Golang makes it really simple to code some otherwise arduous tasks. In this case, we needed to sniff raw network data, filter out DNS data, and send the DNS queries and responses to an Elasticsearch cluster.

The resulting code is surprisingly simple thanks to libraries such as GoPacket, as you can see below:

The program compiles on Windows as well as Linux (make sure you have CGO enabled). The project was ultimately discarded because Packetbeat is awesome, but it still served as a very good coding exersize.

Some screenshots of the program in action on Windows Server:

And the resulting entries in ElasticSearch:

There’s obviously loads missing, like proper error recovery… but it works.

PS the program can be converted into a service in the background using the excellent Non-sucking service manager

References

http://www.devdungeon.com/content/packet-capture-injection-and-analysis-gopacket