pcaplite

package module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 29, 2025 License: MIT Imports: 7 Imported by: 0

README ΒΆ

πŸ•΅οΈβ€β™‚οΈ go-pcaplite – Lightweight Network Sniffer in Go

Go Reference codecov Go Report Card Platform Go Version

πŸš€ Overview

go-pcaplite is a lightweight Go library for capturing and inspecting network traffic in real time.
It wraps gopacket and simplifies packet sniffing with an easy-to-use API.

πŸ”₯ Features

  • πŸ“‘ Live packet capture from any interface
  • πŸ” Supports BPF filters (tcp, udp, icmp, arp, etc.)
  • πŸ“ Extracts protocol metadata (DNS, ARP, etc.)
  • πŸ–₯️ Cross-platform: Linux, macOS, Windows
  • ⚑ Designed for simplicity and integration into other tools

πŸ› οΈ Installation

go get github.com/alexcfv/go-pcaplite

πŸ”‘ Running on Different Operating Systems

OS How to run
Linux sudo go run main.go
macOS sudo go run main.go (or allow permissions in Security settings)
Windows Run as Administrator

🌐 Common Network Interfaces

OS Typical Interfaces
Linux eth0, wlan0, lo, enp3s0, docker0
macOS en0, en1, lo0, bridge0, utun0
Windows Ethernet, Wi-Fi, Loopback Pseudo-Interface

πŸ” Example Filters (BPF Syntax)

Filter Description
tcp Capture only TCP packets
udp Capture only UDP packets
icmp Capture ICMP (ping) traffic
arp Capture ARP requests/responses
tcp port 443 Capture HTTPS traffic
udp or icmp Capture UDP + ICMP packets
tcp and dst port 22 Capture packets going to SSH

πŸ“¦ Example

package main

import (
    "fmt"
    "log"
    "github.com/alexcfv/go-pcaplite"
)

func main() {
    opts := pcaplite.CaptureOptions{
        Filter:  "tcp port 443 or udp or arp or icmp", // HTTPS + other protocols
        Promisc: true,
    }

    packets, err := pcaplite.Capture("en0", opts) //en0 macOS interface
    if err != nil {
        log.Fatal(err)
    }

    for p := range packets {
        fmt.Printf("[%s] %s:%s -> %s:%s | %s | %d bytes\n",
            p.Timestamp.Format("15:04:05"),
            p.SrcIP, p.SrcPort,
            p.DstIP, p.DstPort,
            p.Protocol, p.Length,
        )

        // Print additional metadata (DNS, ARP, etc.)
        for k, v := range p.Extra {
            fmt.Printf("  %s: %s\n", k, v)
        }
    }
}

πŸ“¦ Output:

[21:09:29] 192.168.0.30:49380 -> 17.248.213.71:443 | TCP | 66 bytes
[21:09:29] 17.248.213.71:443 -> 192.168.0.30:49380 | TCP | 78 bytes
[21:09:29] 17.248.213.71:443 -> 192.168.0.30:49380 | TCP | 66 bytes
[21:09:29] 17.248.213.71:443 -> 192.168.0.30:49380 | TCP | 66 bytes
[21:09:29] 192.168.0.30:49380 -> 17.248.213.71:443 | TCP | 90 bytes
[21:09:29] 192.168.0.30:49380 -> 17.248.213.71:443 | TCP | 66 bytes
[21:09:29] 17.248.213.71:443 -> 192.168.0.30:49380 | TCP | 78 bytes
[21:09:29] 192.168.0.30:49380 -> 17.248.213.71:443 | TCP | 54 bytes
[21:09:31] 192.168.0.31:5353 -> 224.0.0.251:5353 | UDP | 119 bytes
[21:09:31] fe80::8001:51ff:fe3b:55ce:5353 -> ff02::fb:5353 | UDP | 139 bytes

✍️ From the Author

Hi! I’m the author of go-pcaplite.

I also have a CLI utility for deeper traffic analysis.
You can check it out here: CLI sniffer

πŸ“œ License

MIT Β© 2025 alexcfv

Documentation ΒΆ

Index ΒΆ

Constants ΒΆ

This section is empty.

Variables ΒΆ

This section is empty.

Functions ΒΆ

func Capture ΒΆ 

func Capture(iface string, opts CaptureOptions) (<-chan Packet, error)

Types ΒΆ

type CaptureOptions ΒΆ 

type CaptureOptions struct {
	Filter    string
	SnapLen   int32
	Promisc   bool
	TimeoutMs int
}

type Packet ΒΆ 

type Packet struct {
	Timestamp   time.Time
	SrcIP       string
	DstIP       string
	SrcMAC      string
	DstMAC      string
	Protocol    string
	SrcPort     string
	DstPort     string
	Length      int
	PayloadSize int
	Extra       map[string]string
}

Packet - main data

Source Files ΒΆ

View all Source files

Directories ΒΆ

Path Synopsis
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.