README
¶
PCAP CLI
High performance packet capturing translator leveraged by gopacket.
Currently offering JSON packet translation into files and stdout.
Amazing to be used alongside jq
How to build
Dependencies
libpcap-dev: install from distro reposstringer:go install golang.org/x/tools/cmd/stringer@latest
Using go
go generate ./...
go build -o bin/pcap cmd/pcap.go
NOTE: apply
gofumptbefore commit; i/e:gofumpt -l -w .
Using Taskfile
Quick build
task -v build
Verbose build
task -v dist
Docker build
task -v docker-build
How to use
Using goacket engine
Generating JSON
sudo pcap -eng=google -promisc -i ${IFACE} -s ${SNAPLEN} -fmt=json -stdout -filter='tcp'
Generating ordered JSON
sudo pcap -eng=google -promisc -i ${IFACE} -s ${SNAPLEN} -fmt=json -stdout -filter='tcp' -ordered
Generating console output and JSON files
sudo pcap -eng=google -promisc -i ${IFACE} -s ${SNAPLEN} -w part_%Y%m%d_%H%M%S -ext=json -fmt=json -stdout -filter='tcp'
Terminate execution after defined seconds
sudo pcap -eng=google -promisc \
-i ${IFACE} -s ${SNAPLEN} \
-w part_%Y%m%d_%H%M%S -ext=json \
-fmt=json -stdout \
-timeout=60 -filter='tcp'
Terminate execution after defined seconds and rotate every defined seconds
sudo pcap -eng=google -promisc \
-i ${IFACE} -s ${SNAPLEN} \
-w part_%Y%m%d_%H%M%S -ext=json \
-fmt=json -stdout \
-timeout=60 -interval=10 -filter='tcp'
Projects using PCAP CLI
- Cloud Run tcpdump sidecar: (https://github.com/gchux/cloud-run-tcpdump)
Roadmap
Translators
- Plain Text
- Protocol Buffers: https://protobuf.dev/
Integrations
- gRPC packet capture streaming
Directories
Click to show internal directories.
Click to hide internal directories.