{"id":19713096,"url":"https://github.com/zz85/packet_radar","last_synced_at":"2025-06-21T09:37:22.934Z","repository":{"id":37888411,"uuid":"199153527","full_name":"zz85/packet_radar","owner":"zz85","description":"Realtime Network Analysis and Visualization","archived":false,"fork":false,"pushed_at":"2024-07-22T18:14:48.000Z","size":503,"stargazers_count":7,"open_issues_count":1,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-29T18:49:31.233Z","etag":null,"topics":["network","packet","realtime","rust","visualization"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zz85.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-07-27T11:02:04.000Z","updated_at":"2024-06-12T09:33:57.000Z","dependencies_parsed_at":"2024-06-12T11:56:21.040Z","dependency_job_id":"e20303a1-8567-462f-9eca-7596ce485866","html_url":"https://github.com/zz85/packet_radar","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zz85/packet_radar","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zz85%2Fpacket_radar","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zz85%2Fpacket_radar/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zz85%2Fpacket_radar/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zz85%2Fpacket_radar/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zz85","download_url":"https://codeload.github.com/zz85/packet_radar/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zz85%2Fpacket_radar/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261101475,"owners_count":23109857,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["network","packet","realtime","rust","visualization"],"created_at":"2024-11-11T22:19:34.741Z","updated_at":"2025-06-21T09:37:17.923Z","avatar_url":"https://github.com/zz85.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Packet Radar\n\nPacket Radar is an experimental realtime network traffic analyzer and visualizer.\n\nIt captures packets like pcap and displays the information in various ways like wireshark.\n\n- packet fight viz - visualizes and animates packets transferring between hosts.\n- packet stats - a dashboard showing real-time network telemetry like data rates.\n- packet top - shows top connections\n- packet tail - a simple packet log viewer\n\nThis started as a weekend project project for\n- playing around with rust\n- exploring and understanding some network protocol details\n- playing around with visualizations, animations and simulations\n\nIf you like this, you may also be interested in [Space Rader](https://github.com/zz85/space-radar), a disk space visualization app.\n\nCore code is written in rust, Visualization UI is done with Canvas + JS.\n\n### Utilities\n\n`ja4dump` - like tcpdump but for JA4 TLS client fingerprinting\n`ja4top` - shows ja4 and associated processes\n\n### Building\n\n```\n### If you need to install rust\ncurl https://sh.rustup.rs -sSf | sh\n\n### Compile and run\ncargo run\n\n### On Linux Kernel \u003e= 2.2\ncargo build\nsudo setcap cap_net_raw,cap_net_admin=eip target/debug/packet_radar\ncargo run\n\n(s/debug/release if --release)\n\n### Or if you require sudo\ncargo build\nsudo target/debug/packet_radar -m\n\n(s/debug/release if `--release`)\n```\n\n### Technical\n\nThere are 3 ways packets are processed -\n1. using pcap lib\n2. using pnet datalink\n3. using pcapng parsing\n\nThe main module parses the network packets, depending on what protocol has been implemented.\nSome state is kept in statically, while tcp+udp packets as well as JA4 events are emitted via\na crossbeam mpsc channel.\n\nThe evented model allows writing isolated experiments by rebuilding state while collecting events.\nOne example is ja4dump, and others through the web visualization that's basically a broadcast of\nthe mpsc channels proxied over websockets to the browser.\n\nAnother way to write modules is to access the shared state. One example is ja4top.\n\nOr a module who take a combination of both. One example is processes rs where it build it own \"top\"\nstate, but it also has the ability to access the shared connection states to enrich it with process\ninfomation.\n\n### Visualization\n\n```\nopen `html/packet_viz.html` in your browser\n```\n\n### Contributors\n\n- Joshua Koo\n- Yang Bin Kwok\n\n### Related projects\n- https://github.com/kpcyrd/sniffglue\n- https://github.com/imsnif/bandwhich\n\n\n### ChangeLog\nJun 5, 2024 - basic QUIC client hello parsing (available in packet_radar, ja4dump, ja4top)\n\nMay 24, 2024 - Ability to read from pcap file or stdin (eg. sudo tcpdump -w - | sudo packet_radar -p -  ).\nOn macs, tcpdump using pktap will provide process id information during packet capture.\nThis method requires sudo, but for unprivileged users, the lsof method will be the fallback.\n\n### IDEAs / TODO\n- [x] DNS resolution\n- [x] Find local addresses\n- [x] Ping / ICMP Traceroute probes\n- [ ] TCP/UDP trace probes\n- [x] Traffic categorization (UDP, TCP,..\n- [x] TLS, QUIC)\n- [x] DNS capture\n- [ ] RTT / light distance Analysis\n- [ ] Packet replay\n- [ ] Terminal interface\n- [ ] Visual traceroute\n- [-] Geoip / ASN breakdown\n- [ ] Whois / What's my ip whatsmyip\n- [ ] SSL Key log decoding\n- [x] TLS Parsing and Fingerprinting\n   - [x] JA4 Fingerprinting stats by processes\n   - [ ] TLS Stats\n- [-] Quic Packet Parsing\n- [ ] Sankey diagrams\n- [x] Netstat / Socket listings\n- [x] Break connections by processes - Top process bandwidth\n- [x] Top connection/processes by bandwidth\n- [ ] Viz: breakdown by processes\n- [ ] Metadata mapping\n- [ ] Plugable architecture\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzz85%2Fpacket_radar","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzz85%2Fpacket_radar","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzz85%2Fpacket_radar/lists"}