PCAP CLI

High performance packet capturing translator leveraged by gopacket.

Currently offering JSON packet translation into files and stdout.

Amazing to be used alongside jq

---

How to build

Dependencies

• libpcap-dev: install from distro repos
• stringer: go install golang.org/x/tools/cmd/stringer@latest

Using go

go generate ./...
go build -o bin/pcap cmd/pcap.go

NOTE: apply gofumpt before commit; i/e: gofumpt -l -w .

Using Taskfile

Quick build

task -v build

Verbose build

task -v dist

Docker build

task -v docker-build

How to use

Using goacket engine

Generating JSON

sudo pcap -eng=google -promisc -i ${IFACE} -s ${SNAPLEN} -fmt=json -stdout -filter='tcp'

Generating ordered JSON

sudo pcap -eng=google -promisc -i ${IFACE} -s ${SNAPLEN} -fmt=json -stdout -filter='tcp' -ordered

Generating console output and JSON files

sudo pcap -eng=google -promisc -i ${IFACE} -s ${SNAPLEN} -w part_%Y%m%d_%H%M%S -ext=json -fmt=json -stdout -filter='tcp'

Terminate execution after defined seconds

sudo pcap -eng=google -promisc \
  -i ${IFACE} -s ${SNAPLEN} \
  -w part_%Y%m%d_%H%M%S -ext=json \
  -fmt=json -stdout \
  -timeout=60 -filter='tcp'

Terminate execution after defined seconds and rotate every defined seconds

sudo pcap -eng=google -promisc \
  -i ${IFACE} -s ${SNAPLEN} \
  -w part_%Y%m%d_%H%M%S -ext=json \
  -fmt=json -stdout \
  -timeout=60 -interval=10 -filter='tcp'

---

Projects using PCAP CLI

• Cloud Run tcpdump sidecar: (https://github.com/gchux/cloud-run-tcpdump)

---

Roadmap

Translators

• Plain Text
• Protocol Buffers: https://protobuf.dev/

Integrations

• gRPC packet capture streaming