2 stable releases
1.0.2 | Sep 4, 2022 |
---|
#17 in #network-programming
3MB
2.5K
SLoC
Packet-Snooper
packet_snooper
is a cross-platform library to analyze network traffic data written using the Rust Programming Language.
It's available on Windows and UNIX-like Operating Systems such as Linux and macOS.
It was developed as part of a University project (Politecnico of Turin, Italy. "System and Device Programming". Year 2022).
Setup / Install
Installing dependencies
- Windows
Install WinPcap.
Download the WinPcap Developer's Pack.
Add the /Lib or /Lib/x64 folder to your LIB environment variable.
- Linux
Install the libraries and header files for the libpcap library. For example:
On Debian based Linux: install libpcap-dev.
On Fedora Linux: install libpcap-devel.
Note: If not running as root, you need to set capabilities like so: sudo setcap cap_net_raw,cap_net_admin=eip path/to/bin.
- Mac OS X
libpcap should be installed on Mac OS X by default.
Additional Info
Note: A timeout of zero may cause pcap::Capture::next to hang and never return (because it waits for the timeout to expire before returning). This can be fixed by using a non-zero timeout (as the libpcap manual recommends) and calling pcap::Capture::next in a loop.
TCP/IP Architecture Support
Layer 2
full-support: EthernetII
identification: Ethernet802.3
future support: ()
Layer 3 (Ethernet field "EtherType". IEEE 802.3)
full-support: IPv4, (IPv6), IPv6HopByHop
identification: ARP
future support: ()
Layer 4 ("Protocol Type" field of L3 protocols)
full-support: UDP, (TCP)
identification: (). Others: IGMP, ICMPv4, ICMPv6
future support: ()
Upper Layers
full-support: ()
identification: FTP=20, SSH=22, SMPT=23, DNS=53, HTTP=80, POP3=110
SFTP=115, SNMP=161, BGP=179, HTTPS=443
future support: ()
Architecture Overview & Internal State Machine design
Technologies Used
- Main programming Language: Rust
- Version Control, Team Work: Git, GitHub
Libraries (rust crates) used
- pcap
- serde
- serde_json
Authors
- Alberto Foti
- Samuele Giannetto