mirror/rustnet
1
0
Fork 0
mirror of https://github.com/domcyrus/rustnet.git synced 2026-01-07 06:19:59 -06:00
Code Issues Packages Projects Releases Wiki Activity
143 Commits 34 Branches 19 Tags
86831ba405a96e3292b1d65fe4ea097eaa089f83
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Marco Cadetg 86831ba405 improve quic dpi
2025-08-06 08:23:20 +02:00
assets
improve services lookup
2025-05-12 08:16:21 +02:00
scripts
improve clear old logs
2025-06-12 16:50:15 +02:00
src
improve quic dpi
2025-08-06 08:23:20 +02:00
.gitignore
update gitignore
2025-05-10 11:19:04 +02:00
Cargo.lock
working code ;)
2025-06-30 14:15:40 +02:00
Cargo.toml
working code ;)
2025-06-30 14:15:40 +02:00
LICENSE
Initial commit
2025-04-27 16:29:48 +02:00
README.md
adding TODOs
2025-08-02 15:13:04 +02:00

README.md

RustNet

A high-performance, cross-platform network monitoring tool built with Rust. RustNet provides real-time visibility into network connections with deep packet inspection capabilities and a responsive terminal user interface.

Features

  • Real-time Network Monitoring: Monitor active TCP, UDP, ICMP, and ARP connections
  • Deep Packet Inspection (DPI): Automatically detect application protocols:
    • HTTP with host information
    • HTTPS/TLS with SNI (Server Name Indication)
    • DNS queries and responses
    • SSH connections
    • QUIC protocol
  • Process Identification: Associate network connections with running processes
  • Service Name Resolution: Identify well-known services using port numbers
  • Cross-platform Support: Works on Linux, Windows, and macOS
  • Terminal User Interface: Clean, responsive TUI built with ratatui
  • Performance Optimized: Multi-threaded packet processing with minimal overhead
  • Configurable Logging: Detailed logging with configurable log levels

Installation

Prerequisites

  • Rust 2024 edition or later (install from rustup.rs)
  • libpcap or similar packet capture library:
    • Linux: sudo apt-get install libpcap-dev (Debian/Ubuntu) or sudo yum install libpcap-devel (RedHat/CentOS)
    • macOS: Included by default
    • Windows: Install WinPcap or Npcap

Building from source

# Clone the repository
git clone https://github.com/yourusername/rustnet.git
cd rustnet

# Build in release mode
cargo build --release

# The executable will be in target/release/rustnet

Running RustNet

On Unix-like systems (Linux/macOS), packet capture typically requires elevated privileges:

# Run with sudo
sudo ./target/release/rustnet

# Or set capabilities on Linux (to avoid needing sudo)
sudo setcap cap_net_raw,cap_net_admin=eip ./target/release/rustnet
./target/release/rustnet

Usage

# Run with default settings (monitors default interface)
rustnet

# Specify network interface
rustnet -i eth0
rustnet --interface wlan0

# Filter out localhost connections
rustnet --no-localhost

# Set UI refresh interval (in milliseconds)
rustnet -r 500
rustnet --refresh-interval 2000

# Disable deep packet inspection
rustnet --no-dpi

# Set log level (options: error, warn, info, debug, trace)
rustnet -l debug
rustnet --log-level trace

# View help and all options
rustnet --help

Command-line Options

  • -i, --interface <INTERFACE>: Network interface to monitor
  • --no-localhost: Filter out localhost connections
  • -r, --refresh-interval <MS>: UI refresh interval in milliseconds (default: 1000)
  • --no-dpi: Disable deep packet inspection
  • -l, --log-level <LEVEL>: Set the log level (default: info)

Keyboard Controls

  • q: Quit the application (press twice to confirm)
  • Ctrl+C: Quit immediately
  • Tab: Switch between tabs (Overview, Details, Help)
  • ↑/k: Navigate up in connection list
  • ↓/j: Navigate down in connection list
  • PageUp: Move up by 10 items
  • PageDown: Move down by 10 items
  • Enter: View detailed information about selected connection
  • Esc: Go back to previous view
  • c: Copy remote address to clipboard
  • h: Toggle help screen

Logging

RustNet creates timestamped log files in the logs/ directory. Each session generates a new log file with the format rustnet_YYYY-MM-DD_HH-MM-SS.log.

Log files contain:

  • Application startup and shutdown events
  • Network interface information
  • Packet capture statistics
  • Connection state changes
  • Error diagnostics

Use the --log-level option to control verbosity. The scripts/clear_old_logs.sh script is provided for log cleanup.

Architecture

RustNet employs a multi-threaded architecture for high-performance packet processing:

┌─────────────────┐
│ Packet Capture  │ ──packets──> Crossbeam Channel
│   (libpcap)     │                      │
└─────────────────┘                      │
                                         ├──> ┌──────────────────┐
                                         ├──> │ Packet Processor │ ──> DashMap
                                         ├──> │    (Thread 0)    │      │
                                         └──> │    (Thread N)    │      │
                                              └──────────────────┘      │
                                                                        │
┌─────────────────┐                                                     │
│Process Enrichment│ ────────────────────────────────────────────> DashMap
│  (Platform API) │                                                     │
└─────────────────┘                                                     │
                                                                        │
┌─────────────────┐                                                     │
│Snapshot Provider│ <─────────────────────────────────────────── DashMap
└─────────────────┘                                                     │
         │                                                              │
         └──> RwLock<Vec<Connection>> (for UI)                          │
                                                                        │
┌─────────────────┐                                                     │
│ Cleanup Thread  │ <─────────────────────────────────────────── DashMap
└─────────────────┘

Key Components

  1. Packet Capture Thread: Uses libpcap to capture raw packets from the network interface
  2. Packet Processors: Multiple worker threads parse packets and perform DPI analysis
  3. Process Enrichment: Platform-specific APIs to associate connections with processes
  4. Snapshot Provider: Creates consistent snapshots for the UI at regular intervals
  5. Cleanup Thread: Removes stale connections based on timeout settings
  6. DashMap: Lock-free concurrent hashmap for storing connection state

Dependencies

RustNet is built with the following key dependencies:

  • ratatui: Terminal user interface framework
  • crossterm: Cross-platform terminal manipulation
  • pcap: Packet capture library bindings
  • pnet_datalink: Network interface enumeration
  • dashmap: High-performance concurrent hashmap
  • crossbeam: Multi-threading utilities
  • dns-lookup: DNS resolution
  • clap: Command-line argument parsing
  • simplelog: Flexible logging framework
  • procfs (Linux): Process information from /proc filesystem

Platform-Specific Implementation

Process Lookup

RustNet uses platform-specific APIs to associate network connections with processes:

  • Linux: Parses /proc/net/tcp, /proc/net/udp, and /proc/<pid>/fd/ to find socket inodes
  • Windows: Uses Windows API calls to enumerate processes and their network connections
  • macOS: Uses system commands like lsof to query process-socket associations

Network Interfaces

The tool automatically detects and lists available network interfaces using platform-specific methods, falling back to pcap's device enumeration when native methods are unavailable.

Performance Considerations

  • Multi-threaded Processing: Packet processing is distributed across multiple threads (up to 4 by default)
  • Lock-free Data Structures: Uses DashMap for concurrent access without traditional locking
  • Batch Processing: Packets are processed in batches to improve cache efficiency
  • Selective DPI: Deep packet inspection can be disabled with --no-dpi for lower overhead
  • Configurable Intervals: Adjust refresh rates and timeouts based on your needs

Troubleshooting

Common Issues

  1. Permission Denied: Packet capture requires elevated privileges. Run with sudo or set capabilities.

  2. No Connections Shown:

    • Check if the correct network interface is selected
    • Verify packet capture permissions
    • Try disabling localhost filtering with --no-localhost

  3. High CPU Usage:

    • Increase the refresh interval: --refresh-interval 2000
    • Disable DPI if not needed: --no-dpi
    • Check log files for excessive packet rates

  4. Process Names Not Showing:

    • On Linux, ensure /proc is accessible
    • Some processes may require root privileges to identify

Debug Mode

Enable debug logging to troubleshoot issues:

rustnet --log-level debug

Check the generated log file in the logs/ directory for detailed diagnostics.

Security Considerations

  • RustNet requires privileged access for packet capture
  • The tool only monitors traffic; it does not modify or block connections
  • Log files may contain sensitive connection information
  • No data is transmitted outside your system

Contributing

Contributions are welcome! Please:

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

TODO

Platform Support

  • macOS Support: Basic features need testing and fixes for macOS compatibility
  • Windows Support: Core functionality requires implementation and testing on Windows
  • BSD Support: Add support for FreeBSD, OpenBSD, and NetBSD

Features

  • DNS Reverse Lookup: Add optional hostname resolution (toggle between IP and hostname display)
  • IPv6 Support: Full IPv6 connection tracking and display
  • Search/Filter: Add real-time search and filtering capabilities:
    • Filter by process name
    • Filter by protocol
    • Filter by port range
    • Filter by IP/hostname
    • Regular expression support
  • Internationalization (i18n): Support for multiple languages in the UI
  • Connection History: Store and display historical connection data
  • Bandwidth Graphs: Fix broken bandwidth visualization (currently not functional)
  • Export Functionality: Export connections to CSV/JSON formats
  • Configuration File: Support for persistent configuration (filters, UI preferences)
  • Connection Alerts: Notifications for new connections or suspicious activity
  • GeoIP Integration: Show geographical location of remote IPs
  • Protocol Statistics: Summary view of protocol distribution
  • Rate Limiting Detection: Identify connections with unusual traffic patterns
  • TLS Certificate Info: Display certificate details for HTTPS connections
  • Custom Themes: Support for customizable color schemes

UI Improvements

  • Resizable Columns: Dynamic column width adjustment
  • Connection Grouping: Group connections by process/service
  • Sortable Columns: Click to sort by any column
  • Connection Details Popup: Modal dialog for detailed connection info
  • ASCII Graphs: Terminal-based graphs for bandwidth/packet visualization
  • Mouse Support: Click to select connections
  • Split Pane View: Show multiple views simultaneously

Development

  • Unit Tests: Comprehensive test coverage for all modules
  • Integration Tests: End-to-end testing for different platforms
  • CI/CD Pipeline: Automated builds and releases for all platforms
  • Documentation: API documentation and developer guide
  • Benchmarks: Performance benchmarking suite

License

This project is licensed under the Apache License, Version 2.0 - see the LICENSE file for details.

Acknowledgments

  • Built with ratatui for the terminal UI
  • Packet capture powered by libpcap
  • Inspired by tools like sniffnet, netstat, ss, and iftop
  • Some code is vibe coded (OMG) / may the LLM gods be with you
Reference in New Issue View Git Blame Copy Permalink
Description
A cross-platform network monitoring terminal UI tool built with Rust.
Readme Apache-2.0 9.5 MiB
Languages
Rust 98.4%
C 0.8%
Shell 0.5%
Dockerfile 0.3%