Ecosystem
The Huginn Net ecosystem consists of 5 specialized Rust crates designed for maximum flexibility and performance in network protocol analysis. Each crate can be used independently or combined to create comprehensive network monitoring solutions.
Modular Architecture
Section titled “Modular Architecture”Crates Overview
Section titled “Crates Overview”huginn-net - Complete Analysis Suite
Section titled “huginn-net - Complete Analysis Suite”Purpose: Multi-protocol orchestrator that combines TCP, HTTP, and TLS analysis into a unified interface.
Use when: You need comprehensive network analysis across multiple protocols.
[dependencies]huginn-net = "1.7.4"Key Features:
- Unified API for all protocols
- Automatic protocol detection
- Comprehensive result aggregation
- Live capture and PCAP analysis
- End-to-end TLS parsing and JA4, plus HTTP/2 and Akamai-style fingerprints where applicable
huginn-net-tcp - TCP Analysis & OS Detection
Section titled “huginn-net-tcp - TCP Analysis & OS Detection”Purpose: TCP fingerprinting and OS detection using p0f-style signatures.
Use when: You only need TCP analysis, OS detection, MTU calculation, or uptime estimation.
[dependencies]huginn-net-tcp = "1.7.4"Key Features:
- OS fingerprinting (Windows, Linux, macOS, etc.)
- MTU detection and link type identification
- System uptime calculation from TCP timestamps
- Quality scoring for match confidence
huginn-net-http - HTTP Analysis & Browser Detection
Section titled “huginn-net-http - HTTP Analysis & Browser Detection”Purpose: HTTP request/response analysis for browser and web server identification.
Use when: You only need HTTP analysis, browser detection, or web server identification.
[dependencies]huginn-net-http = "1.7.4"Key Features:
- Browser detection (Chrome, Firefox, Safari, etc.)
- Web server identification (nginx, Apache, IIS)
- Language preference extraction
- HTTP/1.x and HTTP/2 frame parsing
- Akamai HTTP/2 fingerprinting: extract fingerprints from SETTINGS, WINDOW_UPDATE, PRIORITY, and HEADERS (Blackhat EU 2017 spec); the standalone
Http2FingerprintExtractorpreserves pseudo-header order for TLS-termination scenarios
huginn-net-tls - JA4 TLS Client Fingerprinting
Section titled “huginn-net-tls - JA4 TLS Client Fingerprinting”Purpose: TLS client fingerprinting using the official JA4 specification.
Use when: You only need TLS analysis, JA4 fingerprinting, or client identification.
[dependencies]huginn-net-tls = "1.7.4"Key Features:
- TLS parsers: ClientHello and record-level parsing (via
tls-parser) for reliable JA4 inputs - JA4 fingerprinting (FoxIO specification)
- TLS 1.0-1.3 and SSL 2.0/3.0 support
- GREASE filtering per RFC 8701
- SNI and ALPN extraction
huginn-net-db - Database Parser & Matching Engine
Section titled “huginn-net-db - Database Parser & Matching Engine”Purpose: P0f database parsing and signature matching engine.
Use when: You need custom signature parsing or advanced database operations.
Note: This crate is automatically included with TCP and HTTP crates. Most users don’t need to use it directly.
[dependencies]huginn-net-db = "1.7.4"Key Features:
- P0f signature database parsing
- Distance-based quality scoring
- Extensible matching algorithms
- Custom signature support
Dependency versions in the snippets above match each crate’s published max_version on crates.io at site build time.
Which Crate Should I Use?
Section titled “Which Crate Should I Use?”Decision Guide
Section titled “Decision Guide”- Need everything? → Use
huginn-net - Only OS detection? → Use
huginn-net-tcp - Only browser detection? → Use
huginn-net-http - Only TLS analysis? → Use
huginn-net-tls - Custom signatures? → Use
huginn-net-dbdirectly