Skip to main content

Packet captures

Powered by PCAPng, WireShark, tshark

Write to packets to

Gont merges and sorts packet captures in real-time from multiple interfaces and records them to one of the following sinks:

  • Using PCAPng format
    • Regular files
    • Named pipes
    • TCP / UDP / Unix listeners
    • WireShark real-time stream
  • Go channels
  • Go callback functions.

Filtering

Captured network traffic can be filtered by

  • Selected Gont nodes and interfaces
  • eBPF filter programs
  • pcap-filter(7) expressions
  • Go callback functions (⚠ slow!)

Session key logging

Most transport layer encryption protocols today provide perfect forward secrecy by using short-lived ephemeral session keys.

Gont offers a feature to log these session keys into a PCAPng file to enable a decryption of upper layer protocols with a dissector tool like Wireshark.

Example