# README
PCAP CLI
High performance packet capturing translator leveraged by gopacket.
Currently offering JSON packet translation into files and stdout.
Amazing to be used alongside jq
How to build
Dependencies
libpcap-dev: install from distro reposstringer:go install golang.org/x/tools/cmd/stringer@latest
Using go
go generate ./...
go build -o bin/pcap cmd/pcap.go
NOTE: apply
gofumptbefore commit; i/e:gofumpt -l -w .
Using Taskfile
Quick build
task -v build
Verbose build
task -v dist
Docker build
task -v docker-build
How to use
Using goacket engine
Generating JSON
sudo pcap -eng=google -promisc -i ${IFACE} -s ${SNAPLEN} -fmt=json -stdout -filter='tcp'
Generating ordered JSON
sudo pcap -eng=google -promisc -i ${IFACE} -s ${SNAPLEN} -fmt=json -stdout -filter='tcp' -ordered
Generating console output and JSON files
sudo pcap -eng=google -promisc -i ${IFACE} -s ${SNAPLEN} -w part_%Y%m%d_%H%M%S -ext=json -fmt=json -stdout -filter='tcp'
Terminate execution after defined seconds
sudo pcap -eng=google -promisc \
-i ${IFACE} -s ${SNAPLEN} \
-w part_%Y%m%d_%H%M%S -ext=json \
-fmt=json -stdout \
-timeout=60 -filter='tcp'
Terminate execution after defined seconds and rotate every defined seconds
sudo pcap -eng=google -promisc \
-i ${IFACE} -s ${SNAPLEN} \
-w part_%Y%m%d_%H%M%S -ext=json \
-fmt=json -stdout \
-timeout=60 -interval=10 -filter='tcp'
Projects using PCAP CLI
- Cloud Run tcpdump sidecar: (https://github.com/gchux/cloud-run-tcpdump)
Roadmap
Translators
- Plain Text
- Protocol Buffers: https://protobuf.dev/
Integrations
- gRPC packet capture streaming