wiretap 0.8.0

Basic packet capture library built on parallelism
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

use std::net::Ipv4Addr;
use std::process::Command;
use wiretap::{self, Packet, TcpSegmentCollection};

/*
fn main() {
    // Create a new PacketCapture with the "lo" interface
    let pc = wiretap::PacketCapture::new_from_interface("lo").unwrap();
    // Start a capture on that interface
    let pc = pc.start_capture();
    // Do something useful, probably
    thread::sleep(time::Duration::from_secs(15));
    // Stop the capture
    let pc = pc.stop_capture();
    // Get the resulting TCP packets
    let output = pc.results_as_tcp(); //.into_iter().filter(|p| !p.is_syn() && !p.is_rst_ack()).collect::<Vec<TcpSegment>>();
                                      // Do something with them
    println!("Captured {} TCP packets", output.len());
    for out in output.into_iter() {
        println!("{:?}", out.payload());
        println!("{:?}", out.is_syn());
        println!("{:?}", out.is_rst_ack());
    }
}
*/

fn main() {
    // Create a new PacketCapture with the default interface
    let pc = wiretap::PacketCapture::new_with_default().unwrap();
    println!("{pc:?}");
    // Start a capture on that interface
    let pc = pc.start_capture();
    println!("{pc:?}");
    // Do something useful, probably
    run_nmap();
    // Stop the capture
    let pc = pc.stop_capture();
    println!("{pc:?}");
    // Get the resulting TCP packets
    let output = pc.results_as_ipv4();
    // Do something with them
    println!("Captured {} IPV4 packets", output.len());
    let to_from_target = output.filter_only_host(Ipv4Addr::new(192, 168, 5, 6));
    println!("IPv4 packets from target: {}", to_from_target.len());
    let tcp_now = TcpSegmentCollection::from(to_from_target);
    println!("TCP segments from target: {}", tcp_now.len());
    let mut non_empty = tcp_now.filter_no_payload();
    println!("Not empty TCP segments: {}", non_empty.len());
    let (m, u) = non_empty.find_challenge_response_pairs();
    println!("Matched (pairs): {} Unmatched: {}", m.len(), u.len());
    for pair in m.iter() {
        println!("{}", pair.response.get_source());
        println!("\t{:?}", pair.challenge.payload());
        println!("\t{:?}", pair.response.payload());
    }
    for other in u.iter() {
        println!("{} --> {:?}", other.get_destination(), other.payload());
    }
}

fn run_nmap() {
    Command::new("nmap")
        .args([
            "-sV",
            "-p22",
            "192.168.5.6",
            "-w",
            "/home/dev/deception_rust/tcpdumped.pcap",
        ])
        .output()
        .unwrap();
}