今天在工作中用到谷歌的包github.com/google/gopacket,由于gopacket构建在libpcap上,libcap该库提供的C函数接口用于捕捉经过指定网络接口的数据包,该接口应该是被设为混杂模式。
著名的软件TCPDUMP就是在Libpcap的基础上开发而成的。Libpcap提供的接口函数实现和封装了与数据包截获有关的过程。Libpcap可以在绝大多数Linux平台上运行。
主要有以下功能:
数据包捕获:捕获流经网卡的原始数据包
自定义数据包发送:构造任何格式的原始数据包
流量采集与统计:采集网络中的流量信息
规则过滤:提供自带规则过滤功能,按需要选择过滤规则
我们写一个简单的打印出所有网卡信息小程序:
package main
import (
"fmt"
"github.com/google/gopacket/pcap"
"log"
)
func main() {
// Find all devices
devices, err := pcap.FindAllDevs()
if err != nil {
log.Fatal(err)
}
// Print device information
fmt.Println("Devices found:")
for _, device := range devices {
fmt.Println("\nName: ", device.Name)
fmt.Println("Description: ", device.Description)
fmt.Println("Devices addresses: ", device.Description)
for _, address := range device.Addresses {
fmt.Println("- IP address: ", address.IP)
fmt.Println("- Subnet mask: ", address.Netmask)
}
}
}
然后在win10上运行这段代码
go run main.go
发现报
couldn't load wpcap.dll
exit status 1
説明win10环境少了依赖库,推荐安装npcap ,npcap的官网地址是:
https://npcap.com/
下载后打开安装成功后,再次打开
go run main.go
Devices found:
Name: \Device\NPF_{1E9C058F-7344-486E-A880-27FE429FA412}
Description: WAN Miniport (IPv6)
Devices addresses: WAN Miniport (IPv6)
Name: \Device\NPF_{2F889861-FDCE-4347-B23C-484A6BDECC97}
Description: WAN Miniport (IP)
Devices addresses: WAN Miniport (IP)
Name: \Device\NPF_{54548853-C8DC-4187-B02E-ABB1625F5276}
Description: WAN Miniport (Network Monitor)
Devices addresses: WAN Miniport (Network Monitor)
Name: \Device\NPF_{358F0F1F-DE12-4694-84AA-64AEFB7B73E9}
Description: Bluetooth Device (Personal Area Network)
Devices addresses: Bluetooth Device (Personal Area Network)
- IP address: fe80::21da:51ed:5c2b:d6ab
- Subnet mask: ffffffffffffffff0000000000000000
- IP address: 169.254.214.171
- Subnet mask: ffff0000
Name: \Device\NPF_{EF769C84-B603-4628-9DA8-40354E1CD3B2}
Description: Microsoft Wi-Fi Direct Virtual Adapter
Devices addresses: Microsoft Wi-Fi Direct Virtual Adapter
- IP address: fe80::a0e4:1964:24c7:8017
- Subnet mask: ffffffffffffffff0000000000000000
- IP address: 169.254.128.23
- Subnet mask: ffff0000
Name: \Device\NPF_{9EEDAA4D-8BAB-40A0-A1E9-7F2177EF2DE8}
Description: Intel(R) Dual Band Wireless-AC 3165
Devices addresses: Intel(R) Dual Band Wireless-AC 3165
- IP address: 2409:8a00:1831:7dc0:2457:c6f9:5493:e09d
- Subnet mask: ffffffffffffffff0000000000000000
- IP address: 2409:8a00:1831:7dc0:1570:ad7d:25d7:7ea5
- Subnet mask: ffffffffffffffffffffffffffffffff
- IP address: fe80::2457:c6f9:5493:e09d
- Subnet mask: ffffffffffffffff0000000000000000
- IP address: 192.168.1.3
- Subnet mask: ffffff00
Name: \Device\NPF_{E60BC869-1387-474C-87E9-148A8FD408DA}
Description: VMware Virtual Ethernet Adapter for VMnet8
Devices addresses: VMware Virtual Ethernet Adapter for VMnet8
- IP address: fe80::6139:e769:ce9e:b455
- Subnet mask: ffffffffffffffff0000000000000000
- IP address: 192.168.141.1
- Subnet mask: ffffff00
Name: \Device\NPF_{5AB8E58C-3596-4D64-836C-3483C5E75C99}
Description: VMware Virtual Ethernet Adapter for VMnet1
Devices addresses: VMware Virtual Ethernet Adapter for VMnet1
- IP address: fe80::10ca:1087:1ffc:f1e7
- Subnet mask: ffffffffffffffff0000000000000000
- IP address: 192.168.59.1
- Subnet mask: ffffff00
Name: \Device\NPF_{F7D4CE18-3E78-4764-BF58-44C01D551B14}
Description: Microsoft Wi-Fi Direct Virtual Adapter #2
Devices addresses: Microsoft Wi-Fi Direct Virtual Adapter #2
- IP address: fe80::b95c:7464:d01e:862b
- Subnet mask: ffffffffffffffff0000000000000000
- IP address: 169.254.134.43
- Subnet mask: ffff0000
Name: \Device\NPF_Loopback
Description: Adapter for loopback traffic capture
Devices addresses: Adapter for loopback traffic capture
Name: \Device\NPF_{4F20286B-FDB2-4BF0-9F92-CA05AC4BADB0}
Description: Realtek PCIe GBE Family Controller
Devices addresses: Realtek PCIe GBE Family Controller
- IP address: fe80::612a:5dee:df9c:7494
- Subnet mask: ffffffffffffffff0000000000000000
- IP address: 169.254.116.148
- Subnet mask: ffff0000
Name: \Device\NPF_{31C39684-F2D3-46FD-97DB-3A4218EC14A9}
Description: TAP-Windows Adapter V9
Devices addresses: TAP-Windows Adapter V9
- IP address: fe80::21f8:b233:2371:dbde
- Subnet mask: ffffffffffffffff0000000000000000
- IP address: 10.198.75.60
- Subnet mask: ffffff00
- IP address: 169.254.219.222
- Subnet mask: ffff0000
会出来一堆网卡信息相关的信息,説明我们现在的环境可以正常的使用
github.com/google/gopacket
包了
更多的使用gopacket包进行网络数据包捕获,注入和分析,后续会进一步的分亨
如有问题,欢迎大家留言沟通,点赞支持!!