Lib.rs

Network programming
#capture #packet #networking #pcap #sniffing

wiretap

Basic packet capture library built on parallelism

by kmanc

6 releases (3 breaking)

0.4.0 Sep 12, 2023
0.3.2 Sep 11, 2023
0.3.1 Aug 30, 2023
0.3.0 Jul 1, 2023
0.1.0 May 27, 2023

#4 in #sniffing

23 downloads per month

MIT license

20KB
384 lines

wiretap

lib.rs:

wiretap

wiretap wraps lower level networking and concurency libraries to make packet capture easier in Rust programs

Examples

Capture-then-process

This basic example shows how to capture packets and later do something with the TCP ones

use wiretap;
use std::{thread, time};

fn main() {
    // Create a new PacketCapture with the "lo" interface
    let pc = wiretap::PacketCapture::new_from_interface("lo").unwrap();
    // Start a capture on that interface
    let pc = pc.start_capture();
    // Do something useful, probably
    thread::sleep(time::Duration::from_secs(15));
    // Stop the capture
    let pc = pc.stop_capture();
    // Get the resulting TCP packets
    let output = pc.results_as_tcp();
    // Do something with them
    println!("Captured {} TCP packets", output.len());
    for out in output.iter() {
        println!("{:?}", out.payload());
}

Process-while-capturing

This basic example shows how to process packets with a callback as they are captured

use wiretap;
use std::{thread, time};

// Print the SrcIP:SrcPort --> DestIP:DestPort
fn print_to_from(bytes: Vec<u8>) {
    // Make sure the payload represents an EthernetPacket
    if let Some(ethernet_packet) = wiretap::EthernetPacket::new(&bytes) {
        // Make sure the EthernetPacket payload represents an Ipv4Packet
        if let Some(ipv4_packet) = Ipv4Packet::new(ethernet_packet.payload()) {
            // Make sure the Ipv4Packet payload represents an TcpPacket
            if let Some(tcp_packet) = TcpPacket::new(ipv4_packet.payload()) {
                // Print out the interesting information
                println!("Packet: {}:{} --> {}:{}", ipv4_packet.get_source(), tcp_packet.get_source(), ipv4_packet.get_destination(), tcp_packet.get_destination() )
            }
        }
    }
}

fn main() {
    // Create a new PacketCapture with the default interface
    let pc = wiretap::PacketCapture::new_with_default().unwrap();
    // Start a capture on that interface
    let pc = pc.start_live_process(print_to_from);
    // Stuff happens
    thread::sleep(time::Duration::from_secs(15));
    // Stop the capture
    started.stop_capture();
}

Dependencies

~4–5.5MB
~105K SLoC