Get full access to Security with Go and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Reading from a pcap file

Instead of opening a device for live capture, you can also open a pcap file for inspection offline. After getting a handle, whether it was from pcap.OpenLive() or pcap.OpenOffline(), the handle is treated the same. No distinction is made between a live device and a capture file once the handle is created, except that a live device will continue to deliver packets, and a file will eventually end.

You can read pcap files that were captured with any libpcap client, including Wireshark, tcpdump, or other gopacket applications. This example opens a file named test.pcap using pcap.OpenOffline() and then iterates through the packets using range and prints the basic packet information. Change the filename from test.pcap

Get Security with Go now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now