golibwireshark - Package use libwireshark library to decode pcap file and analyse dissection data.

Overview

golibwireshark

GoDoc

Package golibwireshark use libwireshark library to decode pcap file and analyse dissection data.

This package can only be used in OS linux with CPU x86_64. If you want to use it on other CPU structure, you need compile library in libs folder from source code.

Dependencies

  • libwireshark library (version 1.12.8)

  • libglib2.0

Install

  • ubuntu
apt-get install libglib2.0-dev
go get github.com/sunwxg/golibwireshark

cd $GOPATH/src/github.com/sunwxg/golibwireshark
cat libs/libwireshark.{00,01,02,03} > libs/libwireshark.so
chmod 775 libs/libwireshark.so

go build
go test

Examples

file := "1.pcap"
outfile := "o.pcap"
key := "ip.addr"

err := golibwireshark.Init(file, outfile)
if err != nil {
	fmt.Printf("open file failed\n")
	return
}
defer golibwireshark.Clean()

var p golibwireshark.Packet

for {
	p.GetPacket()
	if p.Edt == nil {
		break
	}

	if _, ok := p.IsKey(key); ok {
		p.WriteToFile()
	}

	p.FreePacket()
}
Issues
  • fatal error: unexpected signal during runtime execution - golibwireshark.go:37

    fatal error: unexpected signal during runtime execution - golibwireshark.go:37

    Hi,

    Im trying to use the golibwireshark, but in every example I got an unexpected signal crashing the application when it try to use the init() function. I already tried in some containers debian, ubuntu 15... but it didn`t woked.

    fatal error: unexpected signal during runtime execution
    [signal 0xb code=0x1 addr=0x0 pc=0x0]
    
    runtime stack:
    runtime: unexpected return pc for runtime.sigpanic called from 0x7effc091281a
    runtime.throw(0x753325)
        /usr/lib/go/src/pkg/runtime/panic.c:520 +0x69
    runtime: unexpected return pc for runtime.sigpanic called from 0x7effc091281a
    runtime.sigpanic()
        /usr/lib/go/src/pkg/runtime/os_linux.c:222 +0x3d
    
    goroutine 16 [syscall]:
    runtime.cgocall(0x4028c8, 0x7effc0e2de58)
        /usr/lib/go/src/pkg/runtime/cgocall.c:143 +0xe5 fp=0x7effc0e2de40 sp=0x7effc0e2ddf8
    github.com/sunwxg/golibwireshark._Cfunc_init(0x22609e0, 0x0, 0x22609e0)
        github.com/sunwxg/golibwireshark/_obj/_cgo_defun.c:146 +0x31 fp=0x7effc0e2de58 sp=0x7effc0e2de40
    github.com/sunwxg/golibwireshark.Init(0x4d9050, 0xc, 0x4d2690, 0x0, 0x0, 0x0)
        /root/go/src/github.com/sunwxg/golibwireshark/golibwireshark.go:37 +0x69 fp=0x7effc0e2dea0 sp=0x7effc0e2de58
    main.main()
        /root/tests/golibwireshark/example/printpacket/printPacket.go:12 +0x5c fp=0x7effc0e2df50 sp=0x7effc0e2dea0
    runtime.main()
        /usr/lib/go/src/pkg/runtime/proc.c:247 +0x11a fp=0x7effc0e2dfa8 sp=0x7effc0e2df50
    runtime.goexit()
        /usr/lib/go/src/pkg/runtime/proc.c:1445 fp=0x7effc0e2dfb0 sp=0x7effc0e2dfa8
    created by _rt0_go
        /usr/lib/go/src/pkg/runtime/asm_amd64.s:97 +0x120
    
    goroutine 19 [finalizer wait]:
    runtime.park(0x4165c0, 0x758af8, 0x755f09)
        /usr/lib/go/src/pkg/runtime/proc.c:1369 +0x89
    runtime.parkunlock(0x758af8, 0x755f09)
        /usr/lib/go/src/pkg/runtime/proc.c:1385 +0x3b
    runfinq()
        /usr/lib/go/src/pkg/runtime/mgc0.c:2644 +0xcf
    runtime.goexit()
        /usr/lib/go/src/pkg/runtime/proc.c:1445
    
    goroutine 17 [syscall]:
    runtime.goexit()
        /usr/lib/go/src/pkg/runtime/proc.c:1445
    exit status 2
    
    

    Thanks

    opened by kairotavares 3
  • doesn't compile with libwireshark-2.4.4

    doesn't compile with libwireshark-2.4.4

    I tried to copy the approach from https://github.com/sunwxg/decode_by_libwireshark to get the golibwireshark to compile with wireshark-2.4.4, but I'm stuck on this

    # github.com/sunwxg/golibwireshark                                                                                                     │
    In file included from /usr/include/wireshark/epan/epan_dissect.h:31:0,                                                                 │clean:
                     from ././wireshark-2.4.4/lib.h:10,                                                                                    │        @rm -rf myshark
                     from ./golibwireshark.go:16:                                                                                          │
    /usr/include/wireshark/epan/proto.h:125:27: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'void'                      │[email protected]:~/go/src/github.com/sunwxg/decode_by_libwireshark$ logout
     WS_DLL_PUBLIC WS_NORETURN void proto_report_dissector_bug(const char *message);                                                       │Connection to 127.0.0.1 closed.
                               ^
    

    the code is in my fork at https://github.com/prasincs/golibwireshark

    opened by prasincs 1
Owner
Xiaoguang Wang
Xiaoguang Wang
🦈 Prometheus exporter for pcap metrics

pcap-exporter ?? Prometheus exporter for pcap metrics Usage

Kent 'picat' Gruber 14 Dec 2, 2021
Encode and Decode Message Length Indicators for TCP/IP socket based protocols

SimpleMLI A Message Length Indicator Encoder/Decoder Message Length Indicators (MLI) are commonly used in communications over raw TCP/IP sockets. This

American Express 22 Feb 21, 2022
Use Consul to do service discovery, use gRPC +kafka to do message produce and consume. Use redis to store result.

目录 gRPC/consul/kafka简介 gRPC+kafka的Demo gRPC+kafka整体示意图 限流器 基于redis计数器生成唯一ID kafka生产消费 kafka生产消费示意图 本文kafka生产消费过程 基于pprof的性能分析Demo 使用pprof统计CPU/HEAP数据的

null 40 Apr 15, 2022
DeepCopy a portable app that allows you to copy all forms of specified file types from your entire file system of the computer

DeepCopy a portable app that allows you to copy all forms of specified file types from your entire file system of the computer

subrahmanya  s hegade 1 Dec 20, 2021
Generates file.key file for IPFS Private Network.

ipfs-keygen Generates file.key file for IPFS Private Network. Installation go get -u github.com/reixmor/ipfs-keygen/ipfs-keygen Usage ipfs-keygen > ~/

Camilo Abel Monreal Aguero 0 Jan 18, 2022
Applies IMT Hash to the data of a downloaded file

downloader Description Applies IMT Hash to the data of a downloaded file. Writes the result in a file (hexData.txt) as a hex string in the provided pa

Eduardo 0 Nov 11, 2021
A golang library about socks5, supports all socks5 commands. That Provides server and client and easy to use. Compatible with socks4 and socks4a.

socks5 This is a Golang implementation of the Socks5 protocol library. To see in this SOCKS Protocol Version 5. This library is also compatible with S

chenhao zhang 38 May 10, 2022
Data Connector is a Google Sheets Add-on that lets you import (and export) data to/from Google Sheets

Data Connector Data Connector is a Google Sheets Add-on that lets you import (and export) data to/from Google Sheets. Our roadmap: Connect to JSON/XML

Brent Adamson 103 May 10, 2022
A Go package for creating contributor list by release, Help full for those organization that use one repository for platform release

This is a Go package which create contributors list by release by scanning across all repository that exist in organisation, Only helpful for those or

Yuvraj 0 Dec 26, 2021
Package raw enables reading and writing data at the device driver level for a network interface. MIT Licensed.

raw Package raw enables reading and writing data at the device driver level for a network interface. MIT Licensed. For more information about using ra

Matt Layher 422 May 11, 2022
A minimal analytics package to start collecting traffic data without client dependencies.

go-web-analytics A minimal analytics package to start collecting traffic data without client dependencies. Logging incoming requests import "github.co

Jake Kalstad 0 Nov 23, 2021
Fetch-npm-package - A small utility that can be used to fetch a given version of a NPM package

Use fetch-npm-package <package> <version> <output-dir> E.g. fetch-npm-package is

Bjørn Erik Pedersen 2 Feb 18, 2022
Go library for writing standalone Map/Reduce jobs or for use with Hadoop's streaming protocol

dmrgo is a Go library for writing map/reduce jobs. It can be used with Hadoop's streaming protocol, but also includes a standalone map/reduce impleme

Damian Gryski 105 Nov 26, 2021
An easy-to-use, flexible network simulator library in Go.

ns-x An easy-to-use, flexible network simulator library for Go. Feature Programmatically build customizable and scalable network topology from basic n

Bytedance Inc. 96 May 20, 2022
Guilherme Biff Zarelli 2 Jan 11, 2022
Go client library for accessing the Football Data API

football-data-sdk football-data-sdk is a Go client library for accessing the Football Data API. Successful queries return native Go structs. Services

Matheus Tex 12 Mar 15, 2022
A yaml data-driven testing format together with golang testing library

Specified Yaml data-driven testing Specified is a yaml data format for data-driven testing. This enforces separation between feature being tested the

Design it, Run it 0 Jan 9, 2022
Use pingser to create client and server based on ICMP Protocol to send and receive custom message content.

pingser Use pingser to create client and server based on ICMP Protocol to send and receive custom message content. examples source code: ./examples Us

zznQ 11 Jan 12, 2022