Using ' gopacket ' to grab a bag under windows

This is a creation in Article, where the information may have evolved or changed.

Installationgopacket

go get github.com/google/gopacket/pcap

Installationgcc

Installing Http://tdm-gcc.tdragon.net/download

Installation winpcap andwinpcap develop package

Https://www.winpcap.org/install/default.htm

Unzip WpdPack_4_1_2.zip toD盘根目录

Test

package mainimport (    "fmt"    "log"    "github.com/google/gopacket/pcap")func main() {    // Find all devices    devices, err := pcap.FindAllDevs()    if err != nil {        log.Fatal(err)    }    // Print device information    fmt.Println("Devices found:")    for _, d := range devices {        fmt.Println("\nName: ", d.Name)        fmt.Println("Description: ", d.Description)        fmt.Println("Devices addresses: ", d.Description)        for _, address := range d.Addresses {            fmt.Println("- IP address: ", address.IP)            fmt.Println("- Subnet mask: ", address.Netmask)        }    }}

Error

fatal error: pcap.h: No such file or directory

Open itgithub.com/google/gopacket/pcap/pcap.go

Inside WpdPack The position is written dead C disk, modify WpdPack_4_1_2.zip the location after decompression

#cgo solaris LDFLAGS: -L /opt/local/lib -lpcap#cgo linux LDFLAGS: -lpcap#cgo dragonfly LDFLAGS: -lpcap#cgo freebsd LDFLAGS: -lpcap#cgo openbsd LDFLAGS: -lpcap#cgo darwin LDFLAGS: -lpcap#cgo windows CFLAGS: -I D:/WpdPack/Include        //修改为 上一步安装的dev 包的位置 安装在`D 盘`#cgo windows,386 LDFLAGS: -L D:/WpdPack/Lib -lwpcap#cgo windows,amd64 LDFLAGS: -L D:/WpdPack/Lib/x64 -lwpcap#include <stdlib.h>#include <pcap.h>

collect2.exe: error ld returned 1 exit status

Reference Https://stackoverflow.com/questions/38047858/compile-gopacket-on-windows-64bit

OK so I had figured it out. In order to compile Gopacket 64bit on Windows need to do the following:1. Install go_amd64 (add go binaries to your PATH) 2. Install TDM GCC x64 (add TDM-GCC binaries to your PATH) 3. Also add Tdm-gcc\x86_64-w64-mingw32\bin to your PATH4. Install Winpcap Download Winpcap Developer ' s pack and extract it to C:\Now the point was that there be missing Linux Stati c Libraries Files (LIBWPCAP.A and libpacket.a) from Lib/x64 folder. I don ' t know why they weren ' tincluded in the developers pack but anyway that's how we can generate Them:5. Find Wpcap.dll and Packet.dll in your PCs (typically in c:\windows\system326. Copy them to some other temp folder or else y Ou ' ll has to supply Admin privs to the following commands7. Run Gendef on those files Gendef Wpcap.dll and Gendef Packet.dll (obtainable with MinGW installation Manager, Package Ming W32-GENDEF) 8. This would generate Def FILES9. Now we ' ll generate the static libraries Files:run Dlltool--as-flags=--64-m i386:x86-64-k--output-lib libwpcap.a--input-def wpcap.def and Dlltool--as-flags=--64-m i386:x86-64-k--output-lib li BPACKET.A--input-def packet.def Now just copy both Libwpcap.a and LIBPACKET.A to c:\WpdPack\Lib\x64

Test

Grab Bag

package mainimport (    "log"    "github.com/google/gopacket/pcap"    "github.com/google/gopacket"    "time")func main() {    handle, err := pcap.OpenLive("\\Device\\NPF_{713C668E-58F6-4831-90A5-73FEEC913A39}", 1024, false, 30*time.Second)    if err != nil {        log.Fatal(err)    }    defer handle.Close()    packetSource := gopacket.NewPacketSource(handle, handle.LinkType())    for packet := range packetSource.Packets() {        // Process packet here        log.Println(packet)    }}

Output

2018/01/06 23:09:47 packet:121 bytes, wire length 121 cap Length 121 @ 2018-01-06 23:09:30.312665 +0800 Cst-layer 1 (14 bytes) = Ethernet {contents=[. ...] payload=[. 107.] srcmac=00:6b:8e:4e:ba:2d dstmac=c0:7c:d1:f2:d0:b2 Ethernettype=ipv4 length=0}-Layer 2 (bytes) = IPv4 {Conten ts=[. ...] payload=[. version=4 ihl=5 tos=0 length=107 id=59952 flags=df fragoffset=0 ttl=54 protocol=udp Checksum=60643 SrcIP=125.39.45. dstip=192.168.2.100 options=[] padding=[]}-Layer 3 (bytes) = UDP {contents=[. 8 ...] payload=[. srcport=8000 (IRDMI) dstport=4018 (talarian-mcast4) length=87 checksum=58425}-Layer 4 (bytes) = Payload bytes (s) 2018/01/06 23:09:47 packet:55 bytes, wire length-cap length @ 2018-01-06 23:09:30.666074 +0800 Cst-layer 1 (14 bytes) = Ethernet {contents=[. ...] payload=[. SRCMAC=C0:7C:D1:F2:D0:B2 dstmac=00:6b:8e:4e:ba:2d Ethernettype=ipv4 length=0}-Layer 2 (bytes) = IPv4 {Content s=[. ...] payload=[. :] version=4 IHL=5 tos=0 length=41 id=29729 flags=df fragoffset=0 ttl=64 protocol=tcp checksum=1532 SrcIP=192.168.2.100 DstIP= 64.233.188.188 options=[] padding=[]}-Layer 3 (bytes) = TCP {contents=[: [] payload=[0] srcport=26750 dstport=5228 (hpvroom) seq=2557674006 ack=3496291841 dataoffset=5 FIN=false SYN=false Rst=false psh=false ack=true urg=false ece=false cwr=false ns=false window=254 checksum=55368 Urgent=0 Options=[] Padding =[]}-Layer 4 (bytes) = Payload 1 byte (s)