10 releases
| 0.3.2 | Jul 19, 2024 |
|---|---|
| 0.3.1 | Jul 19, 2024 |
| 0.1.6 | Jul 5, 2024 |
#1151 in Network programming
75KB
1.5K
SLoC
Layer 7 Packet Analyzer
Overview
layer7_packet_analyzer is a Rust crate for parsing and analyzing various Layer 7 (application layer) network protocols. It supports protocols such as DNS, TLS, DHCP, HTTP, Modbus, NTP, and Bitcoin.
Features
- Parse and analyze Layer 7 network protocols.
- Supports multiple protocols: DNS, TLS, DHCP, HTTP, Modbus, NTP, and Bitcoin.
- Provides data structures and functions for easy packet analysis.
Usage
Add layer7_packet_analyzer to your Cargo.toml:
[dependencies]
layer7_packet_analyzer = "0.1.0"
Example
Here is a basic example of how to use this crate to parse Layer 7 packet information:
use layer7_packet_analyzer::parse_layer_7_infos;
let packet: &[u8] = &[/* raw packet data */];
match parse_layer_7_infos(packet) {
Some(info) => println!("Parsed Layer 7 Info: {}", info),
None => println!("Unable to parse the packet."),
}
Parsing Specific Protocols
You can also parse specific protocols directly using the respective modules. Here's an example for parsing a TLS packet:
use layer7_packet_analyzer::packet::tls::{parse_tls_packet, TlsPacket};
let tls_packet_data: &[u8] = &[/* raw TLS packet data */];
match parse_tls_packet(tls_packet_data) {
Ok(tls_packet) => println!("Parsed TLS Packet: {:?}", tls_packet),
Err(e) => println!("Failed to parse TLS packet: {}", e),
}
Modules
packet
The packet module contains submodules for each supported protocol. Each submodule provides the necessary functions to parse the protocol's packets and the data structures representing the parsed data.
Example Modules
dns: Functions and structures for parsing DNS packets.tls: Functions and structures for parsing TLS packets.dhcp: Functions and structures for parsing DHCP packets.http: Functions and structures for parsing HTTP requests.modbus: Functions and structures for parsing Modbus packets.ntp: Functions and structures for parsing NTP packets.bitcoin: Functions and structures for parsing Bitcoin packets.
Structs and Enums
Layer7Info
Represents the possible layer 7 information that can be parsed.
use layer7_packet_analyzer::packet::{
bitcoin::{parse_bitcoin_packet, BitcoinPacket},
dhcp::{parse_dhcp_packet, DhcpPacket},
dns::{parse_dns_packet, DnsPacket},
http::{parse_http_request, HttpRequest},
modbus::{parse_modbus_packet, ModbusPacket},
ntp::{parse_ntp_packet, NtpPacket},
tls::{parse_tls_packet, TlsPacket},
};
#[derive(Debug)]
pub enum Layer7Info {
DnsPacket(DnsPacket),
TlsPacket(TlsPacket),
DhcpPacket(DhcpPacket),
HttpRequest(HttpRequest),
ModbusPacket(ModbusPacket),
NtpPacket(NtpPacket),
BitcoinPacket(BitcoinPacket),
None,
}
Layer7Infos
Contains information about the layer 7 protocol and its parsed data.
Examples
Parse a TLS Packet
use layer7_packet_analyzer::parse_layer_7_infos;
let tls_payload = vec![22, 3, 3, 0, 5, 1, 2, 3, 4, 5]; // Example TLS payload
let result = parse_layer_7_infos(&tls_payload);
match result {
Some(layer_7_infos) => println!("Parsed Info: {}", layer_7_infos),
None => println!("Failed to parse the packet."),
}
Parse a DNS Packet
use layer7_packet_analyzer::parse_layer_7_infos;
let dns_payload = vec![
0xdd, 0xc7, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x77, 0x77, 0x77,
0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, 0x01
]; // Example DNS payload
let result = parse_layer_7_infos(&dns_payload);
match result {
Some(layer_7_infos) => println!("Parsed Info: {}", layer_7_infos),
None => println!("Failed to parse the packet."),
}
License
This project is licensed under the MIT License. See the LICENSE file for details.
Dependencies
~0.8–1.7MB
~36K SLoC