#packet #networking #capture #analysis #operating-systems

bin+lib packet_snooper

A crossplatform multithreaded framework to capture and analyze packets

2 stable releases

1.0.2 Sep 4, 2022

#17 in #network-programming

MIT license

3MB
2.5K SLoC

Packet-Snooper

License: MIT Rust-Workflow

packet_snooper is a cross-platform library to analyze network traffic data written using the Rust Programming Language.

It's available on Windows and UNIX-like Operating Systems such as Linux and macOS.

It was developed as part of a University project (Politecnico of Turin, Italy. "System and Device Programming". Year 2022).

Setup / Install

Installing dependencies

  • Windows

Install WinPcap.

Download the WinPcap Developer's Pack.

Add the /Lib or /Lib/x64 folder to your LIB environment variable.

  • Linux

Install the libraries and header files for the libpcap library. For example:

On Debian based Linux: install libpcap-dev.
On Fedora Linux: install libpcap-devel.

Note: If not running as root, you need to set capabilities like so: sudo setcap cap_net_raw,cap_net_admin=eip path/to/bin.

  • Mac OS X

libpcap should be installed on Mac OS X by default.

Additional Info

Note: A timeout of zero may cause pcap::Capture::next to hang and never return (because it waits for the timeout to expire before returning). This can be fixed by using a non-zero timeout (as the libpcap manual recommends) and calling pcap::Capture::next in a loop.

TCP/IP Architecture Support

Layer 2

full-support: EthernetII
identification: Ethernet802.3
future support: ()

Layer 3 (Ethernet field "EtherType". IEEE 802.3)

full-support: IPv4, (IPv6), IPv6HopByHop
identification: ARP
future support: ()

Layer 4 ("Protocol Type" field of L3 protocols)

full-support: UDP, (TCP)
identification: (). Others: IGMP, ICMPv4, ICMPv6
future support: ()

Upper Layers

full-support: ()
identification: FTP=20, SSH=22, SMPT=23, DNS=53, HTTP=80, POP3=110
                SFTP=115, SNMP=161, BGP=179, HTTPS=443
future support: ()

Architecture Overview & Internal State Machine design

Technologies Used

  • Main programming Language: Rust
  • Version Control, Team Work: Git, GitHub

Libraries (rust crates) used

  • pcap
  • serde
  • serde_json

Authors

  • Alberto Foti
  • Samuele Giannetto

Dependencies