Packiffer is a lightweight cross-platform networking toolkit that let you sniff/analyze/inject/filter packets.

Overview

Packiffer

Packiffer is a lightweight cross-platform networking toolkit that let you sniff/analyze/inject/filter packets.

Features:
    -display list of network interfaces
    -sniff packets live from interface
    -set promiscuous mode on interface
    -apply filters to packets
    -transform selected packets from pcap file to another
    -inspect packets in terminal
    -inject packets into network
    -filter packets with specified destination ip
Modes:
    Sniff: 
        sniff packets live from interface

    Transform: 
        transform packets from offline pcap

    Inspect: 
        inspect & analysis packets from offline pcap files

    Inject: 
        Inject Raw & Constructed Packets

    Filter:
        Drop or Accept Packets

Prerequisites For Binary

Libpcap v1.9.1

Clang/LLVM (Only on Linux for eBPF packet filtering)

Prerequisites For Source

Golang v1.16

GoPacket v1.1.19

Go eBPF

Libpcap v1.9.1

Clang/LLVM (Only on Linux for eBPF XDP packet filtering)

How to get Packiffer

Checkout packiffer git repo using git clone

git clone https://github.com/massoudasadi/packiffer.git
cd packiffer

Run Packiffer

Sniff mode:

make build_go 

./packiffer sniff 

("i", "Specify interface name. Default is eth0")
("p", "Specify promiscuous mode. Default is false")
("f", "Specify filter query. Default is all")
("od", "Specify output directory. Defaultis packiffer directory")
("of", "Specify output file name. Defaultis interface name")
("sl", "Specify Snapshot Lenght. Default is 2014")
("t", "limit sniffing timeout. Default is 30 seconds")
("c", "Limit count of packets to sniff. Default is 1000")

transform mode:

make build_go 

./packiffer transform 

("f", "Specify filter query. Default is all")
("in", "Specify input pcap file")
("od", "Specify output directory.Default is packiffer directory")
("of", "Specify output file name.Default is interface name")
("c", "Limit count of packets to sniff. Default is1000")

inspect mode:

make build_go 

./packiffer inspect 

("in", "Specify input pcap file")
("f", "Specify filter query. Default is all")
("c", "Limit count of packets to sniff. Default is 1000")

inject mode:

make build_go 

./packiffer inject 

("i", "Specify interface name. Default is eth0")
("ir", "Specify Raw Packet Inject. Default is false")
("ic", "Specify Constructed Packet Inject. Default is False")
("f", "Specify Path to packet file. Default is inject.txt")

firewall mode:

make build_bpf
make build_go 

./packiffer firewall 

("i", "Specify interface name. Default is eth0")
("f", "Specify Path to firewall file. Default is firewall.txt")

default mode:

./packiffer 

("h", "Specify help display. Default is false")
("d", "Specify devices display. Default is false")

Examples

Display list of network interfaces

./packiffer -d

Sniff packets on 'eth0' and save packets in 'eth0.pcap' (promiscuous mode) until Ctrl+C pressed

./packiffer sniff -i eth0 -p

transformonly udp packets from 'eth0.pcap' to 'eth0_udp.pcap' until Ctrl+C pressed

./packiffer transform -in /path/to/eth0.pcap -of eth0_udp

inspect only tcp packets from pcap file

./packiffer inspect -in /path/to/file.pcap -f tcp

inject constructed tcp packets from InjectConstructed.json

./packiffer inject -i eth0 -ic -f /path/to/file.json

filter packets from ips inside firewall.txt

./packiffer firewall -i eth0 -f /path/to/file.txt
You might also like...
High performance async-io(proactor) networking for Golang。golangのための高性能非同期io(proactor)ネットワーキング
High performance async-io(proactor) networking for Golang。golangのための高性能非同期io(proactor)ネットワーキング

gaio Introduction 中文介绍 For a typical golang network program, you would first conn := lis.Accept() to get a connection and go func(net.Conn) to start a

Fast event-loop networking for Go
Fast event-loop networking for Go

evio is an event loop networking framework that is fast and small. It makes direct epoll and kqueue syscalls rather than using the standard Go net pac

A decentralized P2P networking stack written in Go.

noise noise is an opinionated, easy-to-use P2P network stack for decentralized applications, and cryptographic protocols written in Go. noise is made

Netpoll is a high-performance non-blocking I/O networking framework, which focused on RPC scenarios, developed by ByteDance.
Netpoll is a high-performance non-blocking I/O networking framework, which focused on RPC scenarios, developed by ByteDance.

Netpoll is a high-performance non-blocking I/O networking framework, which focused on RPC scenarios, developed by ByteDance. RPC is usually heavy on processing logic and therefore cannot handle I/O serially. But Go's standard library net designed blocking I/O API, so that the RPC framework can only follow the One Conn One Goroutine design.

Fork of Go stdlib's net/http that works with alternative TLS libraries like refraction-networking/utls.

github.com/ooni/oohttp This repository contains a fork of Go's standard library net/http package including patches to allow using this HTTP code with

High-performance, non-blocking, event-driven, easy-to-use networking framework written in Go, support tls/http1.x/websocket.

High-performance, non-blocking, event-driven, easy-to-use networking framework written in Go, support tls/http1.x/websocket.

🧪 Run common networking tests against your site.
🧪 Run common networking tests against your site.

dstp dstp, run common networking tests against your site. Usage Usage: dstp [OPTIONS] [ARGS]

Hybridnet is an open source container networking solution, integrated with Kubernetes and used officially by following well-known PaaS platforms

Hybridnet What is Hybridnet? Hybridnet is an open source container networking solution, integrated with Kubernetes and used officially by following we

Basic Got chat program using Ably for networking

Go Terminal Chat Basic Got chat program using Ably for networking. Taken from GopherCon UK 2021: Tom Camp - Creating a basic chat app. Setup Replace t

Owner
Massoud Asadi
Software Developer
Massoud Asadi
Caddy log filter module with a log field filter to extract the user from a basic Authorization HTTP-Header

caddy-basic-auth-filter This packages contains a log field filter to extract the user from a basic Authorization HTTP-Header. Installation xcaddy buil

Steffen Brüheim 2 May 10, 2022
Send network packets over a TCP or UDP connection.

Packet is the main class representing a single network message. It has a byte code indicating the type of the message and a []byte type payload.

Aero 71 Nov 28, 2022
Subdomain scanner, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

ksubdomain是一款基于无状态的子域名爆破工具,类似无状态端口扫描,支持在Windows/Linux/Mac上进行快速的DNS爆破,在Mac和Windows上理论最大发包速度在30w/s,linux上为160w/s。 hacking8信息流的src资产收集 https://i.hacking8

boyhack 544 Nov 25, 2022
Zero Trust Network Communication Sentinel provides peer-to-peer, multi-protocol, automatic networking, cross-CDN and other features for network communication.

Thank you for your interest in ZASentinel ZASentinel helps organizations improve information security by providing a better and simpler way to protect

ZTALAB 8 Nov 1, 2022
🚀 gnet is a high-performance, lightweight, non-blocking, event-driven networking framework written in pure Go./ gnet 是一个高性能、轻量级、非阻塞的事件驱动 Go 网络框架。

English | ???? 中文 ?? Introduction gnet is an event-driven networking framework that is fast and lightweight. It makes direct epoll and kqueue syscalls

Andy Pan 7.1k Nov 21, 2022
A fast, high performance Cross-platform lightweight Nat Tracker Server,

NatTrackerServer A fast, high performance Cross-platform lightweight Nat Tracker Server suport IPv4 and IPv6 Tracker Server protocol 1、get NAT public

51pwn 2 Apr 15, 2022
K8s_dns_chaos: enables inject DNS chaos in a Kubernetes cluster for Chaos Engineering

k8s_dns_chaos Name k8s_dns_chaos - enables inject DNS chaos in a Kubernetes cluster for Chaos Engineering. Description This plugin implements the Kube

邢凯 0 Dec 12, 2021
Cross-poster - A cross-posting tool for golang

How to start cp config.example.json config.json update config in config.json Bui

Sagleft 0 Feb 19, 2022
A tool to analyze and troubleshoot a Go binary size.

goweight A tool to analyze and troubleshoot a Go binary size. For more, see this blog post ✅ Get a breakdown of all modules inside a binary ✅ Supports

Dotan J. Nahum 1.5k Nov 27, 2022
Open source forensic software to analyze and present digital evidence.

Go Forensics Core Open source forensic software to analyze digital evidence to be presented in court. The core of Go Forensics PostgreSQL The core use

Mooij Technologies 2 May 8, 2022