A passive network monitoring application written in Go using the GoPacket library. The tool captures the traffic from a network interface in promiscuous mode (or read the packets from a pcap trace file) and print a record for each packet in its standard output. The user can specify a BPF filter for capturing a subset of the traffic, and/or a string pattern for capturing only packets with matching payloads.
specification of the program:
go run mydump.go [-i interface] [-r file] [-s string] expression
-i Live capture from the network device (e.g., eth0). If not specified, mydump should automatically select a default interface to listen on. Capture should continue indefinitely until the user terminates the program.
-r Read packets from in tcpdump format.
-s Keep only packets that contain in their payload (after any BPF filter is applied).
is a BPF filter that specifies which packets will be dumped. If no filter is given, all packets seen on the interface (or contained in the trace) should be dumped. Otherwise, only packets matching should be dumped.
For each packet, mydump prints a record containing the timestamp, source and destination MAC addresses, EtherType (as a hexadecimal number), packet length, source and destination IP addresses, protocol type ("TCP", "UDP", "ICMP", and "OTHER"), source and destination ports (for TCP and UDP packets), the TCP flags in case of TCP packets, and the raw content of the packet payload.
The program is compatible with modern Linux distributions.