TODOs

type ProtocolBuffer struct { []string Types [][]byte Fields }

add payload data for Flows and Connection if desired?
add flags to enable payload capture for link layer protocols. Currently payload capture only supports some Transport layer protos
refactor printProgress()
refactor CheckFields()
use gopacket.LayerType for c.unknownProtosAtomic and c.allProtosAtomi -> AtomicCounterMap for gopacket.Layers
stats table: include custom encoders

README

CC=x86_64-pc-linux-gcc GOOS=linux GOARCH=amd64 CGO_ENABLED=1 go build -o nc-linux -i github.com/dreadl0ck/netcap/cmd
GOOS=linux GOARCH=amd64 CGO_ENABLED=1 go build -o nc-linux -ldflags="-L /usr/local/opt/libpcap/lib" -i github.com/dreadl0ck/netcap/cmd

helper func for ToString() on array?
add github wiki
godoc API cleanup
handle panic(err) gracefully
performance: allocate fixed size arrays when encoding
add flag to map field values to constant names
add test files for different protocols
JSON output
events package to define events based on characteristics or IOCs
scale to multi instance architecture
data exporters + visualization dashboards / VR etc
robustness testing / pentest
performance assessment + optimizations
labeling: how many unmatched alerts?
labeling: switch to intelligence from eve.json
display custom encoder stats in final view: add stats func to custom encoder and call them on destroy
TCP stream reassembly: make App Layer decoding configurable, to allow extension for other layer 7 protos (SMTP, FTP etc)
flag sort output by timestamp (func in utils)
flag to limit maximum disk space used in live mode / create a file per day?
add go commandline completion lib
port the dataframe encoding logic to Go
make labeling work on bare CSV based on timestamp + plus source pcap
also dump http uploads via POST
pprof & memprof tests
use unique maps for each worker and merge to prevent synced maps?
integrate HASSH
netcap plugins?
integrate labeling function for YARA
go-dpi classifiers?