Lib.rs

Network programming
#packet #networking #capture #pcap #sniffing

wiretap

Basic packet capture library built on parallelism

by Kevin Conley

7 releases (4 breaking)

0.5.0 Aug 4, 2024
0.4.0 Sep 12, 2023
0.3.2 Sep 11, 2023
0.3.1 Aug 30, 2023
0.1.0 May 27, 2023

#1484 in Network programming

Download history 120/week @ 2024-08-03 5/week @ 2024-08-10 5/week @ 2024-09-14 18/week @ 2024-09-21 20/week @ 2024-09-28 2/week @ 2024-10-05

310 downloads per month

MIT license

20KB
384 lines

wiretap

lib.rs:

wiretap

wiretap wraps lower level networking and concurency libraries to make packet capture easier in Rust programs

Examples

Capture-then-process

This basic example shows how to capture packets and later do something with the TCP ones

use wiretap;
use std::{thread, time};

fn main() {
    // Create a new PacketCapture with the "lo" interface
    let pc = wiretap::PacketCapture::new_from_interface("lo").unwrap();
    // Start a capture on that interface
    let pc = pc.start_capture();
    // Do something useful, probably
    thread::sleep(time::Duration::from_secs(15));
    // Stop the capture
    let pc = pc.stop_capture();
    // Get the resulting TCP packets
    let output = pc.results_as_tcp();
    // Do something with them
    println!("Captured {} TCP packets", output.len());
    for out in output.iter() {
        println!("{:?}", out.payload());
}

Process-while-capturing

This basic example shows how to process packets with a callback as they are captured

use wiretap;
use std::{thread, time};

// Print the SrcIP:SrcPort --> DestIP:DestPort
fn print_to_from(bytes: Vec<u8>) {
    // Make sure the payload represents an EthernetPacket
    if let Some(ethernet_packet) = wiretap::EthernetPacket::new(&bytes) {
        // Make sure the EthernetPacket payload represents an Ipv4Packet
        if let Some(ipv4_packet) = Ipv4Packet::new(ethernet_packet.payload()) {
            // Make sure the Ipv4Packet payload represents an TcpPacket
            if let Some(tcp_packet) = TcpPacket::new(ipv4_packet.payload()) {
                // Print out the interesting information
                println!("Packet: {}:{} --> {}:{}", ipv4_packet.get_source(), tcp_packet.get_source(), ipv4_packet.get_destination(), tcp_packet.get_destination() )
            }
        }
    }
}

fn main() {
    // Create a new PacketCapture with the default interface
    let pc = wiretap::PacketCapture::new_with_default().unwrap();
    // Start a capture on that interface
    let pc = pc.start_live_process(print_to_from);
    // Stuff happens
    thread::sleep(time::Duration::from_secs(15));
    // Stop the capture
    started.stop_capture();
}

Dependencies

~4–5.5MB
~104K SLoC