command-line-tool Rust packet-sniffer
Need help with snoopy?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.
kanishkarj

Description

A highly configurable multi-threaded packet sniffer and parser build in rust-lang.

132 Stars 10 Forks MIT License 45 Commits 3 Opened issues

Services available

Need anything else?

Snoopy

Crates.io License: MIT Build Status

A highly configurable multi-threaded packet sniffer and parser build in rust-lang.

Features

  • Capturing packets and encoding them to Pcap files, or print them onto console.
  • While capturing packets, various configuration parameters can be specified.
  • Parse Pcap files and print them to console, or extract more verbose information from each packet and store them to JSON file.
  • Multi-threaded parsing of packets.
  • Filter packets while parsing and capturing.
  • Currently supports the following protocols :
    • Ethernet
    • Ipv4
    • Ipv6
    • Arp
    • Tcp
    • Udp
    • Dns
    • Tls

the Json file is generated like given below :

[{
  "Ok": {
    "len": 11,
    "timestamp": "1234567890.123456",
    "headers": [{
        "Tls": {
          ...
        }
      },
      {
        "Tcp": {
          ...
        }
      }, {
        "Ipv4": {
          ...
        }
      }, {
        "Ether": {
          ...
        }
      }
    ],
    "remaining": [...]
  }
},
...
]

Installation

Ensure that you have

libpcap-dev
(ubuntu) or the corresponding package installed on your system. Run the following commands in the command line inside the folder :
cargo install snoopy

Quick-Start

To Capture packets and print them onto the console : ```zsh

➜ sudo snoopy capture run

Sniffing wlp3s0

Source IP | Source Port | Dest IP | Dest Port | Protocol | Length | Timestamp |

52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 10078 | 1562310108.589373
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 54 | 1562310108.589468
52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 10078 | 1562310108.890490
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 54 | 1562310108.890547
52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 1486 | 1562310109.197739
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 54 | 1562310109.197795
52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 1486 | 1562310109.197841
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 66 | 1562310109.197865
52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 2918 | 1562310109.197887
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 74 | 1562310109.197906
52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 1486 | 1562310109.197965
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 74 | 1562310109.197984
35.154.102.71 | 443 | 10.20.197.103 | 56572 | Tls | 160 | 1562310109.262324
10.20.197.103 | 56572 | 35.154.102.71 | 443 | Tcp | 66 | 1562310109.262383
```

Capture packets and save them to Pcap files :

➜ sudo snoopy capture run --timeout 10000 --savefile captured.pcap

Note: For capturing packets the user needs root user permissions to capture network packets.

Parse Pcap files and print to console:

➜ snoopy parse ./Sample/captured.pcap

Parse Pcap files and print to console (with filters):

➜ snoopy parse ./Sample/captured.pcap --filter "tcp port 443"

The above command will print all TCP packets with source/destination port 443.

Parse Pcap files and save to JSON file:

➜ snoopy parse ./Sample/captured.pcap --savefile ./parsed.json

Documentation

All commands and sub-commands are listed below :

USAGE:
    snoopy [SUBCOMMAND]

FLAGS: -h, --help Prints help information -V, --version Prints version information

SUBCOMMANDS: capture Capture packets from interfaces. help Prints this message or the help of the given subcommand(s) parse Parse pcap files.

USAGE:
    snoopy capture [SUBCOMMAND]

FLAGS: -h, --help Prints help information -V, --version Prints version information

SUBCOMMANDS: help Prints this message or the help of the given subcommand(s) list List all interfaces. run Start capturing packets.

USAGE:
    snoopy capture run [FLAGS] [OPTIONS]

FLAGS: -h, --help Prints help information -p, --promisc Set promiscuous mode on or off. By default, this is off. -r, --rfmon Set rfmon mode on or off. The default is maintained by pcap. -V, --version Prints version information

OPTIONS: -b, --buffer_size Set the buffer size for incoming packet data. The default is 1000000. This should always be larger than the snaplen. --handle Specify the device interface -f, --filter Set filter to the capture using the given BPF program string. --precision Set the time stamp precision returned in captures (Micro/Nano). --savefile Save the captured packets to file. -s, --snaplen Set the snaplen size (the maximum length of a packet captured into the buffer). Useful if you only want certain headers, but not the entire packet.The default is 65535. -t, --timeout Set the read timeout for the Capture. By default, this is 0, so it will block indefinitely. --tstamp_type Set the time stamp type to be used by a capture device (Host / HostLowPrec / HostHighPrec / Adapter / AdapterUnsynced).

USAGE:
    snoopy parse [OPTIONS] 

FLAGS: -h, --help Prints help information -V, --version Prints version information

OPTIONS: -f, --filter Set filter to the capture using the given BPF program string. -s, --savefile Parse the packets into JSON and save them to memory.

ARGS:

Note: The filters can be defined according to the syntax specified here.

Docker

Run the following commands in the command line inside the folder :

docker build -t snoopy .
docker container run -it snoopy

Build

Run the following command in the command line inside the folder :

cargo build

Todo

  • Benchmarking
  • Support for other protocols

License

This project is under the MIT license.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.