Thank you for this — I had read Linus' first post before and never imagined my tiny tool would be compared to something with that kind of legacy.
I'm just an undergrad student in China (not even CS major, unfortunately), and this little project was my way of saying thanks — to the schools that stood up bravely.
Really appreciate your kind words. Let’s see what comes next. :)
Much appreciated, thank you! I'll also print and frame my first dang email :)
It's a bit of a pity that the original description, which my comment refers to, is now gone.
Not gone, just hidden under the rug :)
Cool! I did something similar when I wanted to learn Go, but did my own parsers instead of using gopacket, I would recommend doing that yourself if you want to learn more low level stuff.
How I parsed IP for example:
type Addr [4]uint8
func (ip Addr) String() string {
return fmt.Sprintf("%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3])
}
type Hdr struct {
Version uint8
IHL uint8
DSCP uint8
ECN uint8
Length uint16
Id uint16
Flags uint8
Fragoffset uint16
TTL uint8
Protocol uint8
Checksum uint16
Src Addr
Dst Addr
}
func (hdr *Hdr) Parse(d []byte) error {
hdr.Version = uint8(d[0] >> 4)
hdr.IHL = uint8(d[0] & 0x0f)
hdr.DSCP = uint8(d[1] >> 6)
hdr.ECN = uint8(d[1] & 0x03)
hdr.Length = uint16(binary.BigEndian.Uint16(d[2:4]))
hdr.Id = uint16(binary.BigEndian.Uint16(d[4:6]))
hdr.Flags = uint8(d[6] >> 5)
hdr.Fragoffset = uint16(binary.BigEndian.Uint16(d[6:8])) & 0x1fff
hdr.TTL = d[8]
hdr.Protocol = d[9]
hdr.Checksum = uint16(binary.BigEndian.Uint16(d[10:12]))
hdr.Src = Addr{d[12], d[13], d[14], d[15]}
hdr.Dst = Addr{d[16], d[17], d[18], d[19]}
if hdr.IHL > 5 {
fmt.Println("extra options detected") // TODO: support for extra options
}
return nil
}
Thanks a lot for sharing this — it's super helpful!
Yeah, I’m currently using gopacket mainly to get something working fast, but I’ve been thinking about writing my own parsers from scratch to understand the protocols better.
Your Hdr example is really clean — definitely saving this as reference! I love how direct and readable it is.
I’ll definitely try going lower level when I revisit the packet layer logic. Thanks again for the nudge
Seconding this. Implementing low level protocols from scratch is a great introduction to network programming (do the kids today ever do network programming, or is it all just 15 layers of libraries on top of HTTP?). Good to understand the underpinnings of the systems you work with, and how subtly complex things get down there.
Go is great for tools like this. I've built MITM protocol analyzers a few times. Being able to completely customize the handling, analysis, and break in in the debugger can make it more useful than a super-capable but general-purpose tool like Wireshark.
Thanks for sharing your experience! Go really does shine here—I felt that even as a student building Vanta while learning, things came together surprisingly well.
The features you mentioned sound awesome. I might give it a try later on—supporting stream breaks and debug controls sounds really fun
Cool! I've sometimes gotten the impression that wireshark-lite is an unfulfilled niche so this is nice.
Thanks! I actually didn’t think that far ahead — I just wanted to build something within my ability, something that works and feels meaningful to me.
If it happens to fill a niche, that’s a lucky bonus
Cool! Will definitely take a look.
Curios what made you choose Go for this project? I am looking into building a toy version of Burp with either Rust/Go but still undecided.
For me the main reasons to pick Go in those context are cross-compilation, static binaries and more subjectively better productivity. You can very quickly get an MVP running and distribute it knowing it will work everywhere.
I appreciate the things you wrote at the end of the github page.
I have no idea if you could make any use of such a thing, but, if you email info@rsync.net we would be happy to give a free-forever account to use in any way you see fit.
The user you're replying to isn't the author.
In this specific case, the 'static binaries' and 'cross-compilation' aspect aren't relevant, as vanta is a dynamically linked binary with multiple library dependencies; it has to link against libpcap, which also pulls in some infiniband libraries on my system, plus libdbus which pulls in libsystemd, libgcrypt, libgpg-error, libcap, and libs lz4, lzma, and zstd. In fact, the only library that tcpdump links against that vanta doesn't is libcrypto.
Note that none of this has to do with vanta itself; it's solely because it depends on libpcap, and libpcap depends on all of those other libraries. Still, it does mean that cross-compiling isn't notably easier than just building tcpdump itself.
Great question! I chose Go mainly because it's simple, efficient, and widely used — and honestly, it's the language I'm most comfortable with right now.
I'm still a student, and I don’t have super big ambitions yet — I just wanted to build something I could actually finish and understand
Rust is amazing, but I haven’t started learning it seriously yet. It feels a bit overwhelming at this stage. Maybe one day, when I'm ready to dive deeper!
Good luck with your Burp project too — I’d love to see it if you share it someday!
Hey, that's what I'm doing! ;)
https://github.com/redawl/gitm
I chose go mainly for static binaries (no install steps needed for the end user), and also because I have been really enjoying writing go programs lately, mainly because of the simplicity without too much of a tradeoff for speed.
Hey nice project! I have a similar project too, originated from collecting data via Wireshark and wanting to view it as a graph and do a little lite weight anomaly detection. It's also a learning project for me.
https://github.com/derekburgess/jaws
Whoa, that sounds really cool — I like the idea.
Genuine question: is this a wrapper around Google's gopacket?
Thanks for the question!
Yes, Vanta currently relies on gopacket for packet capture and parsing. As a student, my main goal was to build something clear, functional, and real — rather than reinvent everything from scratch.
I'm actively learning the details of network protocols, and I do plan to write some custom parsers later, both for flexibility and personal understanding. But at this stage, I think it’s more important to deliver a meaningful tool than to prove I can reimplement low-level stacks.
In the long run, I may gradually replace parts of gopacket, but right now it's an important and reliable foundation for the project.
(And honestly — finishing something real matters more to me than perfection )
This looks nice, perhaps name your project babyshark?
Have to say it would be worth making this project just for the sake of this pun alone.
At the risk of sounding boring, but be careful not to sacrifice searchability for this
Yes especially since Vanta is an already well known company.
Name it dootdoodoodootdoodo
That one's taken, I think.
> This project is not just code — it's a response. Amid political pressure, some universities like Harvard, MIT, and CMU stood up for international students.
> I’m just an ordinary undergraduate with no resources or background. This is my way of responding — not by petition, but through code. Vanta may be small, but it’s real, and it’s mine.
This comes off as super ChatGPT-y to me. "X is not y — it's Z! Preamble, passionate statement. Sycophantic encouraging statement — list, of, a, few, things, but also this. Summarize statement, but this other thing, and saying the same thing again but in a slightly different way."
I've given up on ChatGPT because of this style of writing.
Totally fair! I really appreciate the honesty.
English isn't my native language, and most of the expressions I know come from TED talks, open source READMEs, and honestly... the kind of news clips our teachers play in class
So yeah, that probably shaped the way I wrote this.
You’re right though — reading it again, it does sound kinda overly polished.
I’ll try to keep future writing more personal and grounded.
Still learning — and thanks for reading it at all. That already means a lot!
It's the em dash that does it for me
AIs learned that from humans because it's a normal, common bit of punctuation they see frequently.
AIs also use the word "the" frequently.
Friendly reminder that em and en dashes were part of English well before ChatGPT was launched. Anecdotally, I’ve been using them forever and English isn’t even my native language.
Also, a lot of programs autocorrect dashes to em-dashes.
I use em dashes, but always as two hyphens.
I think this notion that em dash always means chatgpt is an overview correction.
I have loved the em dash forever and i’m being punished for it now.
A small Wireshark? A... baby shark?
A toy Wireshark. A Blåhaj!
Now you’ll just have to figure out how to implement all of the vulnerabilities historically present in wireshark parsers! /s
Haha, true to tradition, right?I’ll make sure to add an “Enable Historical CVEs” flag in the next release