Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/kanishkarj/snoopy

A highly configurable multi-threaded packet sniffer and parser build in rust-lang.
https://github.com/kanishkarj/snoopy

command-line-tool packet-capture packet-parsing packet-sniffer pcap-parser rust

Last synced: about 22 hours ago
JSON representation

A highly configurable multi-threaded packet sniffer and parser build in rust-lang.

Host: GitHub
URL: https://github.com/kanishkarj/snoopy
Owner: kanishkarj
License: mit
Created: 2019-06-26T18:54:51.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2020-09-07T17:22:03.000Z (over 4 years ago)
Last Synced: 2024-04-24T13:20:19.964Z (9 months ago)
Topics: command-line-tool, packet-capture, packet-parsing, packet-sniffer, pcap-parser, rust
Language: Rust
Homepage:
Size: 16.1 MB
Stars: 174
Watchers: 5
Forks: 17
Open Issues: 4
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-network-stuff - **120**星 - threaded packet sniffer and parser build in rust-lang. (<a id="7bf0f5839fb2827fdc1b93ae6ac7f53d"></a>工具 / <a id="32739127f0c38d61b14448c66a797098"></a>嗅探&&Sniff)

README

# Snoopy
[![Crates.io](https://img.shields.io/crates/v/snoopy.svg)](https://crates.io/crates/snoopy)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Build Status](https://travis-ci.com/kanishkarj/snoopy.svg?token=jy9kvPoUgCS7spyshyKq&branch=master)](https://travis-ci.com/kanishkarj/snoopy)

A highly configurable multi-threaded packet sniffer and parser build in rust-lang.

## Features

* Capturing packets and encoding them to Pcap files, or print them onto console.
* While capturing packets, various configuration parameters can be specified.
* Parse Pcap files and print them to console, or extract more verbose information from each packet and store them to JSON file.
* Multi-threaded parsing of packets.
* Filter packets while parsing and capturing.
* Currently supports the following protocols :
* Ethernet
* Ipv4
* Ipv6
* Arp
* Tcp
* Udp
* Dns
* Tls

the Json file is generated like given below :

```Json

[{
"Ok": {
"len": 11,
"timestamp": "1234567890.123456",
"headers": [{
"Tls": {
...
}
},
{
"Tcp": {
...
}
}, {
"Ipv4": {
...
}
}, {
"Ether": {
...
}
}
],
"remaining": [...]
}
},
...
]

```

## Installation

Ensure that you have `libpcap-dev` (ubuntu) or the corresponding package installed on your system.
Run the following commands in the command line inside the folder :

```zsh
cargo install snoopy
```

## Quick-Start

To Capture packets and print them onto the console :
```zsh
➜ sudo snoopy capture run
--------------------
Sniffing wlp3s0
--------------------

Source IP | Source Port | Dest IP | Dest Port | Protocol | Length | Timestamp |
------------------------------------------------------------------------------------------------------------------------------------
52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 10078 | 1562310108.589373
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 54 | 1562310108.589468
52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 10078 | 1562310108.890490
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 54 | 1562310108.890547
52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 1486 | 1562310109.197739
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 54 | 1562310109.197795
52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 1486 | 1562310109.197841
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 66 | 1562310109.197865
52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 2918 | 1562310109.197887
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 74 | 1562310109.197906
52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 1486 | 1562310109.197965
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 74 | 1562310109.197984
35.154.102.71 | 443 | 10.20.197.103 | 56572 | Tls | 160 | 1562310109.262324
10.20.197.103 | 56572 | 35.154.102.71 | 443 | Tcp | 66 | 1562310109.262383
```

Capture packets and save them to Pcap files :

```shell
➜ sudo snoopy capture run --timeout 10000 --savefile captured.pcap
```

> Note: For capturing packets the user needs root user permissions to capture network packets.

Parse Pcap files and print to console:

```shell
➜ snoopy parse ./Sample/captured.pcap
```

Parse Pcap files and print to console (with filters):

```shell
➜ snoopy parse ./Sample/captured.pcap --filter "tcp port 443"
```

> The above command will print all TCP packets with source/destination port 443.

Parse Pcap files and save to JSON file:

```shell
➜ snoopy parse ./Sample/captured.pcap --savefile ./parsed.json
```

## Documentation

All commands and sub-commands are listed below :

```zsh
USAGE:
snoopy [SUBCOMMAND]

FLAGS:
-h, --help Prints help information
-V, --version Prints version information

SUBCOMMANDS:
capture Capture packets from interfaces.
help Prints this message or the help of the given subcommand(s)
parse Parse pcap files.

```
```zsh
USAGE:
snoopy capture [SUBCOMMAND]

FLAGS:
-h, --help Prints help information
-V, --version Prints version information

SUBCOMMANDS:
help Prints this message or the help of the given subcommand(s)
list List all interfaces.
run Start capturing packets.
```
```zsh
USAGE:
snoopy capture run [FLAGS] [OPTIONS]

FLAGS:
-h, --help Prints help information
-p, --promisc Set promiscuous mode on or off. By default, this is off.
-r, --rfmon Set rfmon mode on or off. The default is maintained by pcap.
-V, --version Prints version information

OPTIONS:
-b, --buffer_size Set the buffer size for incoming packet data. The default is 1000000. This should
always be larger than the snaplen.
--handle Specify the device interface
-f, --filter Set filter to the capture using the given BPF program string.
--precision Set the time stamp precision returned in captures (Micro/Nano).
--savefile Save the captured packets to file.
-s, --snaplen Set the snaplen size (the maximum length of a packet captured into the buffer).
Useful if you only want certain headers, but not the entire packet.The default is
65535.
-t, --timeout Set the read timeout for the Capture. By default, this is 0, so it will block
indefinitely.
--tstamp_type Set the time stamp type to be used by a capture device (Host / HostLowPrec /
HostHighPrec / Adapter / AdapterUnsynced).

```
```zsh
USAGE:
snoopy parse [OPTIONS]

FLAGS:
-h, --help Prints help information
-V, --version Prints version information

OPTIONS:
-f, --filter Set filter to the capture using the given BPF program string.
-s, --savefile Parse the packets into JSON and save them to memory.

ARGS:

```

> Note: The filters can be defined according to the syntax specified [here](http://biot.com/capstats/bpf.html).

## Docker

Run the following commands in the command line inside the folder :

```zsh
docker build -t snoopy .
docker container run -it snoopy
```

## Build

Run the following command in the command line inside the folder :

```zsh
cargo build
```

## Todo

* Benchmarking
* Support for other protocols

## License

This project is under the MIT license.