Skip to content

Latest commit

 

History

History
155 lines (109 loc) · 5.37 KB

README.md

File metadata and controls

155 lines (109 loc) · 5.37 KB

Network analyzer library

Network-analyzer is a Rust language crate that allows the interception of incoming and outgoing traffic through the network interfaces of a computer and aggregates it by network address/port.

For each network address/port pair some additional information will be displayed: the transported protocol, the cumulative number of bytes transmitted and the timestamp of the first and last occurrence of the exchange.

Installation

Windows dependencies 

In order to correctly run Network-analyzer on Windows systems you need to:

  • Install Npcap.

  • Download the Npcap SDK.

  • Add the SDK's /Lib or /Lib/x64 folder to your LIB environment variable.

Linux dependencies 

In order to correctly run Network-analyzer on Linux systems, install the libraries and header files for the libpcap library:

  • On Debian based Linux:
sudo apt-get install libpcap-dev
  • On Fedora Linux:
sudo apt-get install libpcap-devel

Note that if you are not running as root, you need to set capabilities to inspect a network adapter:

sudo setcap cap_net_raw,cap_net_admin=eip <your/Network-analyzer/executable/path>
MacOS dependencies 

MacOS natively has all the dependencies you need to build and run Network-analyzer.

Usage

Analyzer Example

A simple example of the potential of Network-analyzer is given by the Struct Analyzer

fn main() {
    let name_input = String::from("file.txt");
    let time: u64 = 5;
    let a = Analyzer::new("eth0", &name_input.as_str(), time);
}

We pass three parameters to the Analyzer:

  • The device on which we want to listen for packet traffic
  • The name of the file on which we will print the analysis result
  • The time interval in seconds after which the analysis result will be printed out

Whenever the specified time interval passes, the aggregated data by network address/port will be printed in the specified file (if it does not exist it is created).

Other Components

The Analyzer uses other Structs offered by Crate to function

Parser

The Parser is a Struct used to listen to pcap packets in transit from a device and transforms them into ParsedPackets, i.e. packets that have useful fields for analysis, such as:

  • entry IP address
  • outgoing IP address
  • input port
  • outgoing port
  • protocol
Aggregator

The Aggregator is a Struct that takes the packets sent by its channel's Sender and aggregates them into a Struct (HashMap), which has the network address/port as key.

SocketListener

Socket Listener is a Struct used to create and link an Aggregator and a Parser, thus allowing aggregated data to be obtained. By using this Struct, the user does not have to deal with the implementation of the Parser and Aggregator.

ReportWriter

Report Writer is a Struct that is responsible for taking aggregated data (e.g. from Aggregator) and printing them to files.

Examples of Advanced Uses

The various Structs are used to run the Analyzer, which involves the use of a Socket Listener (and thus a Parser and Aggregator) and a ReportWriter. But these Structs can be used freely by the user to manage different situations.

  • Parallel reading from multiple devices (multiple Parsers one Aggregator)
fn main() {
    // I am creating a channel where the parser will send the parsed packets
    let (tx, rx) = channel();
    // I create a new parser listening to device "eth0" and sending
    // the parsed packets to the channel i just created
    let parser1 = Parser::new("eth0", tx.clone());
    let parser2 = Parser::new("eth1", tx.clone());
    // Now I can use rx to receive the parsed packets from all the parsers
    while let Ok(parsed_packet) = rx.recv() {
       println!("Received packet: {:?}", parsed_packet);
    }
}
  • Parallel reading from multiple devices and writing multiple report files ( multiple Analyzers )
fn main() {
    let timer:u64=5;
    let filename_one = String::from("file1.txt");
    let filename_two = String::from("file2.txt");
    let a_one=Analyzer::new("eth0", &filename_one.as_str(), timer);
    let a_two=Analyzer::new("eth1", &filename_two.as_str(), timer);
}
  • Writing multiple report files ( multiple ReportWriters one SocketListener )
fn main() {
    let sl=SocketListener::new("eth0");
    let filename_one = String::from("file1.txt");
    let filename_two = String::from("file2.txt");
    let timer_one:u64=5;
    let timer_two:u64=7;
    
    let report_writer_one = ReportWriter::new(filename_one, timer_one, sl.get_aggregated_data());
    let report_writer_two = ReportWriter::new(filename_two, timer_two, sl.get_aggregated_data());
}