rncwnd/dipper
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
POC pure rust DPI library.
6 commits 1 branch 0 tags 926 KiB
Find a file
Exact
rncwnd 87636b0d1e
Attribution for pcaps
2024-07-03 17:08:40 +01:00
pcaps Attribution for pcaps 2024-07-03 17:08:40 +01:00
src Attribution for pcaps 2024-07-03 17:08:40 +01:00
.gitignore Attribution for pcaps 2024-07-03 17:08:40 +01:00
Cargo.lock Push up exploritory work 2024-07-01 15:24:30 +01:00
Cargo.toml Push up exploritory work 2024-07-01 15:24:30 +01:00
flake.lock Push up exploritory work 2024-07-01 15:24:30 +01:00
flake.nix Push up exploritory work 2024-07-01 15:24:30 +01:00
LICENSE.md License 2024-07-01 15:35:01 +01:00
README.md Move readme to right place lol 2024-07-01 15:36:06 +01:00

README.md

Dipper

A highly experimental pure rust DPI engine.

Rationale

nDPI exists but it's all C and there's a lot of macros, it's hard to use cleanly from rust.

Commercial DPI systems exist, but are prohibitivley expensive.

Alternative "Kind of DPI" systems like Suricata exist and are great, but are only part rust.

Tools used

  • Nom is used extensivley in order to parse wire formats.
  • Etherparse is used to "chunk" packets into their various components.

Goals

Short Term

  • Functional offline packet inspection.
  • DNS, ICMP, HTTP, maybe SSH parsing and inspection.
  • Standardised output format.

Long Term

  • Online analysis
  • Plugin system?