Quick Example

Following is an example showing how to:

  • Initialize the database and P0f engine.
  • Analyze network traffic using a specified interface.
  • Process and log various TCP and HTTP characteristics detected.
use passivetcp_rs::db::Database;
use passivetcp_rs::P0f;
use std::sync::mpsc;
use std::thread;
use clap::Parser;
use log::info;

#[derive(Parser)]
struct Args {
    #[clap(short, long)]
    interface: String,
}

fn main() {
    let args = Args::parse();
    let db = Box::leak(Box::new(Database::default()));
    let (sender, receiver) = mpsc::channel();

    thread::spawn(move || {
        P0f::new(db, 100).analyze_network(&args.interface, sender);
    });

    for output in receiver {
        if let Some(syn) = output.syn {
            info!("{}", syn);
        }
        if let Some(syn_ack) = output.syn_ack {
            info!("{}", syn_ack);
        }
        if let Some(mtu) = output.mtu {
            info!("{}", mtu);
        }
        if let Some(uptime) = output.uptime {
            info!("{}", uptime);
        }
        if let Some(http_request) = output.http_request {
            info!("{}", http_request);
        }
        if let Some(http_response) = output.http_response {
            info!("{}", http_response);
        }
    }
}
Overview SYN and SYN+ACK Packets