{"id":13826526,"url":"https://github.com/kanishkarj/snoopy","last_synced_at":"2025-04-06T22:09:51.086Z","repository":{"id":57667831,"uuid":"193961390","full_name":"kanishkarj/snoopy","owner":"kanishkarj","description":"A highly configurable multi-threaded packet sniffer and parser build in rust-lang.","archived":false,"fork":false,"pushed_at":"2020-09-07T17:22:03.000Z","size":16837,"stargazers_count":174,"open_issues_count":4,"forks_count":17,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-04-24T13:20:19.964Z","etag":null,"topics":["command-line-tool","packet-capture","packet-parsing","packet-sniffer","pcap-parser","rust"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kanishkarj.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-06-26T18:54:51.000Z","updated_at":"2024-04-24T09:32:02.000Z","dependencies_parsed_at":"2022-09-07T17:34:06.723Z","dependency_job_id":null,"html_url":"https://github.com/kanishkarj/snoopy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kanishkarj%2Fsnoopy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kanishkarj%2Fsnoopy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kanishkarj%2Fsnoopy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kanishkarj%2Fsnoopy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kanishkarj","download_url":"https://codeload.github.com/kanishkarj/snoopy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247557767,"owners_count":20958047,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["command-line-tool","packet-capture","packet-parsing","packet-sniffer","pcap-parser","rust"],"created_at":"2024-08-04T09:01:39.724Z","updated_at":"2025-04-06T22:09:51.060Z","avatar_url":"https://github.com/kanishkarj.png","language":"Rust","readme":"# Snoopy\n[![Crates.io](https://img.shields.io/crates/v/snoopy.svg)](https://crates.io/crates/snoopy) \n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![Build Status](https://travis-ci.com/kanishkarj/snoopy.svg?token=jy9kvPoUgCS7spyshyKq\u0026branch=master)](https://travis-ci.com/kanishkarj/snoopy)\n\nA highly configurable multi-threaded packet sniffer and parser build in rust-lang. \n\n## Features\n\n* Capturing packets and encoding them to Pcap files, or print them onto console.\n* While capturing packets, various configuration parameters can be specified. \n* Parse Pcap files and print them to console, or extract more verbose information from each packet and store them to JSON file.\n* Multi-threaded parsing of packets.\n* Filter packets while parsing and capturing.\n* Currently supports the following protocols :\n * Ethernet\n * Ipv4\n * Ipv6\n * Arp\n * Tcp\n * Udp\n * Dns\n * Tls\n\nthe Json file is generated like given below : \n\n```Json\n\n[{\n \"Ok\": {\n \"len\": 11,\n \"timestamp\": \"1234567890.123456\",\n \"headers\": [{\n \"Tls\": {\n ...\n }\n },\n {\n \"Tcp\": {\n ...\n }\n }, {\n \"Ipv4\": {\n ...\n }\n }, {\n \"Ether\": {\n ...\n }\n }\n ],\n \"remaining\": [...]\n }\n},\n...\n]\n\n```\n\n## Installation\n\nEnsure that you have `libpcap-dev` (ubuntu) or the corresponding package installed on your system.\nRun the following commands in the command line inside the folder : \n\n```zsh\ncargo install snoopy\n```\n\n## Quick-Start\n\nTo Capture packets and print them onto the console : \n```zsh\n➜ sudo snoopy capture run \n--------------------\nSniffing wlp3s0\n-------------------- \n\n\nSource IP | Source Port | Dest IP | Dest Port | Protocol | Length | Timestamp |\n------------------------------------------------------------------------------------------------------------------------------------\n52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 10078 | 1562310108.589373 \n10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 54 | 1562310108.589468 \n52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 10078 | 1562310108.890490 \n10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 54 | 1562310108.890547 \n52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 1486 | 1562310109.197739 \n10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 54 | 1562310109.197795 \n52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 1486 | 1562310109.197841 \n10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 66 | 1562310109.197865 \n52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 2918 | 1562310109.197887 \n10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 74 | 1562310109.197906 \n52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 1486 | 1562310109.197965 \n10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 74 | 1562310109.197984 \n35.154.102.71 | 443 | 10.20.197.103 | 56572 | Tls | 160 | 1562310109.262324 \n10.20.197.103 | 56572 | 35.154.102.71 | 443 | Tcp | 66 | 1562310109.262383 \n```\n\nCapture packets and save them to Pcap files :\n\n```shell\n➜ sudo snoopy capture run --timeout 10000 --savefile captured.pcap\n```\n\n\u003e Note: For capturing packets the user needs root user permissions to capture network packets.\n\nParse Pcap files and print to console:\n\n```shell\n➜ snoopy parse ./Sample/captured.pcap\n```\n\nParse Pcap files and print to console (with filters):\n\n```shell\n➜ snoopy parse ./Sample/captured.pcap --filter \"tcp port 443\"\n```\n\n\u003e The above command will print all TCP packets with source/destination port 443.\n\n\nParse Pcap files and save to JSON file:\n\n```shell\n➜ snoopy parse ./Sample/captured.pcap --savefile ./parsed.json\n```\n\n## Documentation\n\nAll commands and sub-commands are listed below : \n\n```zsh\nUSAGE:\n snoopy [SUBCOMMAND]\n\nFLAGS:\n -h, --help Prints help information\n -V, --version Prints version information\n\nSUBCOMMANDS:\n capture Capture packets from interfaces.\n help Prints this message or the help of the given subcommand(s)\n parse Parse pcap files.\n\n```\n```zsh\nUSAGE:\n snoopy capture [SUBCOMMAND]\n\nFLAGS:\n -h, --help Prints help information\n -V, --version Prints version information\n\nSUBCOMMANDS:\n help Prints this message or the help of the given subcommand(s)\n list List all interfaces.\n run Start capturing packets.\n```\n```zsh\nUSAGE:\n snoopy capture run [FLAGS] [OPTIONS]\n\nFLAGS:\n -h, --help Prints help information\n -p, --promisc Set promiscuous mode on or off. By default, this is off.\n -r, --rfmon Set rfmon mode on or off. The default is maintained by pcap.\n -V, --version Prints version information\n\nOPTIONS:\n -b, --buffer_size \u003cbuffer_size\u003e Set the buffer size for incoming packet data. The default is 1000000. This should\n always be larger than the snaplen.\n --handle \u003cdevice_handle\u003e Specify the device interface\n -f, --filter \u003cfilter\u003e Set filter to the capture using the given BPF program string.\n --precision \u003cprecision\u003e Set the time stamp precision returned in captures (Micro/Nano).\n --savefile \u003csavefile\u003e Save the captured packets to file.\n -s, --snaplen \u003csnaplen\u003e Set the snaplen size (the maximum length of a packet captured into the buffer).\n Useful if you only want certain headers, but not the entire packet.The default is\n 65535.\n -t, --timeout \u003ctimeout\u003e Set the read timeout for the Capture. By default, this is 0, so it will block\n indefinitely.\n --tstamp_type \u003ctstamp_type\u003e Set the time stamp type to be used by a capture device (Host / HostLowPrec /\n HostHighPrec / Adapter / AdapterUnsynced).\n\n```\n```zsh\nUSAGE:\n snoopy parse [OPTIONS] \u003cfile_name\u003e\n\nFLAGS:\n -h, --help Prints help information\n -V, --version Prints version information\n\nOPTIONS:\n -f, --filter \u003cfilter\u003e Set filter to the capture using the given BPF program string.\n -s, --savefile \u003csavefile\u003e Parse the packets into JSON and save them to memory.\n\nARGS:\n \u003cfile_name\u003e \n```\n\n\u003e Note: The filters can be defined according to the syntax specified [here](http://biot.com/capstats/bpf.html).\n\n## Docker\n\nRun the following commands in the command line inside the folder : \n\n```zsh\ndocker build -t snoopy .\ndocker container run -it snoopy\n```\n\n## Build\n\nRun the following command in the command line inside the folder : \n\n```zsh\ncargo build\n```\n\n## Todo\n\n* Benchmarking\n* Support for other protocols\n\n## License\n\nThis project is under the MIT license.","funding_links":[],"categories":["\u003ca id=\"7bf0f5839fb2827fdc1b93ae6ac7f53d\"\u003e\u003c/a\u003e工具","Rust"],"sub_categories":["\u003ca id=\"32739127f0c38d61b14448c66a797098\"\u003e\u003c/a\u003e嗅探\u0026\u0026Sniff"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkanishkarj%2Fsnoopy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkanishkarj%2Fsnoopy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkanishkarj%2Fsnoopy/lists"}