Ecosystem

The Huginn Net ecosystem consists of 5 specialized Rust crates designed for maximum flexibility and performance in network protocol analysis. Each crate can be used independently or combined to create comprehensive network monitoring solutions.

Modular Architecture

huginn-netComplete Suite

↓ Uses ↓

huginn-net-tcpTCP analysis

huginn-net-httpHTTP analysis

huginn-net-tlsTLS analysis

↓ TCP & HTTP use ↓

huginn-net-dbDatabase Engine

Crates Overview

huginn-net - Complete Analysis Suite

Purpose: Multi-protocol orchestrator that combines TCP, HTTP, and TLS analysis into a unified interface.

Use when: You need comprehensive network analysis across multiple protocols.

All features are opt-in; use full for everything this version offers, or pick only what you consume:

[dependencies]
huginn-net = { version = "2.0.0-rc", features = ["full"] }
huginn-net-db = { version = "2.0.0-rc", features = ["full"] }

Add json to serialize all output types with serde_json:

huginn-net = { version = "2.0.0-rc", features = ["full", "json"] }

Key Features:

Unified API for all protocols
Automatic protocol detection
Comprehensive result aggregation
Live capture and PCAP analysis
End-to-end TLS parsing and JA4, plus HTTP/2 and Akamai-style fingerprints where applicable
Typed observable data access for custom fingerprinting (ObservableTcp, ObservableHttpRequest/Response, ObservableTlsClient)
Observation-only mode via HuginnNet::new_observable (no database required)

huginn-net-tcp - TCP Analysis & OS Detection

Purpose: TCP fingerprinting and OS detection using p0f-style signatures.

Use when: You only need TCP analysis, OS detection, MTU calculation, or uptime estimation.

[dependencies]
huginn-net-tcp = { version = "2.0.0-rc", features = ["full"] }
# Optional: only needed for OS fingerprint matching
huginn-net-db = { version = "2.0.0-rc", features = ["tcp"] }

Feature	Description
`full`	Alias for `syn` + `syn-ack` + `mtu` + `uptime`
`syn`	TCP SYN OS fingerprinting (client → server)
`syn-ack`	TCP SYN+ACK OS fingerprinting (server → client)
`mtu`	MTU extraction from the TCP MSS option
`uptime`	Uptime estimation from TCP timestamps
`json`	`serde::Serialize` on all output types

Key Features:

OS fingerprinting (Windows, Linux, macOS, etc.)
MTU detection and link type identification
System uptime calculation from TCP timestamps
Quality scoring for match confidence
Typed observable data (ObservableTcp, ObservableMtu, ObservableUptime) for custom fingerprints

huginn-net-http - HTTP Analysis & Browser Detection

Purpose: HTTP request/response analysis for browser and web server identification.

Use when: You only need HTTP analysis, browser detection, or web server identification.

[dependencies]
huginn-net-http = { version = "2.0.0-rc", features = ["full"] }
# Optional: only needed for browser/server fingerprint matching
huginn-net-db = { version = "2.0.0-rc", features = ["http"] }

Feature	Description
`full`	Alias for `p0f-request` + `p0f-response` + `akamai`
`p0f-request`	HTTP request fingerprinting (browser detection, Accept-Language, header order)
`p0f-response`	HTTP response fingerprinting (web server detection)
`akamai`	Standalone Akamai HTTP/2 fingerprint extractor (`Http2FingerprintExtractor`)
`json`	`serde::Serialize` on all output types

Key Features:

Browser detection (Chrome, Firefox, Safari, etc.)
Web server identification (nginx, Apache, IIS)
Language preference extraction
HTTP/1.x and HTTP/2 frame parsing
Akamai HTTP/2 fingerprinting: extract fingerprints from SETTINGS, WINDOW_UPDATE, PRIORITY, and HEADERS (Blackhat EU 2017 spec); the standalone Http2FingerprintExtractor preserves pseudo-header order for TLS-termination scenarios
Typed observable data (ObservableHttpRequest, ObservableHttpResponse) for custom fingerprints

huginn-net-tls - JA4 TLS Client Fingerprinting

Purpose: TLS client fingerprinting using the official JA4 specification.

Use when: You only need TLS analysis, JA4 fingerprinting, or client identification.

[dependencies]
# Core JA4 (no database needed — computed algorithmically)
huginn-net-tls = "2.0.0-rc"

# With stable fingerprints (JA4_s1 / JA4_s1r) and everything this version offers
huginn-net-tls = { version = "2.0.0-rc", features = ["full"] }

Feature	Description
`full`	Alias for `stable-v1`
`stable-v1`	Adds `JA4_s1` / `JA4_s1r`; ephemeral extensions excluded for stable fingerprints
`json`	`serde::Serialize` on all output types

Key Features:

TLS parsers: ClientHello and record-level parsing (via tls-parser) for reliable JA4 inputs
JA4 fingerprinting (FoxIO specification) — JA4, JA4_r, JA4_o, JA4_or
JA4_s1 / JA4_s1r — stable variants that exclude ephemeral extensions (Session Ticket, Pre-Shared Key, Padding) so fingerprints stay comparable across sessions
TLS 1.0-1.3 and SSL 2.0/3.0 support
GREASE filtering per RFC 8701
SNI and ALPN extraction
Typed observable data (ObservableTlsClient) for custom fingerprints

huginn-net-db - Database Parser & Matching Engine

Purpose: P0f database parsing and signature matching engine.

Use when: You use huginn-net-tcp or huginn-net-http standalone and want database-backed OS/browser matching.

Note: When using the umbrella huginn-net crate, this is pulled in automatically through its db feature. You only need to depend on huginn-net-db directly for protocol-specific crate builds.

# Both protocols
huginn-net-db = { version = "2.0.0-rc", features = ["full"] }

# TCP only (no HTTP parser embedded)
huginn-net-db = { version = "2.0.0-rc", features = ["tcp"] }

# HTTP only (no TCP parser embedded)
huginn-net-db = { version = "2.0.0-rc", features = ["http"] }

Key Features:

P0f signature database parsing
Distance-based quality scoring
Extensible matching algorithms
SharedTcpSignatureMatcher / SharedHttpSignatureMatcher for use with .with_matcher(...)

Dependency versions in the snippets above match each crate’s published max_version on crates.io at site build time.

Which Crate Should I Use?

Decision Guide

Need everything? → Use huginn-net
Only OS detection? → Use huginn-net-tcp
Only browser detection? → Use huginn-net-http
Only TLS analysis? → Use huginn-net-tls
Custom signatures? → Use huginn-net-db directly