nasoone_lib

Struct Nasoone

Source 
pub struct Nasoone { /* private fields */ }
Expand description

A struct for capturing network traffic.

Implementations§

Source§

impl Nasoone

Source

pub fn new() -> Self

Source

pub fn set_capture_device(&mut self, device: &str) -> Result<(), NasooneError>

Set the capture from a network interface. It returns an error in the following cases:

  • Nasoone is not in the Initial state
  • the interface name is not valid
  • the capture cannot be activated
§Arguments
  • device - A string slice that holds the name of the interface to capture from.
§Examples

Create a nasoone instance and set the capture from the interface “en0”

use nasoone_lib::Nasoone;
let mut nasoone = Nasoone::new();
let _ = nasoone.set_capture_device("en0");
Source

pub fn set_capture_file(&mut self, file: &str) -> Result<(), NasooneError>

Set the capture from a pcap file.

It returns an error in the following cases:

  • Nasoone is not in the Initial state
  • the capture file is not valid
§Arguments
  • file - A string slice with the file path.
§Examples

Create a nasoone instance and set the capture from the file “capture.pcap”:

use nasoone_lib::Nasoone;
let mut nasoone = Nasoone::new();
let  _ = nasoone.set_capture_file("./capture.pcap");
Source

pub fn set_timeout(&mut self, timeout: u32) -> Result<(), NasooneError>

Set the timeout in seconds after which the output file is updated.

The timeout must be greater than 0, it specifies the periodical update of the output file. So, if the timeout is 1, the output file is updated every second.

It returns an error in the following cases:

  • Nasoone is not in the Initial state
  • the timeout is 0
§Arguments
  • timeout - The timeout in seconds.
§Examples

Create a nasoone instance and set the timeout to 1 second:

use nasoone_lib::Nasoone;
let mut nasoone = Nasoone::new();
nasoone.set_timeout(1).expect("");
Source

pub fn set_raw_filter(&mut self, filter: &str) -> Result<(), NasooneError>

Set the raw filter for the capture. The raw filter is a BPF string that is passed to pcap. Multiple calls to this function or to set_filter will overwrite the previous filter.

It returns an error in the following cases:

  • Nasoone is not in the Initial state
  • The capture is not set
  • the filter is not valid
§Arguments
  • filter - The filter string in BPF syntax.
§Examples

create a nasoone instance and set filter to accept only packets with source port 80 to 88:

use nasoone_lib::Nasoone;
let mut nasoone = Nasoone::new();
nasoone.set_capture_device("en0").expect("");
nasoone.set_filter("src portrange 80-88").expect("");
Source

pub fn set_filter(&mut self, filter: &Filter) -> Result<(), NasooneError>

Set the filter for the capture. The filter is a Filter struct that will be transformed in BPF and passed to pcap. Multiple calls to this or set_raw_filter function will overwrite the previous filter.

It returns an error in the following cases:

  • Nasoone is not in the Initial state
  • The capture is not set
§Arguments
  • filter - The filter struct already setted up.
§Examples

create a nasoone instance and set filter to accept only tcp traffic

use nasoone_lib::{Nasoone, Filter};
let filter = Filter::new().set_tcp_only();
let mut nasoone = Nasoone::new();
nasoone.set_capture_device("en0").unwrap();
nasoone.set_filter(&filter).unwrap();
Source

pub fn set_output(&mut self, output_file: &str) -> Result<(), NasooneError>

Set the output file. The output file is a CSV textual report of the capture.

It returns an error in the following cases:

  • Nasoone is not in the Initial state
  • the file already exists
  • the target directory does not exist
  • the file cannot be created
§Arguments
  • output_file - The path of the output file.
§Examples

create a nasoone instance and set the output file to “./output.csv”:

use nasoone_lib::Nasoone;
let mut nasoone = Nasoone::new();
nasoone.set_output("./output.csv").expect("");
Source

pub fn start(&mut self) -> Result<(), NasooneError>

Start analyzing the network traffic.

It returns an error in the following cases:

  • Nasoone is not in the Initial state
  • the capture is not set
  • the output is not set
§Examples

create a nasoone instance, set the capture and the output file and start the analysis:

use nasoone_lib::Nasoone;
let mut nasoone = Nasoone::new();
nasoone.set_capture_device("en0").expect("");
nasoone.set_output("./output.csv").expect("");
nasoone.start().expect("");
Source

pub fn pause(&mut self) -> Result<(), NasooneError>

Pause the analysis of the network traffic.

If the capture is set from a file, the analysis stop reading the file. Otherwise, it continues to receive packets from the network interface but it does not analyze them.

It returns an error in the following cases:

  • Nasoone is not in the Running state
  • the capture is from a file and the file is over (the analysis is already finished)
§Examples

create a nasoone instance, start the analysis and then pause it:

use std::thread::sleep;
use nasoone_lib::Nasoone;
let mut nasoone = Nasoone::new();
nasoone.set_capture_device("en0").expect("");
nasoone.set_output("./output.csv").expect("");
nasoone.start().expect("");
sleep(std::time::Duration::from_secs(5));
nasoone.pause().expect("");
Source

pub fn resume(&mut self) -> Result<(), NasooneError>

Resume the analysis if it was paused.

It returns an error in the following cases:

  • Nasoone is not in the Paused state
  • the capture is from a file and the file is over (the analysis is already finished)
§Examples

create a nasoone instance, start the analysis, pause it and then resume it:

use nasoone_lib::Nasoone;
let mut nasoone = Nasoone::new();
nasoone.set_capture_device("en0").expect("");
nasoone.set_output("./output.csv").expect("");
nasoone.start().expect("");
nasoone.pause().expect("");
nasoone.resume().expect("");
Source

pub fn stop(&mut self) -> Result<Option<NasooneStats>, NasooneError>

Stop the capture if it is running or paused. It will wait for the threads to finish, so it could take some time (up to 200-250ms).

It returns the statistics of the capture only if the capture is from a network interface. Otherwise, it will return None.

It returns an error in the following cases:

  • Nasoone is not in the Running, Finished or Paused state
§Examples

create a nasoone instance, start the analysis and then stop it:

use nasoone_lib::Nasoone;
let mut nasoone = Nasoone::new();
nasoone.set_capture_device("en0").expect("");
nasoone.set_output("./output.csv").expect("");
nasoone.start().expect("");
let stats = nasoone.stop().expect("");
Source

pub fn get_total_packets(&mut self) -> usize

Get the total amount of packet received by the capture.

§Examples

Create a nasoone instance, start the analysis and then get the total amount of packet received:

use std::thread::sleep;
use nasoone_lib::{Nasoone, NasooneState};
let mut nasoone = Nasoone::new();
nasoone.set_capture_device("en0").expect("");
nasoone.set_output("./output.csv").expect("");
nasoone.start().expect("");
sleep(std::time::Duration::from_secs(5));
assert!(nasoone.get_total_packets() > 0);
Source

pub fn get_state(&mut self) -> NasooneState

Get the current state of the capture.

§Examples

Create a nasoone instance, start the analysis, pause it and ask for the state:

use nasoone_lib::{Nasoone, NasooneState};
let mut nasoone = Nasoone::new();
nasoone.set_capture_device("en0").expect("");
nasoone.set_output("./output.csv").expect("");
nasoone.start().expect("");
nasoone.pause().expect("");
assert_eq!(nasoone.get_state(), NasooneState::Paused);
Source

pub fn list_devices() -> Result<Vec<NetworkInterface>, NasooneError>

Get the list of available network interfaces. It only returns interfaces that have a network address, since the others can’t receive any network packet.

It could return underlined errors from the pcap library.

§Examples
use nasoone_lib::Nasoone;
let interfaces = Nasoone::list_devices().expect("");
Source

pub fn get_default_device_name() -> Result<String, NasooneError>

Get the name of the default network interface.

Trait Implementations§

Source§

impl Default for Nasoone

Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl Drop for Nasoone

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.