Crate rshark [−] [src]
rshark
, the Rusty Shark library, is a library for deep inspection
of malicious packets.
Background
Wireshark is a very useful tool for network debugging, but it's had its fair share of security vulnerabilities. It's generally accepted that, to succeed at Capture the Flag, one should fuzz Wireshark for awhile before the competition to find a few new vulnerabilities (don't worry, they're there, you'll find some) and use those offensively to blind one's opponents. This speaks to both the indispensability of packet capture/dissection tools and the fundamental difficulty of ``just making Wireshark secure''. Wireshark has a lot of dissectors, which are written using a complex C API (although some are now written in Lua).
rshark
uses the type safety of Rust to enable the dissection of
malicious packets without worry of buffer overflows or other common memory errors.
Rusty Shark dissectors can make mistakes, but those logical errors should only
affect the interpretation of the current data, rather than all data.
That is to say, Rusty Shark is compartmentalized to minimize the damage that
can be done by a successful adversary. The submarine metaphors write themselves.
Usage
note: for help on the rshark
command-line client,
run man rshark
or rshark --help
.
The rshark
library provides packet dissection functions such as
rshark::ethernet::dissect()
. Every such dissection function, which should
conform to the rshark::Dissector
function type, takes as input a slice of bytes
and returns an rshark::Result
(which defaults to
Result<rshark::Val, rshark::Error>
).
Usage is pretty simple:
let data = vec![]; match rshark::ethernet::dissect(&data) { Err(e) => println!["Error: {}", e], Ok(val) => print!["{}", val.pretty_print(0)], }
A Val
can represent an arbitrary tree of structured data
(useful in graphical displays) and can be pretty-printed with indentation for
sub-objects.
Modules
ethernet |
Dissection of Ethernet (IEEE 802.3) frames. |
ip |
Dissection of Internet Protocol (IP) packets. |
Structs
Future |
An undetermined value. |
RawBytes |
Dissector of last resort: store raw bytes without interpretation. |
Enums
Error |
An error related to packet dissection (underflow, bad value, etc.). |
Val |
A value parsed from a packet. |
Traits
Protocol |
A description of a protocol, including code that can parse it. |
Functions
signed |
Parse a signed integer of a given endianness from a byte buffer. |
unsigned |
Parse an unsigned integer of a given endianness from a byte buffer. |
Type Definitions
NamedValue |
A named value-or-error. |
Result |
The result of a dissection function. |