark - Package use libwireshark library to decode pcap file and analyse dissection data.

golibwireshark

GoDoc

Package golibwireshark use libwireshark library to decode pcap file and analyse dissection data.

This package can only be used in OS linux with CPU x86_64. If you want to use it on other CPU structure, you need compile library in libs folder from source code.

Dependencies

  • libwireshark library (version 1.12.8)

  • libglib2.0

Install

  • ubuntu
apt-get install libglib2.0-dev
go get github.com/sunwxg/golibwireshark

cd $GOPATH/src/github.com/sunwxg/golibwireshark
cat libs/libwireshark.{00,01,02,03} > libs/libwireshark.so
chmod 775 libs/libwireshark.so

go build
go test

Examples

file := "1.pcap"
outfile := "o.pcap"
key := "ip.addr"

err := golibwireshark.Init(file, outfile)
if err != nil {
	fmt.Printf("open file failed\n")
	return
}
defer golibwireshark.Clean()

var p golibwireshark.Packet

for {
	p.GetPacket()
	if p.Edt == nil {
		break
	}

	if _, ok := p.IsKey(key); ok {
		p.WriteToFile()
	}

	p.FreePacket()
}
Owner
Xiaoguang Wang
Xiaoguang Wang
https://github.com/sunwxg/golibwireshark
Similar Resources

Package raw enables reading and writing data at the device driver level for a network interface. MIT Licensed.

raw Package raw enables reading and writing data at the device driver level for a network interface. MIT Licensed. For more information about using ra

Dec 28, 2022

A minimal analytics package to start collecting traffic data without client dependencies.

go-web-analytics A minimal analytics package to start collecting traffic data without client dependencies. Logging incoming requests import "github.co

Nov 23, 2021

GopherTalk: a multi-user chat powered by GO to explore its standard library and features like sockets, goroutines, channels and sync package

GopherTalk: a multi-user chat powered by GO to explore its standard library and features like sockets, goroutines, channels and sync package

GopherTalk GopherTalk is a multi-user chat powered by GO to explore its standard

Jun 6, 2022

Go library for writing standalone Map/Reduce jobs or for use with Hadoop's streaming protocol

dmrgo is a Go library for writing map/reduce jobs. It can be used with Hadoop's streaming protocol, but also includes a standalone map/reduce impleme

Nov 27, 2022

An easy-to-use, flexible network simulator library in Go.

ns-x An easy-to-use, flexible network simulator library for Go. Feature Programmatically build customizable and scalable network topology from basic n

Dec 13, 2022

Fetch-npm-package - A small utility that can be used to fetch a given version of a NPM package

Use fetch-npm-package package version output-dir E.g. fetch-npm-package is

May 21, 2022

Use pingser to create client and server based on ICMP Protocol to send and receive custom message content.

Use pingser to create client and server based on ICMP Protocol to send and receive custom message content.

pingser Use pingser to create client and server based on ICMP Protocol to send and receive custom message content. examples source code: ./examples Us

Nov 9, 2022

JPRQ Customizer is a customizer that helps to use the JPRQ server code and make it compatible with your own server with custom subdomain and domain

JPRQ Customizer is a customizer that helps to use the JPRQ server code and make it compatible with your own server with custom subdomain and domain

JPRQ Customizer is a customizer that helps to use the JPRQ server code and make it compatible with your own server with custom subdomain and domain.You can upload the generated directory to your web server and expose user localhost to public internet. You can use this to make your local machine a command center for your ethical hacking purpose ;)

Jan 19, 2022

A tool that makes http requests and outputs the url and the content (optionally to file)

BKK Basic Crawler A tool that makes http requests and outputs the url and the content (optionally to file) How to run.. the tests go test the compiler

Nov 8, 2021
Comments
  • fatal error: unexpected signal during runtime execution - golibwireshark.go:37

    fatal error: unexpected signal during runtime execution - golibwireshark.go:37

    Hi,

    Im trying to use the golibwireshark, but in every example I got an unexpected signal crashing the application when it try to use the init() function. I already tried in some containers debian, ubuntu 15... but it didn`t woked.

    fatal error: unexpected signal during runtime execution
[signal 0xb code=0x1 addr=0x0 pc=0x0]

runtime stack:
runtime: unexpected return pc for runtime.sigpanic called from 0x7effc091281a
runtime.throw(0x753325)
    /usr/lib/go/src/pkg/runtime/panic.c:520 +0x69
runtime: unexpected return pc for runtime.sigpanic called from 0x7effc091281a
runtime.sigpanic()
    /usr/lib/go/src/pkg/runtime/os_linux.c:222 +0x3d

goroutine 16 [syscall]:
runtime.cgocall(0x4028c8, 0x7effc0e2de58)
    /usr/lib/go/src/pkg/runtime/cgocall.c:143 +0xe5 fp=0x7effc0e2de40 sp=0x7effc0e2ddf8
github.com/sunwxg/golibwireshark._Cfunc_init(0x22609e0, 0x0, 0x22609e0)
    github.com/sunwxg/golibwireshark/_obj/_cgo_defun.c:146 +0x31 fp=0x7effc0e2de58 sp=0x7effc0e2de40
github.com/sunwxg/golibwireshark.Init(0x4d9050, 0xc, 0x4d2690, 0x0, 0x0, 0x0)
    /root/go/src/github.com/sunwxg/golibwireshark/golibwireshark.go:37 +0x69 fp=0x7effc0e2dea0 sp=0x7effc0e2de58
main.main()
    /root/tests/golibwireshark/example/printpacket/printPacket.go:12 +0x5c fp=0x7effc0e2df50 sp=0x7effc0e2dea0
runtime.main()
    /usr/lib/go/src/pkg/runtime/proc.c:247 +0x11a fp=0x7effc0e2dfa8 sp=0x7effc0e2df50
runtime.goexit()
    /usr/lib/go/src/pkg/runtime/proc.c:1445 fp=0x7effc0e2dfb0 sp=0x7effc0e2dfa8
created by _rt0_go
    /usr/lib/go/src/pkg/runtime/asm_amd64.s:97 +0x120

goroutine 19 [finalizer wait]:
runtime.park(0x4165c0, 0x758af8, 0x755f09)
    /usr/lib/go/src/pkg/runtime/proc.c:1369 +0x89
runtime.parkunlock(0x758af8, 0x755f09)
    /usr/lib/go/src/pkg/runtime/proc.c:1385 +0x3b
runfinq()
    /usr/lib/go/src/pkg/runtime/mgc0.c:2644 +0xcf
runtime.goexit()
    /usr/lib/go/src/pkg/runtime/proc.c:1445

goroutine 17 [syscall]:
runtime.goexit()
    /usr/lib/go/src/pkg/runtime/proc.c:1445
exit status 2

    Thanks

  • doesn't compile with libwireshark-2.4.4

    doesn't compile with libwireshark-2.4.4

    I tried to copy the approach from https://github.com/sunwxg/decode_by_libwireshark to get the golibwireshark to compile with wireshark-2.4.4, but I'm stuck on this

    # github.com/sunwxg/golibwireshark                                                                                                     │
In file included from /usr/include/wireshark/epan/epan_dissect.h:31:0,                                                                 │clean:
                 from ././wireshark-2.4.4/lib.h:10,                                                                                    │        @rm -rf myshark
                 from ./golibwireshark.go:16:                                                                                          │
/usr/include/wireshark/epan/proto.h:125:27: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'void'                      │vagrant@mist-ap-dev:~/go/src/github.com/sunwxg/decode_by_libwireshark$ logout
 WS_DLL_PUBLIC WS_NORETURN void proto_report_dissector_bug(const char *message);                                                       │Connection to 127.0.0.1 closed.
                           ^

    the code is in my fork at https://github.com/prasincs/golibwireshark

Related tags
Network golibwireshark
🦈 Prometheus exporter for pcap metrics

pcap-exporter ?? Prometheus exporter for pcap metrics Usage

Jun 5, 2022
Encode and Decode Message Length Indicators for TCP/IP socket based protocols

SimpleMLI A Message Length Indicator Encoder/Decoder Message Length Indicators (MLI) are commonly used in communications over raw TCP/IP sockets. This

Nov 24, 2022
Use Consul to do service discovery, use gRPC +kafka to do message produce and consume. Use redis to store result.
 Use Consul to do service discovery, use gRPC +kafka to do message produce and consume. Use redis to store result.

目录 gRPC/consul/kafka简介 gRPC+kafka的Demo gRPC+kafka整体示意图 限流器 基于redis计数器生成唯一ID kafka生产消费 kafka生产消费示意图 本文kafka生产消费过程 基于pprof的性能分析Demo 使用pprof统计CPU/HEAP数据的

Jul 9, 2022
DeepCopy a portable app that allows you to copy all forms of specified file types from your entire file system of the computer

DeepCopy a portable app that allows you to copy all forms of specified file types from your entire file system of the computer

Dec 20, 2021
Generates file.key file for IPFS Private Network.

ipfs-keygen Generates file.key file for IPFS Private Network. Installation go get -u github.com/reixmor/ipfs-keygen/ipfs-keygen Usage ipfs-keygen > ~/

Jan 18, 2022
Package telnet provides TELNET and TELNETS client and server implementations, for the Go programming language, in a style similar to the "net/http" library that is part of the Go standard library, including support for "middleware"; TELNETS is secure TELNET, with the TELNET protocol over a secured TLS (or SSL) connection.

go-telnet Package telnet provides TELNET and TELNETS client and server implementations, for the Go programming language. The telnet package provides a

Dec 28, 2022
A golang library about socks5, supports all socks5 commands. That Provides server and client and easy to use. Compatible with socks4 and socks4a.

socks5 This is a Golang implementation of the Socks5 protocol library. To see in this SOCKS Protocol Version 5. This library is also compatible with S

Nov 22, 2022
Applies IMT Hash to the data of a downloaded file

downloader Description Applies IMT Hash to the data of a downloaded file. Writes the result in a file (hexData.txt) as a hex string in the provided pa

Nov 11, 2021
Data Connector is a Google Sheets Add-on that lets you import (and export) data to/from Google Sheets

Data Connector Data Connector is a Google Sheets Add-on that lets you import (and export) data to/from Google Sheets. Our roadmap: Connect to JSON/XML

Jul 30, 2022
A Go package for creating contributor list by release, Help full for those organization that use one repository for platform release

This is a Go package which create contributors list by release by scanning across all repository that exist in organisation, Only helpful for those or

Dec 26, 2021