Show HN: A toy version of Wireshark (student project)

Hi everyone,

I recently published a small open-source project. It’s a minimal network packet analyzer written in Go — designed more like a learning toy than a replacement for Wireshark.

It currently supports parsing basic protocols like TLS, DNS, and HTTP, and includes a tiny fuzzing engine to test payload responses. You can inspect raw packet content directly from the terminal. The output is colored for readability, and the code structure is kept simple and clear.

The entire program is very small — just about 400 lines of Go code. I know it’s not anywhere near Wireshark’s level, and I still use Wireshark myself for real-world analysis. But I built it as a personal experiment in network parsing and to understand protocol behavior more directly.

If you're curious or would like to try it out, the project is here: https://github.com/lixiasky/vanta

I'm happy to hear your thoughts, suggestions, or critiques. It’s just a little network toy, but maybe someone out there finds it useful or fun.

Thanks for reading!

github.com

260 points

lixiasky

2 days ago

96 comments

Cockbrand 2 days ago

This reads a bit like Linus' first annoucement, see https://en.wikipedia.org/wiki/History_of_Linux#:~:text=Hello... - godspeed to you, and let's see when you will take over :)

  • lixiasky 2 days ago

    Thank you for this — I had read Linus' first post before and never imagined my tiny tool would be compared to something with that kind of legacy.

    I'm just an undergrad student in China (not even CS major, unfortunately), and this little project was my way of saying thanks — to the schools that stood up bravely.

    Really appreciate your kind words. Let’s see what comes next. :)

  • dang 2 days ago

    I did a s/Vanta/you/ on this comment as part of trying to reduce the offtopic noise about the name. (More at https://news.ycombinator.com/item?id=44161041 and https://news.ycombinator.com/item?id=44161144.)

    I hope that's ok with you! The alternative would be to move it under https://news.ycombinator.com/item?id=44161021, but it's a really nice comment so I don't want to do that.

    • Cockbrand 2 days ago

      Much appreciated, thank you! I'll also print and frame my first dang email :) It's a bit of a pity that the original description, which my comment refers to, is now gone.

      • dang 2 days ago

        Not gone, just hidden under the rug :)

jasonthorsness 2 days ago

Go is great for tools like this. I've built MITM protocol analyzers a few times. Being able to completely customize the handling, analysis, and break in in the debugger can make it more useful than a super-capable but general-purpose tool like Wireshark.

  • lixiasky 2 days ago

    Thanks for sharing your experience! Go really does shine here—I felt that even as a student building Vanta while learning, things came together surprisingly well.

    The features you mentioned sound awesome. I might give it a try later on—supporting stream breaks and debug controls sounds really fun

worldsayshi 2 days ago

Cool! I've sometimes gotten the impression that wireshark-lite is an unfulfilled niche so this is nice.

  • lixiasky 2 days ago

    Thanks! I actually didn’t think that far ahead — I just wanted to build something within my ability, something that works and feels meaningful to me.

    If it happens to fill a niche, that’s a lucky bonus

dotaenjoyer322 2 days ago

Cool! Will definitely take a look.

Curios what made you choose Go for this project? I am looking into building a toy version of Burp with either Rust/Go but still undecided.

  • arbll 2 days ago

    For me the main reasons to pick Go in those context are cross-compilation, static binaries and more subjectively better productivity. You can very quickly get an MVP running and distribute it knowing it will work everywhere.

    • rsync 2 days ago

      I appreciate the things you wrote at the end of the github page.

      I have no idea if you could make any use of such a thing, but, if you email info@rsync.net we would be happy to give a free-forever account to use in any way you see fit.

      • duskwuff 2 days ago

        The user you're replying to isn't the author.

      • sitkack 16 hours ago

        Thank you.

    • danudey 2 days ago

      In this specific case, the 'static binaries' and 'cross-compilation' aspect aren't relevant, as vanta is a dynamically linked binary with multiple library dependencies; it has to link against libpcap, which also pulls in some infiniband libraries on my system, plus libdbus which pulls in libsystemd, libgcrypt, libgpg-error, libcap, and libs lz4, lzma, and zstd. In fact, the only library that tcpdump links against that vanta doesn't is libcrypto.

      Note that none of this has to do with vanta itself; it's solely because it depends on libpcap, and libpcap depends on all of those other libraries. Still, it does mean that cross-compiling isn't notably easier than just building tcpdump itself.

  • lixiasky 2 days ago

    Great question! I chose Go mainly because it's simple, efficient, and widely used — and honestly, it's the language I'm most comfortable with right now.

    I'm still a student, and I don’t have super big ambitions yet — I just wanted to build something I could actually finish and understand

    Rust is amazing, but I haven’t started learning it seriously yet. It feels a bit overwhelming at this stage. Maybe one day, when I'm ready to dive deeper!

    Good luck with your Burp project too — I’d love to see it if you share it someday!

  • redawl 2 days ago

    Hey, that's what I'm doing! ;) https://github.com/redawl/gitm

    I chose go mainly for static binaries (no install steps needed for the end user), and also because I have been really enjoying writing go programs lately, mainly because of the simplicity without too much of a tradeoff for speed.

Hikikomori 2 days ago

Cool! I did something similar when I wanted to learn Go, but did my own parsers instead of using gopacket, I would recommend doing that yourself if you want to learn more low level stuff.

How I parsed IP for example:

  type Addr [4]uint8
  
  func (ip Addr) String() string {
   return fmt.Sprintf("%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3])
  }
  
  type Hdr struct {
   Version    uint8
   IHL        uint8
   DSCP       uint8
   ECN        uint8
   Length     uint16
   Id         uint16
   Flags      uint8
   Fragoffset uint16
   TTL        uint8
   Protocol   uint8
   Checksum   uint16
   Src        Addr
   Dst        Addr
  }
  
  func (hdr *Hdr) Parse(d []byte) error {
   hdr.Version = uint8(d[0] >> 4)
   hdr.IHL = uint8(d[0] & 0x0f)
   hdr.DSCP = uint8(d[1] >> 6)
   hdr.ECN = uint8(d[1] & 0x03)
   hdr.Length = uint16(binary.BigEndian.Uint16(d[2:4]))
   hdr.Id = uint16(binary.BigEndian.Uint16(d[4:6]))
   hdr.Flags = uint8(d[6] >> 5)
   hdr.Fragoffset = uint16(binary.BigEndian.Uint16(d[6:8])) & 0x1fff
   hdr.TTL = d[8]
   hdr.Protocol = d[9]
   hdr.Checksum = uint16(binary.BigEndian.Uint16(d[10:12]))
   hdr.Src = Addr{d[12], d[13], d[14], d[15]}
   hdr.Dst = Addr{d[16], d[17], d[18], d[19]}
  
   if hdr.IHL > 5 {
    fmt.Println("extra options detected") // TODO: support for extra options
   }
   return nil
  }
  • lixiasky 2 days ago

    Thanks a lot for sharing this — it's super helpful!

    Yeah, I’m currently using gopacket mainly to get something working fast, but I’ve been thinking about writing my own parsers from scratch to understand the protocols better.

    Your Hdr example is really clean — definitely saving this as reference! I love how direct and readable it is.

    I’ll definitely try going lower level when I revisit the packet layer logic. Thanks again for the nudge

  • 0xbadcafebee 2 days ago

    Seconding this. Implementing low level protocols from scratch is a great introduction to network programming (do the kids today ever do network programming, or is it all just 15 layers of libraries on top of HTTP?). Good to understand the underpinnings of the systems you work with, and how subtly complex things get down there.

leumassuehtam a day ago

Genuine question: is this a wrapper around Google's gopacket?

  • lixiasky a day ago

    Thanks for the question!

    Yes, Vanta currently relies on gopacket for packet capture and parsing. As a student, my main goal was to build something clear, functional, and real — rather than reinvent everything from scratch.

    I'm actively learning the details of network protocols, and I do plan to write some custom parsers later, both for flexibility and personal understanding. But at this stage, I think it’s more important to deliver a meaningful tool than to prove I can reimplement low-level stacks.

    In the long run, I may gradually replace parts of gopacket, but right now it's an important and reliable foundation for the project.

    (And honestly — finishing something real matters more to me than perfection )

spacecadet a day ago

Hey nice project! I have a similar project too, originated from collecting data via Wireshark and wanting to view it as a graph and do a little lite weight anomaly detection. It's also a learning project for me.

https://github.com/derekburgess/jaws

  • lixiasky 14 hours ago

    Whoa, that sounds really cool — I like the idea.

colesantiago 2 days ago

This looks nice, perhaps name your project babyshark?

  • poisonborz 2 days ago

    Have to say it would be worth making this project just for the sake of this pun alone.

  • Kuraj 2 days ago

    At the risk of sounding boring, but be careful not to sacrifice searchability for this

  • qmr 2 days ago

    Name it dootdoodoodootdoodo

  • mrbluecoat 2 days ago

    or Fanta

    • 0xEF 2 days ago

      That one's taken, I think.

      • mrbluecoat 2 days ago

        yes, that's the joke ;)

  • Bad_CRC 2 days ago

    na na na na na

op00to 2 days ago

> This project is not just code — it's a response. Amid political pressure, some universities like Harvard, MIT, and CMU stood up for international students.

> I’m just an ordinary undergraduate with no resources or background. This is my way of responding — not by petition, but through code. Vanta may be small, but it’s real, and it’s mine.

This comes off as super ChatGPT-y to me. "X is not y — it's Z! Preamble, passionate statement. Sycophantic encouraging statement — list, of, a, few, things, but also this. Summarize statement, but this other thing, and saying the same thing again but in a slightly different way."

I've given up on ChatGPT because of this style of writing.

  • lixiasky 2 days ago

    Totally fair! I really appreciate the honesty. English isn't my native language, and most of the expressions I know come from TED talks, open source READMEs, and honestly... the kind of news clips our teachers play in class

    So yeah, that probably shaped the way I wrote this. You’re right though — reading it again, it does sound kinda overly polished.

    I’ll try to keep future writing more personal and grounded. Still learning — and thanks for reading it at all. That already means a lot!

  • singiamtel 2 days ago

    It's the em dash that does it for me

    • kstrauser 2 days ago

      AIs learned that from humans because it's a normal, common bit of punctuation they see frequently.

      AIs also use the word "the" frequently.

    • amingilani 2 days ago

      Friendly reminder that em and en dashes were part of English well before ChatGPT was launched. Anecdotally, I’ve been using them forever and English isn’t even my native language.

      • yen223 a day ago

        Also, a lot of programs autocorrect dashes to em-dashes.

    • qmr 2 days ago

      I use em dashes, but always as two hyphens.

      I think this notion that em dash always means chatgpt is an overview correction.

    • hhh a day ago

      I have loved the em dash forever and i’m being punished for it now.

moffkalast 2 days ago

A small Wireshark? A... baby shark?

  • rezmason 2 days ago

    A toy Wireshark. A Blåhaj!

  • qmr 2 days ago

    Doot doo doo doot doo do

dang 2 days ago

[stub for offtopicness]

  • chillpenguin 2 days ago

    Why are all of the comments about the name? The author literally said this is a toy project for educational purposes... There are thousands of projects on github. This isn't even the only other project named "vanta" on github (I just checked and there is an animation library for javascript called vanta). So, seriously, who cares?

    If OP was an actual company, that would be different. But this is quite literally a toy project.

    Anyway, congrats OP! Your project looks really cool.

    • dang 2 days ago

      Most probably those other projects haven't been at #1 on HN or similar sites for long.

      I agree that having discussion get consumed by the name is unfortunate and off-topic. It's also predictable, alas (https://news.ycombinator.com/item?id=44161041) but we have various tricks to try to dampen it.

    • j1elo 2 days ago

      Yeah, it's like if one writes a tiny calculator and names it Disney to learn how to program in Delphi, it's a learning exercise with 0 commercial intent so who cares. But for those who care about the name vanta, get the G from Go and rename it to Ganta, problem solved :-)

      with the added benefit that the software family could be extended in the future with other learning exercises such as a Rust forum engine named Ranta

    • 293984j29384 2 days ago

      I agree. I was trying to use Vanta’s trust management platform to prepare for an audit but instead downloaded Vanta, the toy version of Wireshark. It's very easy to mix up 400 lines of go code on github with the security platform on vanta.com.

      /s

  • andygcook 2 days ago

    Congratulations on the launch! FYI there is a pretty well-known YC startup named Vanta that helps companies manage various security compliance certifications.

    Obviously, there are often different services that share the same name, but given that Vanta isn't an actual word in the English language, I would think this might be confusing for people.

    As a data point of one, I just assumed Vanta (the company) was doing a Show HN today and was confused at first glance.

    • philipwhiuk 2 days ago

      I'd argue they're both inspired by Vantablack.

    • planetpluta 2 days ago

      > I just assumed Vanta (the company) was doing a Show HN today and was confused at first glance

      Did the title of the post change? At first glance the Show HN is a toy wireshark program very far from any Trust Management and compliance

      • dang 2 days ago

        Yes, we changed it to try to stave off off-topic discussion about the name.

        The world is a big place. I bet this kid had no idea that the name was "taken"—either that or they assumed their project was so obviously different that no one would care.

        Little did they realize that internet discussions go into seizure about names under all too many conditions.

    • karambahh 2 days ago

      Yeah, and especially as Vanta is adjacent... I think a rebranding is in order.

      Vanta (and the auditors they market) is a nice company I'm happy user of but I'm afraid they won't be too pleased with this.

      Your project is a pretty nice overview of what network level monitoring encompasses, I'd say it's more than a tool, it has obvious educational value. Would be sad to see it buried under naming issues.

  • idorube 2 days ago

    just please don't say "Founder/CEO of Vanta here" :-D

    • accrual 2 days ago

      Sometimes I like to think of myself as the CEO of my life. Why yes, I'm the CEO and make all critical decisions around Me, LLC. However, the founders have disvested and retired in another city. :)

  • christinac 2 days ago

    [flagged]

    • dantastic 2 days ago

      There are loads of companies having a trademark with Vanta in it and a lot of companies are also called Vanta "something". But they are in different sectors. Myself I think of the Finnish airport (Vantaa).

      I'm surprised that the Chicago equity firm didn't have vanta.com registered (they're on https://vantaglobal.com).

      You weren't even the first to have Vanta registered in your sector. Nvidia has that registered at one point but didn't use the name and it became "dead".

      All I'm saying really is that maybe you should look at yourself before you ask someone else to change their project's name.

    • the__alchemist 2 days ago

      Could you please clarify if you think this Github project is in the security/compliance space?

    • tonyhb 2 days ago

      Was going to post about your company compliance space (which we use and love). That naming conflict is rough and it's the first thing I had in mind.

  • mushufasa 2 days ago

    Note there's a popular cybersecurity company called "Vanta" to which they own the trademark, so the name probably should be changed to avoid confusion.

BobbyTables2 2 days ago

Now you’ll just have to figure out how to implement all of the vulnerabilities historically present in wireshark parsers! /s

  • lixiasky 2 days ago

    Haha, true to tradition, right?I’ll make sure to add an “Enable Historical CVEs” flag in the next release