windows 下使用`gopacket`抓包

這是一個建立於 的文章，其中的資訊可能已經有所發展或是發生改變。

安裝gopacket

go get github.com/google/gopacket/pcap

安裝gcc

安裝 http://tdm-gcc.tdragon.net/download

安裝winpcap和winpcap develop package

https://www.winpcap.org/install/default.htm

解壓WpdPack_4_1_2.zip到D盤根目錄

測試

package mainimport (    "fmt"    "log"    "github.com/google/gopacket/pcap")func main() {    // Find all devices    devices, err := pcap.FindAllDevs()    if err != nil {        log.Fatal(err)    }    // Print device information    fmt.Println("Devices found:")    for _, d := range devices {        fmt.Println("\nName: ", d.Name)        fmt.Println("Description: ", d.Description)        fmt.Println("Devices addresses: ", d.Description)        for _, address := range d.Addresses {            fmt.Println("- IP address: ", address.IP)            fmt.Println("- Subnet mask: ", address.Netmask)        }    }}

報錯

fatal error: pcap.h: No such file or directory

開啟 github.com/google/gopacket/pcap/pcap.go

裡面WpdPack的位置是寫死的c盤,修改WpdPack_4_1_2.zip解壓後的位置

#cgo solaris LDFLAGS: -L /opt/local/lib -lpcap#cgo linux LDFLAGS: -lpcap#cgo dragonfly LDFLAGS: -lpcap#cgo freebsd LDFLAGS: -lpcap#cgo openbsd LDFLAGS: -lpcap#cgo darwin LDFLAGS: -lpcap#cgo windows CFLAGS: -I D:/WpdPack/Include        //修改為 上一步安裝的dev 包的位置 安裝在`D 盤`#cgo windows,386 LDFLAGS: -L D:/WpdPack/Lib -lwpcap#cgo windows,amd64 LDFLAGS: -L D:/WpdPack/Lib/x64 -lwpcap#include <stdlib.h>#include <pcap.h>

collect2.exe: error ld returned 1 exit status

參考https://stackoverflow.com/questions/38047858/compile-gopacket-on-windows-64bit

OK so I have figured it out.In order to compile gopacket 64bit on windows you need to do the following:1. Install go_amd64 (add go binaries to your PATH)2. Install TDM GCC x64 (add TDM-GCC binaries to your PATH)3. Also add TDM-GCC\x86_64-w64-mingw32\bin to your PATH4. Install Winpcap Download Winpcap developer's pack and extract it to C:\Now the point is that there are missing linux static libraries files(libwpcap.a and libpacket.a) from lib/x64 folder. I don't know why they weren'tincluded in the developers pack but anyway that's how we can generate them:5. find wpcap.dll and packet.dll in your PC (typically in c:\windows\system326. copy them to some other temp folder or else you'll have to supply Admin privs to the following commands7. run gendef on those files gendef wpcap.dll and gendef packet.dll (obtainable with MinGW Installation Manager, package mingw32-gendef)8. this will generate .def files9. Now we'll generate the static libraries files:    run dlltool --as-flags=--64 -m i386:x86-64 -k --output-lib libwpcap.a --input-def wpcap.def    and dlltool --as-flags=--64 -m i386:x86-64 -k --output-lib libpacket.a --input-def packet.def    Now just copy both libwpcap.a and libpacket.a to c:\WpdPack\Lib\x64

測試

抓包

package mainimport (    "log"    "github.com/google/gopacket/pcap"    "github.com/google/gopacket"    "time")func main() {    handle, err := pcap.OpenLive("\\Device\\NPF_{713C668E-58F6-4831-90A5-73FEEC913A39}", 1024, false, 30*time.Second)    if err != nil {        log.Fatal(err)    }    defer handle.Close()    packetSource := gopacket.NewPacketSource(handle, handle.LinkType())    for packet := range packetSource.Packets() {        // Process packet here        log.Println(packet)    }}

輸出

2018/01/06 23:09:47 PACKET: 121 bytes, wire length 121 cap length 121 @ 2018-01-06 23:09:30.312665 +0800 CST- Layer 1 (14 bytes) = Ethernet    {Contents=[..14..] Payload=[..107..] SrcMAC=00:6b:8e:4e:ba:2d DstMAC=c0:7c:d1:f2:d0:b2 EthernetType=IPv4 Length=0}- Layer 2 (20 bytes) = IPv4    {Contents=[..20..] Payload=[..87..] Version=4 IHL=5 TOS=0 Length=107 Id=59952 Flags=DF FragOffset=0 TTL=54 Protocol=UDP Checksum=60643 SrcIP=125.39.45.58 DstIP=192.168.2.100 Options=[] Padding=[]}- Layer 3 (08 bytes) = UDP    {Contents=[..8..] Payload=[..79..] SrcPort=8000(irdmi) DstPort=4018(talarian-mcast4) Length=87 Checksum=58425}- Layer 4 (79 bytes) = Payload    79 byte(s)2018/01/06 23:09:47 PACKET: 55 bytes, wire length 55 cap length 55 @ 2018-01-06 23:09:30.666074 +0800 CST- Layer 1 (14 bytes) = Ethernet    {Contents=[..14..] Payload=[..41..] SrcMAC=c0:7c:d1:f2:d0:b2 DstMAC=00:6b:8e:4e:ba:2d EthernetType=IPv4 Length=0}- Layer 2 (20 bytes) = IPv4    {Contents=[..20..] Payload=[..21..] Version=4 IHL=5 TOS=0 Length=41 Id=29729 Flags=DF FragOffset=0 TTL=64 Protocol=TCP Checksum=1532 SrcIP=192.168.2.100 DstIP=64.233.188.188 Options=[] Padding=[]}- Layer 3 (20 bytes) = TCP    {Contents=[..20..] Payload=[0] SrcPort=26750 DstPort=5228(hpvroom) Seq=2557674006 Ack=3496291841 DataOffset=5 FIN=false SYN=false RST=false PSH=false ACK=true URG=false ECE=false CWR=false NS=false Window=254 Checksum=55368 Urgent=0 Options=[] Padding=[]}- Layer 4 (01 bytes) = Payload    1 byte(s)