example https://github.com/google/gopacket/blob/master/examples/synscan/main.go

Question

example https://github.com/google/gopacket/blob/master/examples/synscan/main.go

CyberRoute opened this issue 9 months ago · 0 comments

Hi,

recently I worked on a synscan and I started from the example there is in the repo. Although I find that pretty cool seems like sharing the handle when reading and writing packets to it causes troubles: scanning would become extremely slow and flaky e.g: on this https://gist.github.com/CyberRoute/5cd02e1ee10d1c4cef09e5cca1d6f57c

// scanner handles scanning a single IP address.
type scanner struct {
	// iface is the interface to send packets on.
	iface *net.Interface
	// destination, gateway (if applicable), and source IP addresses to use.
	dst, gw, src net.IP

	handle *pcap.Handle

	// opts and buf allow us to easily serialize packets in the send()
	// method.
	opts gopacket.SerializeOptions
	buf  gopacket.SerializeBuffer
}

After testing with handles decoupled for arp and tcp when reading packets everything goes pretty smooth and fast even without parallelism as on the example. e.g:

TCP:

ipFlow := gopacket.NewFlow(layers.EndpointIPv4, s.dst, s.src)

handle, err := pcap.OpenLive(s.iface.Name, 65535, true, pcap.BlockForever)
if err != nil {
	return err
}
defer handle.Close()

ARP:

arpDst := s.dst
if s.gw != nil {
	arpDst = s.gw
}
handle, err := pcap.OpenLive(s.iface.Name, 65536, true, pcap.BlockForever)
if err != nil {
	return nil, err
}