kanishkarj / Snoopy
Licence: mit
A highly configurable multi-threaded packet sniffer and parser build in rust-lang.
Stars: ✭ 138
Programming Languages
rust
11053 projects
Projects that are alternatives of or similar to Snoopy
Macos Lock
Lock your Mac from the command-line
Stars: ✭ 123 (-10.87%)
Mutual labels: command-line-tool
Poodle
🔥 A fast and beautiful command line tool to build API requests.
Stars: ✭ 129 (-6.52%)
Mutual labels: command-line-tool
Check It Out
A command line interface for Git Checkout. See branches available for checkout.
Stars: ✭ 127 (-7.97%)
Mutual labels: command-line-tool
Asciigraph
Go package to make lightweight ASCII line graph ╭┈╯ in command line apps with no other dependencies.
Stars: ✭ 1,805 (+1207.97%)
Mutual labels: command-line-tool
Notes Cli
Small markdown note taking CLI app playing nicely with your favorite editor and other CLI tools
Stars: ✭ 122 (-11.59%)
Mutual labels: command-line-tool
Libpcap
the LIBpcap interface to various kernel packet capture mechanism
Stars: ✭ 1,785 (+1193.48%)
Mutual labels: packet-capture
Typin
Declarative framework for interactive CLI applications
Stars: ✭ 126 (-8.7%)
Mutual labels: command-line-tool
Redli
Redli - A humane alternative to the Redis-cli and TLS
Stars: ✭ 126 (-8.7%)
Mutual labels: command-line-tool
Poor Fox
A beautiful command-line application designed to help you keep track of your expenses.
Stars: ✭ 130 (-5.8%)
Mutual labels: command-line-tool
Mint
A package manager that installs and runs executable Swift packages
Stars: ✭ 1,750 (+1168.12%)
Mutual labels: command-line-tool
Rq
Record Query - A tool for doing record analysis and transformation
Stars: ✭ 1,808 (+1210.14%)
Mutual labels: command-line-tool
Scc
An Offline cheat sheet and a quick reference command line tool for HTML, CSS and JS .
Stars: ✭ 123 (-10.87%)
Mutual labels: command-line-tool
Replace In Files Cli
Replace matching strings and regexes in files
Stars: ✭ 129 (-6.52%)
Mutual labels: command-line-tool
Quickpkg
wrapper for pkgbuild to quickly build simple packages from an installed app, a dmg or zip archive.
Stars: ✭ 137 (-0.72%)
Mutual labels: command-line-tool
Brotab
Control your browser's tabs from the command line
Stars: ✭ 137 (-0.72%)
Mutual labels: command-line-tool
Jsonwatch
Track changes in JSON data from the command line
Stars: ✭ 130 (-5.8%)
Mutual labels: command-line-tool
Snoopy
A highly configurable multi-threaded packet sniffer and parser build in rust-lang.
Features
- Capturing packets and encoding them to Pcap files, or print them onto console.
- While capturing packets, various configuration parameters can be specified.
- Parse Pcap files and print them to console, or extract more verbose information from each packet and store them to JSON file.
- Multi-threaded parsing of packets.
- Filter packets while parsing and capturing.
- Currently supports the following protocols :
- Ethernet
- Ipv4
- Ipv6
- Arp
- Tcp
- Udp
- Dns
- Tls
the Json file is generated like given below :
[{
"Ok": {
"len": 11,
"timestamp": "1234567890.123456",
"headers": [{
"Tls": {
...
}
},
{
"Tcp": {
...
}
}, {
"Ipv4": {
...
}
}, {
"Ether": {
...
}
}
],
"remaining": [...]
}
},
...
]
Installation
Ensure that you have libpcap-dev (ubuntu) or the corresponding package installed on your system.
Run the following commands in the command line inside the folder :
cargo install snoopy
Quick-Start
To Capture packets and print them onto the console :
➜ sudo snoopy capture run
--------------------
Sniffing wlp3s0
--------------------
Source IP | Source Port | Dest IP | Dest Port | Protocol | Length | Timestamp |
------------------------------------------------------------------------------------------------------------------------------------
52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 10078 | 1562310108.589373
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 54 | 1562310108.589468
52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 10078 | 1562310108.890490
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 54 | 1562310108.890547
52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 1486 | 1562310109.197739
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 54 | 1562310109.197795
52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 1486 | 1562310109.197841
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 66 | 1562310109.197865
52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 2918 | 1562310109.197887
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 74 | 1562310109.197906
52.216.185.195 | 443 | 10.20.197.103 | 38522 | Tcp | 1486 | 1562310109.197965
10.20.197.103 | 38522 | 52.216.185.195 | 443 | Tcp | 74 | 1562310109.197984
35.154.102.71 | 443 | 10.20.197.103 | 56572 | Tls | 160 | 1562310109.262324
10.20.197.103 | 56572 | 35.154.102.71 | 443 | Tcp | 66 | 1562310109.262383
Capture packets and save them to Pcap files :
➜ sudo snoopy capture run --timeout 10000 --savefile captured.pcap
Note: For capturing packets the user needs root user permissions to capture network packets.
Parse Pcap files and print to console:
➜ snoopy parse ./Sample/captured.pcap
Parse Pcap files and print to console (with filters):
➜ snoopy parse ./Sample/captured.pcap --filter "tcp port 443"
The above command will print all TCP packets with source/destination port 443.
Parse Pcap files and save to JSON file:
➜ snoopy parse ./Sample/captured.pcap --savefile ./parsed.json
Documentation
All commands and sub-commands are listed below :
USAGE:
snoopy [SUBCOMMAND]
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
SUBCOMMANDS:
capture Capture packets from interfaces.
help Prints this message or the help of the given subcommand(s)
parse Parse pcap files.
USAGE:
snoopy capture [SUBCOMMAND]
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
SUBCOMMANDS:
help Prints this message or the help of the given subcommand(s)
list List all interfaces.
run Start capturing packets.
USAGE:
snoopy capture run [FLAGS] [OPTIONS]
FLAGS:
-h, --help Prints help information
-p, --promisc Set promiscuous mode on or off. By default, this is off.
-r, --rfmon Set rfmon mode on or off. The default is maintained by pcap.
-V, --version Prints version information
OPTIONS:
-b, --buffer_size <buffer_size> Set the buffer size for incoming packet data. The default is 1000000. This should
always be larger than the snaplen.
--handle <device_handle> Specify the device interface
-f, --filter <filter> Set filter to the capture using the given BPF program string.
--precision <precision> Set the time stamp precision returned in captures (Micro/Nano).
--savefile <savefile> Save the captured packets to file.
-s, --snaplen <snaplen> Set the snaplen size (the maximum length of a packet captured into the buffer).
Useful if you only want certain headers, but not the entire packet.The default is
65535.
-t, --timeout <timeout> Set the read timeout for the Capture. By default, this is 0, so it will block
indefinitely.
--tstamp_type <tstamp_type> Set the time stamp type to be used by a capture device (Host / HostLowPrec /
HostHighPrec / Adapter / AdapterUnsynced).
USAGE:
snoopy parse [OPTIONS] <file_name>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
-f, --filter <filter> Set filter to the capture using the given BPF program string.
-s, --savefile <savefile> Parse the packets into JSON and save them to memory.
ARGS:
<file_name>
Note: The filters can be defined according to the syntax specified here.
Docker
Run the following commands in the command line inside the folder :
docker build -t snoopy .
docker container run -it snoopy
Build
Run the following command in the command line inside the folder :
cargo build
Todo
- Benchmarking
- Support for other protocols
License
This project is under the MIT license.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].