PCAP file export (initial implementation)

2025-12-23 22:29:01 -05:00 · 2024-03-10 10:58:54 +01:00
parent ef0cc4d75d
commit 2c4f893c1b
4 changed files with 17 additions and 10 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -56,4 +56,5 @@ $RECYCLE.BIN/

 ### Custom... ###
 Dockerfile
-lcov.info
+lcov.info
+*.pcap
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -39,13 +39,13 @@ strip = true
 [dependencies]
 pcap = "1.2.0"
 etherparse = "0.14.2"
-chrono = { version = "0.4.33", default_features = false, features = ["clock"] }
+chrono = { version = "0.4.35", default_features = false, features = ["clock"] }
 plotters = { version = "0.3.5", default_features = false, features = ["area_series"] }
 iced = { version = "0.12.1", features = ["tokio", "svg", "advanced", "lazy"] }
 plotters-iced = "0.10.0"
 maxminddb = "0.24.0"
-confy = "0.6.0"
-serde = { version = "1.0.196", default_features = false, features = ["derive"] }
+confy = "0.6.1"
+serde = { version = "1.0.197", default_features = false, features = ["derive"] }
 rodio = { version = "0.17.3", default_features = false, features = ["mp3"] }
 dns-lookup = "2.0.4"
 toml = "0.8.10"
--- a/src/networking/manage_packets.rs
+++ b/src/networking/manage_packets.rs
@@ -568,7 +568,7 @@ pub fn get_capture_result(device: &MyDevice) -> (Option<String>, Option<Capture<
    let cap_result = Capture::from_device(device.to_pcap_device())
        .expect("Capture initialization error\n\r")
        .promisc(true)
-        .snaplen(256) //limit stored packets slice dimension (to keep more in the buffer)
+        .snaplen(u16::MAX as i32) //limit stored packets slice dimension (to keep more in the buffer)
        .immediate_mode(true) //parse packets ASAP!
        .open();
    if cap_result.is_err() {
--- a/src/secondary_threads/parse_packets.rs
+++ b/src/secondary_threads/parse_packets.rs
@@ -22,7 +22,7 @@
 use crate::networking::types::packet_filters_fields::PacketFiltersFields;
 use crate::InfoTraffic;

-/// The calling thread enters in a loop in which it waits for network packets, parses them according
+/// The calling thread enters a loop in which it waits for network packets, parses them according
 /// to the user specified filters, and inserts them into the shared map variable.
 pub fn parse_packets(
    current_capture_id: &Arc<Mutex<usize>>,
@@ -37,6 +37,8 @@ pub fn parse_packets(

    let my_link_type = MyLinkType::from_pcap_link_type(cap.get_datalink());

+    let mut output = cap.savefile("sniffnet.pcap").unwrap();
+
    loop {
        match cap.next_packet() {
            Err(_) => {
@@ -87,10 +89,6 @@ pub fn parse_packets(
                    //increment number of sniffed packets and bytes
                    info_traffic.all_packets += 1;
                    info_traffic.all_bytes += exchanged_bytes;
-                    // update dropped packets number
-                    if let Ok(stats) = cap.stats() {
-                        info_traffic.dropped_packets = stats.dropped;
-                    }

                    if passed_filters {
                        info_traffic.add_packet(exchanged_bytes, new_info.traffic_direction);
@@ -185,6 +183,14 @@ pub fn parse_packets(
                                    new_info.traffic_direction,
                                )
                            });
+
+                        // save this packet to PCAP file
+                        output.write(&packet);
+
+                        // update dropped packets number
+                        if let Ok(stats) = cap.stats() {
+                            info_traffic.dropped_packets = stats.dropped;
+                        }
                    }
                }
            }