Skip to content Skip to footer
0 items - $0.00 0
Menu

Show HN: A toy version of Wireshark (student project) by lixiasky

12CommentsShare Post
Show HN: A toy version of Wireshark (student project) by lixiasky
Show

Show HN: A toy version of Wireshark (student project) by lixiasky

2 days ago
12Comments
Share This Article
Share Post
Newsletter

Sed ut perspiciatis unde.

Subscribe

Send to HN

Vanta: Lightweight Behavioral Packet Analyzer

Author: lixiasky
Version: 1.0
License: Apache 2.0

Project Overview

Vanta is a lightweight, fast, command-line-based network behavior analyzer. It reconstructs protocol-level flows and extracts structured activity from captured data.

Unlike full-featured GUI tools like Wireshark, Vanta focuses on clarity, structure, and simplicity — ideal for custom scripting and minimal setups.

Features

Protocol-Level Parsing

Supports HTTP, DNS, TLS (with partial fingerprinting)

Connection Tracking

Automatically reconstructs bidirectional flows

Behavior Exporting

Outputs clean JSON-formatted summaries

Portable & Dependency-Free

Single binary, no external dependencies

Quick Start (See usage/ folder for full guide)

go run main.go

Refer to the usage fo

Read More

0Likes
Show comments (12)

12 Comments

  • Post Author
    dotaenjoyer322
    Posted June 2, 2025 at 3:27 pm

    Cool! Will definitely take a look.

    Curios what made you choose Go for this project? I am looking into building a toy version of Burp with either Rust/Go but still undecided.

    0Likes
  • Post Author
    jasonthorsness
    Posted June 2, 2025 at 3:39 pm

    Go is great for tools like this. I've built MITM protocol analyzers a few times. Being able to completely customize the handling, analysis, and break in in the debugger can make it more useful than a super-capable but general-purpose tool like Wireshark.

    0Likes
  • Post Author
    colesantiago
    Posted June 2, 2025 at 3:57 pm

    This looks nice, perhaps name your project babyshark?

    0Likes
  • Post Author
    kinduff
    Posted June 2, 2025 at 4:57 pm

    [flagged]

    0Likes
  • Post Author
    Hikikomori
    Posted June 2, 2025 at 4:58 pm

    Cool! I did something similar when I wanted to learn Go, but did my own parsers instead of using gopacket, I would recommend doing that yourself if you want to learn more low level stuff.

    How I parsed IP for example:

      type Addr [4]uint8
  
  func (ip Addr) String() string {
   return fmt.Sprintf("%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3])
  }
  
  type Hdr struct {
   Version    uint8
   IHL        uint8
   DSCP       uint8
   ECN        uint8
   Length     uint16
   Id         uint16
   Flags      uint8
   Fragoffset uint16
   TTL        uint8
   Protocol   uint8
   Checksum   uint16
   Src        Addr
   Dst        Addr
  }
  
  func (hdr *Hdr) Parse(d []byte) error {
   hdr.Version = uint8(d[0] >> 4)
   hdr.IHL = uint8(d[0] & 0x0f)
   hdr.DSCP = uint8(d[1] >> 6)
   hdr.ECN = uint8(d[1] & 0x03)
   hdr.Length = uint16(binary.BigEndian.Uint16(d[2:4]))
   hdr.Id = uint16(binary.BigEndian.Uint16(d[4:6]))
   hdr.Flags = uint8(d[6] >> 5)
   hdr.Fragoffset = uint16(binary.BigEndian.Uint16(d[6:8])) & 0x1fff
   hdr.TTL = d[8]
   hdr.Protocol = d[9]
   hdr.Checksum = uint16(binary.BigEndian.Uint16(d[10:12]))
   hdr.Src = Addr{d[12], d[13], d[14], d[15]}
   hdr.Dst = Addr{d[16], d[17], d[18], d[19]}
  
   if hdr.IHL > 5 {
    fmt.Println("extra options detected") // TODO: support for extra options
   }
   return nil
  }

    0Likes
  • Post Author
    thenthenthen
    Posted June 2, 2025 at 5:00 pm

    Screenshots please!

    0Likes
  • Post Author
    dang
    Posted June 2, 2025 at 5:17 pm

    [stub for offtopicness]

    0Likes
  • Post Author
    Cockbrand
    Posted June 2, 2025 at 5:19 pm

    This reads a bit like Linus' first annoucement, see https://en.wikipedia.org/wiki/History_of_Linux#:~:text=Hello… – godspeed to you, and let's see when you will take over :)

    0Likes
  • Post Author
    worldsayshi
    Posted June 2, 2025 at 5:40 pm

    Cool! I've sometimes gotten the impression that wireshark-lite is an unfulfilled niche so this is nice.

    0Likes
  • Post Author
    thegoodduck
    Posted June 2, 2025 at 7:02 pm

    https://github.com/thegoodduck/netsour

    0Likes
  • Post Author
    woleium
    Posted June 2, 2025 at 7:04 pm

    watch out for the other vanta (who do SOC2 stuff) they are keen to protect their name.

    0Likes
  • Post Author
    op00to
    Posted June 2, 2025 at 7:25 pm

    > This project is not just code — it's a response. Amid political pressure, some universities like Harvard, MIT, and CMU stood up for international students.

    > I’m just an ordinary undergraduate with no resources or background. This is my way of responding — not by petition, but through code. Vanta may be small, but it’s real, and it’s mine.

    This comes off as super ChatGPT-y to me. "X is not y — it's Z! Preamble, passionate statement. Sycophantic statement — list, of, a, few, things, but also this. Summarize statement, but this other thing, and saying the same thing again but in a slightly different way."

    I've given up on ChatGPT because of this style of writing.

    0Likes

Leave a comment

In the Shadows of Innovation”

© 2025 HackTech.info. All Rights Reserved.

Sign Up to Our Newsletter

Be the first to know the latest updates

Whoops, you're not connected to Mailchimp. You need to enter a valid Mailchimp API key.