Giters

randolphcyg / gowireshark

Provide the same packet processing capabilities as wireshark for Go.[wireshark4.2.6 supported] Due to delays in github LFS upgrade, the latest dll is pushed to google

Home Page:https://drive.google.com/drive/folders/1V-h60podfRDsgPmHUC1C8YM1LB6bQHH1?usp=drive_link

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

how to get the packet to go routine and use it

ugandhar84 opened this issue · comments

commented

I think at present it is just printing (print_hex_data) the decoded packet on console - now i need to that return to go function and able to modify that json/packet.

commented

go run main.go

command-line-arguments

/home/linuxbrew/.linuxbrew/Cellar/go/1.20.7/libexec/pkg/tool/linux_amd64/link: running cc failed: exit status 1
/usr/bin/ld:/home/unellore/go/pkg/mod/github.com/randolphcyg/gowireshark@v1.10.6/libs/libwiretap.so: file format not recognized; treating as linker script
/usr/bin/ld:/home/unellore/go/pkg/mod/github.com/randolphcyg/gowireshark@v1.10.6/libs/libwiretap.so:1: syntax error
collect2: error: ld returned 1 exit status

why is it failing if i use go get module in my program..

commented

Im able to use packet in my go program - but the packet data is random not in order - if you see below packet numbers are not in order and same for layers too.

Index: packets-2023-01-11

sctp
ngap
frame
sll
ip

Layers: 12 ===> Pkt Number

Index: packets-2023-01-11

frame
sll
ip
sctp
f1ap

Layers: 21

Index: packets-2023-01-11

sctp
f1ap
frame
sll
ip

Layers: 23

Index: packets-2023-01-11

ip
sctp
f1ap
frame
sll

Layers: 17 ===> packet

Index: packets-2023-01-11

sctp
f1ap
frame
sll
ip

Layers: 14

Index: packets-2023-01-11

frame
sll
ip
sctp
e1ap

Layers: 24

Index: packets-2023-01-11

sctp ===> see layers are also unordered
f1ap
frame
sll
ip

Layers: 1

Index: packets-2023-01-11

ip
sctp
f1ap
frame
sll

Layers: 19

Index: packets-2023-01-11

frame
sll
ip
sctp
f1ap

Layers: 25

Index: packets-2023-01-11

frame
sll
ip
sctp
f1ap

Layers: 26

Index: packets-2023-01-11

frame
sll
ip
sctp
ngap

Layers: 9

Index: packets-2023-01-11

frame
sll
ip
sctp
f1ap

Layers: 3

Index: packets-2023-01-11

frame
sll
ip
sctp
f1ap

Layers: 10

Index: packets-2023-01-11

ip
sctp
f1ap
frame
sll

Layers: 13

Index: packets-2023-01-11

frame
sll
ip
sctp
e1ap

Layers: 15

Index: packets-2023-01-11

sll
ip
sctp
f1ap
frame

Layers: 22

Index: packets-2023-01-11

frame
sll
ip
sctp
f1ap

commented

In the function GetAllFrameProtoTreeInJson, map[string]FrameDissectRes is used to store the parsed json result, because the map is unordered, so if the result is directly traversed out of order, it can be solved by manipulating the map with an ordered index.
Like this way:

func TestGetAllFrameProtoTreeInJson(t *testing.T) {
	allFrameDissectRes, err := gowireshark.GetAllFrameProtoTreeInJson(inputFilepath2, true, false)
	if err != nil {
		fmt.Println(err)
	}

	for i := 1; i <= len(allFrameDissectRes); i++ {
		fmt.Println(strconv.Itoa(i), allFrameDissectRes[strconv.Itoa(i)].WsIndex, allFrameDissectRes[strconv.Itoa(i)].Ascii)
	}
}
commented
commented
  • Now after reading the pcap file, it is supported to parse the dataframe sequentially, thanks for your suggestion.commit: 91c3ac5
  • I also get a warning from the epan module, but it doesn't affect the result and doesn't crash.