{"id":13437049,"url":"https://github.com/kpcyrd/sniffglue","last_synced_at":"2025-05-13T23:10:28.955Z","repository":{"id":39987726,"uuid":"103294928","full_name":"kpcyrd/sniffglue","owner":"kpcyrd","description":"Secure multithreaded packet sniffer","archived":false,"fork":false,"pushed_at":"2025-01-24T10:48:27.000Z","size":1016,"stargazers_count":1184,"open_issues_count":16,"forks_count":98,"subscribers_count":19,"default_branch":"main","last_synced_at":"2025-04-03T05:30:16.501Z","etag":null,"topics":["network","pcap","rust","sandboxed","sniffer"],"latest_commit_sha":null,"homepage":"https://crates.io/crates/sniffglue","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kpcyrd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["kpcyrd"],"patreon":"kpcyrd"}},"created_at":"2017-09-12T16:26:24.000Z","updated_at":"2025-04-01T02:57:05.000Z","dependencies_parsed_at":"2023-12-13T22:39:51.306Z","dependency_job_id":"7a3bde54-8b69-4b4b-ad0b-a0f0fbb68191","html_url":"https://github.com/kpcyrd/sniffglue","commit_stats":{"total_commits":271,"total_committers":11,"mean_commits":"24.636363636363637","dds":"0.047970479704797064","last_synced_commit":"0d7ee0c31a20343ede92d6a9cfa7362f8ec54acd"},"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpcyrd%2Fsniffglue","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpcyrd%2Fsniffglue/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpcyrd%2Fsniffglue/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpcyrd%2Fsniffglue/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kpcyrd","download_url":"https://codeload.github.com/kpcyrd/sniffglue/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248200589,"owners_count":21063926,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["network","pcap","rust","sandboxed","sniffer"],"created_at":"2024-07-31T03:00:53.988Z","updated_at":"2025-04-10T10:44:11.193Z","avatar_url":"https://github.com/kpcyrd.png","language":"Rust","funding_links":["https://github.com/sponsors/kpcyrd","https://patreon.com/kpcyrd"],"categories":["应用","Applications","Tools","\u003ca id=\"79499aeece9a2a9f64af6f61ee18cbea\"\u003e\u003c/a\u003e浏览嗅探\u0026\u0026流量拦截\u0026\u0026流量分析\u0026\u0026中间人","Rust","Web and Cloud Security","\u003ca id=\"7bf0f5839fb2827fdc1b93ae6ac7f53d\"\u003e\u003c/a\u003e工具","应用 Applications","2. [↑](#-content) Pentesting","应用程序 Applications","Network Tools","Network","Projects"],"sub_categories":["Security tools","Binary files examination and editing","\u003ca id=\"99398a5a8aaf99228829dadff48fb6a7\"\u003e\u003c/a\u003e未分类-Network","Pentesting","\u003ca id=\"32739127f0c38d61b14448c66a797098\"\u003e\u003c/a\u003e嗅探\u0026\u0026Sniff","安全工具 Security tools","安全工具","2.6 [↑](#-content) Network","Protocol Analyzers and Sniffers","Network Tools","Protocol Analyzers / Sniffers"],"readme":"# sniffglue [![Build Status][travis-img]][travis] [![Crates.io][crates-img]][crates]\n\n[travis-img]:   https://travis-ci.org/kpcyrd/sniffglue.svg?branch=master\n[travis]:       https://travis-ci.org/kpcyrd/sniffglue\n[crates-img]:   https://img.shields.io/crates/v/sniffglue.svg\n[crates]:       https://crates.io/crates/sniffglue\n\nsniffglue is a network sniffer written in rust. Network packets are parsed concurrently\nusing a thread pool to utilize all cpu cores. Project goals are that you can\nrun sniffglue securely on untrusted networks and that it must not crash\nwhen processing packets. The output should be as useful as possible by default.\n\n![screenshot](docs/screenshot.png)\n\n## Usage\n\n    # sniff with default filters (dhcp, dns, tls, http)\n    sniffglue enp0s25\n    # increase the filter sensitivity (arp)\n    sniffglue -v enp0s25\n    # increase the filter sensitivity (cjdns, ssdp, dropbox, packets with valid utf8)\n    sniffglue -vv enp0s25\n    # almost everything\n    sniffglue -vvv enp0s25\n    # everything\n    sniffglue -vvvv enp0s25\n\n## Installation\n\n\u003ca href=\"https://repology.org/project/sniffglue/versions\"\u003e\u003cimg align=\"right\" src=\"https://repology.org/badge/vertical-allrepos/sniffglue.svg\" alt=\"Packaging status\"\u003e\u003c/a\u003e\n\n### Arch Linux\n\n    pacman -S sniffglue\n\n### Mac OSX\n\n    brew install sniffglue\n\n### Debian/Ubuntu/Kali\n\nFirst included in debian bullseye, ubuntu 21.04.\n\n    apt install sniffglue\n\n### Alpine\n\n    apk add sniffglue\n\n### Gentoo\n\n    layman -a pentoo\n    emerge --ask net-analyzer/sniffglue\n\n### NixOS\n\n    nix-env -i sniffglue\n\n### GNU Guix\n\n    guix install sniffglue\n\n### Fedora/RHEL/CentOS/CentOS Stream\n\n    dnf copr enable atim/sniffglue -y\n    dnf install sniffglue\n\n### From source\n\nTo build from source make sure you have libpcap and libseccomp installed. On\ndebian based systems:\n\n    # install the dependencies\n    sudo apt install libpcap-dev libseccomp-dev\n    # install rust with rustup\n    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh\n    source $HOME/.cargo/env\n    # install sniffglue and test it\n    cargo install sniffglue\n    sniffglue --help\n\nOr you can build a Debian package via [cargo-deb](https://github.com/mmstick/cargo-deb):\n\n    cargo deb\n\n## Protocols\n\n- [X] ethernet\n- [X] ipv4\n- [X] ipv6\n- [X] arp\n- [X] tcp\n- [X] udp\n- [X] icmp\n- [X] http\n- [X] tls\n- [X] dns\n- [X] dhcp\n- [X] cjdns eth beacons\n- [X] ssdp\n- [X] dropbox beacons\n- [X] ppp\n- [ ] 802.11\n\n## Docker\n\nYou can build sniffglue as a docker image to debug container setups. The image\nis currently about 11.1MB. It is recommended to push it to your own registry.\n\n    docker build -t sniffglue .\n    docker run -it --init --rm --net=host sniffglue eth0\n\n### Building documentation\n\n    scdoc \u003c docs/sniffglue.1.scd \u003e docs/sniffglue.1\n\n## Security\n\nTo report a security issue please contact kpcyrd on ircs://irc.hackint.org.\n\n### Seccomp\n\nTo ensure a compromised process doesn't compromise the system, sniffglue uses\nseccomp to restrict the syscalls that can be used after the process started.\nThis is done in two stages, first at the very beginning (directly after\nenv\\_logger initialized) and once after the sniffer has been setup, but before\npackets are read from the network.\n\n### Hardening\n\nDuring the second stage, there's also some general hardening that is applied\nbefore all unneeded syscalls are finally disabled. Those are system specific,\nso a configuration file is read from `/etc/sniffglue.conf`. This config\nfile specifies an empty directory for `chroot` and an unprivileged account\nin `user` that is used to drop root privileges.\n\n### boxxy-rs\n\nThis project includes a small [boxxy-rs] based shell that can be used to\nexplore the sandbox at various stages during and after initialization. This is\nalso used by travis to ensure the sandbox actually blocks syscalls.\n\n    cargo run --example boxxy\n\n[boxxy-rs]: https://github.com/kpcyrd/boxxy-rs\n\n### Reproducible builds\n\nThis project is tested using reprotest. Currently the following variations are\nexcluded:\n\n- `-time` - needed because the crates.io cert expires in the future\n- `-domain_host` - requires root for unshare(2) and has been excluded\n\nDon't forget to install the build dependencies.\n\n    ci/reprotest.sh\n\n### Fuzzing\n\nThe packet processing of sniffglue can be fuzzed using [cargo-fuzz].\nEverything you should need is provided in the `fuzz/` directory that is\ndistributed along with its source code. Please note that this program links\nto libpcap which is not included in the current fuzzing configuration.\n\n    cargo fuzz run read_packet\n\n[cargo-fuzz]: https://github.com/rust-fuzz/cargo-fuzz\n\n## License\n\nGPLv3+\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkpcyrd%2Fsniffglue","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkpcyrd%2Fsniffglue","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkpcyrd%2Fsniffglue/lists"}