Packet Capturing and Analysis using GoLang

I was always wondering about creating my own set of tools to work in network layers. While I was surfing through the youtube I saw this post from Hacker Valley Studio. They created a packet sniffing tool using the built-in package from GoLang. In this post, I will be trying to recreate the same. please share your insights in the comment section.


Let's get into the code


Step 1: Create a file named main.go and add the package as main.


package main

Step 2: Next, we need to import the necessary packages. We are going to use the gopacket package from GoLang.


import (
   "github.com/google/gopacket"
   "github.com/google/gopacket/pcap"
   "fmt"
   "log"
   "time"
)

Step 3: we need to create some variables to pass as an input to the gopacket package.


var (
   device string = "wlp0s20f3"
   snaplen int32 = 65535
   promisc bool =false
   err error
   timeout time.Duration = -1*time.Second
   handle *pcap.Handle
)

The device represents the name of your network interface card (use ifconfig to find ). The snaplen represents the size of the packets you are listening to. The promisc is set to true if each and every packet from the interface should be listened to. The handle is the reference to the handle from the gopacket package.


Step 4: Let's come into the main program next.


func main(){
   handle,err = pcap.OpenLive(device,snaplen,promisc,timeout)
   if err!= nil{
      log.Fatal(err)
   }

   defer handle.Close()

   var filter string = "src host /*your IP*/ and icmp"
   err=handle.SetBPFFilter(filter)
   if err!=nil{
      log.Fatal(err)
   }
   packetSource:=gopacket.NewPacketSource(handle,handle.LinkType())

   for packet :=range packetSource.Packets(){
      log.Println("Got Pinged")
      fmt.Println(packet)
   }
}

Let me explain one by one.


handle,err = pcap.OpenLive(device,snaplen,promisc,timeout)

The OpenLive is used to sniff the packet in real-time from the interface card. we pass the variables created from before as the input to the function. we point the handle reference to the openlive function.


if err!= nil{
      log.Fatal(err)
   }

   defer handle.Close()

This is the basic sanity codes. be sure to handle the exception and defer the closing function of the handle.


var filter string = "src host /*your IP*/ and icmp"
   err=handle.SetBPFFilter(filter)
   if err!=nil{
      log.Fatal(err)
   }

So, the handle will be holding all the packets that are coming through the interface. But in this post, we are going to see whether we are getting pinged by anyone in the network. So we are going to track only the ICMP packets. There is an option for filtering the packets based on the string value. so we are mentioning the host with our own IP. Replace the /*your IP*/ with your own ip address. Then we can add a BPFFilter to filter the packet based on your filter string. As usual,IP handles the errors.


packetSource:=gopacket.NewPacketSource(handle,handle.LinkType())

for packet :=range packetSource.Packets(){
   log.Println("Got Pinged")
   fmt.Println(packet)
}

Now, in order to view the packets we have to create a packet source.we are using NewPacketSource from the gopacket and store in a variable. Then we are simply iterating through the packets and print it to log it.


Execution:


Now, build the file and execute it. After that try pinging your IP from your terminal using the ping command.




Here, you can see the packet information on the basis of the OSI layer. we can achieve more by using this package. Let me try some more features of this package and will meet you in another post.


Thanks for reading, please share this article and your thoughts in the comment.


Source: Hacker Valley Studio

Github: Source Code



143 views

©2020 by DevDecimal.