Environment Setup, Technology Selection, and Performance Optimization for a Go-Based Packet Capture Service

Environment Preparation and Technology Selection The project uses the gopacket library (GitHub: https://github.com/google/gopacket) and its documentation (https://godoc.org/github.com/google/gopacket), which provides a Go wrapper around libpcap for packet capture.

Language Choice The service is implemented in Go to leverage its high performance, multi‑core concurrency model, lightweight goroutine constructs, and channel‑based communication for efficient inter‑goroutine messaging.

Database MongoDB is selected for storing captured packet data.

Code Framework Design The packet capture workflow is divided into three threads: (1) a capture thread that listens, filters by IP, stores and optionally displays packets; (2) a request‑listener thread handling start/stop commands from mobile devices; (3) a cleanup thread that removes old records to keep the database size bounded.

Performance Optimization During testing, three main issues were identified: (1) MongoDB slow‑log entries, (2) packet loss, and (3) unexpectedly low CPU utilization. Four optimization versions were applied:

Version 1: Created an index on the phoneip field to speed up lookups.

Version 2: Assigned a dedicated thread per phone for storage operations, reducing work on the main goroutine.

Version 3: Split packet parsing so that the main thread only extracts source/destination IPs, while port‑related parsing is delegated to the per‑phone storage threads.

Version 4: Implemented batch storage, accumulating a threshold (e.g., 10 packets) before performing a MongoDB write to lower network I/O frequency.

Extended Knowledge Investigation into Wireshark’s packet parsing revealed that packet data is shown in hexadecimal with corresponding ASCII representation; printable characters appear as‑is, while non‑printable characters are displayed as “.”.

Conclusion Optimizing code performance—reducing unnecessary operations, minimizing I/O, and designing for high cohesion and low coupling—significantly improves resource utilization and user experience for high‑load services.