Crate rshark [−] [src]
rshark, the Rusty Shark library, is a library for deep inspection
of malicious packets.
Background
Wireshark is a very useful tool for network debugging, but it's had its fair share of security vulnerabilities. It's generally accepted that, to succeed at Capture the Flag, one should fuzz Wireshark for awhile before the competition to find a few new vulnerabilities (don't worry, they're there, you'll find some) and use those offensively to blind one's opponents. This speaks to both the indispensability of packet capture/dissection tools and the fundamental difficulty of ``just making Wireshark secure''. Wireshark has a lot of dissectors, which are written using a complex C API (although some are now written in Lua).
rshark uses the type safety of Rust to enable the dissection of
malicious packets without worry of buffer overflows or other common memory errors.
Rusty Shark dissectors can make mistakes, but those logical errors should only
affect the interpretation of the current data, rather than all data.
That is to say, Rusty Shark is compartmentalized to minimize the damage that
can be done by a successful adversary. The submarine metaphors write themselves.
Usage
note: for help on the rshark command-line client,
run man rshark or rshark --help.
The rshark library provides packet dissection functions such as
rshark::ethernet::dissect(). Every such dissection function, which should
conform to the rshark::Dissector function type, takes as input a slice of bytes
and returns an rshark::Result (which defaults to
Result<rshark::Val, rshark::Error>).
Usage is pretty simple:
let data = vec![]; match rshark::ethernet::dissect(&data) { Err(e) => println!["Error: {}", e], Ok(val) => print!["{}", val.pretty_print(0)], }
A Val can represent an arbitrary tree of structured data
(useful in graphical displays) and can be pretty-printed with indentation for
sub-objects.
Modules
| ethernet |
Dissection of Ethernet (IEEE 802.3) frames. |
| ip |
Dissection of Internet Protocol (IP) packets. |
Structs
| Future |
An undetermined value. |
| RawBytes |
Dissector of last resort: store raw bytes without interpretation. |
Enums
| Error |
An error related to packet dissection (underflow, bad value, etc.). |
| Val |
A value parsed from a packet. |
Traits
| Protocol |
A description of a protocol, including code that can parse it. |
Functions
| signed |
Parse a signed integer of a given endianness from a byte buffer. |
| unsigned |
Parse an unsigned integer of a given endianness from a byte buffer. |
Type Definitions
| NamedValue |
A named value-or-error. |
| Result |
The result of a dissection function. |