A high-performance network packet analyzer written in Rust. Ferriscope provides real-time packet capture capabilities with an elegant terminal user interface, making network traffic analysis both powerful and user-friendly.
- π Real-time packet capture and analysis
- π₯οΈ Modern terminal user interface powered by ratatui
- π Advanced packet filtering using tcpdump syntax
- π Detailed protocol analysis
- πΎ PCAP file export support (coming soon)
- π‘οΈ Support for common protocols (TCP, UDP, ICMP, DNS)
- π¨ Color-coded packet information (coming soon)
- π Hex dump view with ASCII representation (coming soon)
- Rust and Cargo (install from rustup.rs)
- libpcap development files:
# Ubuntu/Debian sudo apt-get install libpcap-dev # macOS (included in Xcode Command Line Tools) xcode-select --install # Windows # Install Npcap from https://npcap.com/ (with SDK)
-
Clone the repository:
git clone https://github.com/yourusername/ferriscope cd ferriscope -
Install dependencies:
# Ubuntu/Debian sudo apt-get update sudo apt-get install -y build-essential libpcap-dev pkg-config # macOS with Homebrew xcode-select --install brew install libpcap pkg-config # Windows # Download and install Npcap SDK from https://npcap.com/#download # Add the SDK path to your environment variables: # NPCAP_SDK=C:\Path\To\Npcap\SDK
-
Build the project:
# Debug build cargo build # Release build (recommended for better performance) cargo build --release
-
Run the binary:
# Debug build cargo run -- --help # Release build ./target/release/ferriscope --help # With sudo (required for packet capture) sudo ./target/release/ferriscope -i eth0
-
Permission Denied: Run capture with sudo or set capabilities:
sudo setcap cap_net_raw,cap_net_admin=eip target/release/ferriscope
-
Missing libpcap.so: Install libpcap development files:
sudo apt-get install libpcap-dev # Debian/Ubuntu sudo yum install libpcap-devel # RHEL/CentOS sudo dnf install libpcap-devel # Fedora
-
XCode Command Line Tools: Ensure they're installed:
xcode-select --install
-
Homebrew Dependencies: Install required packages:
brew install libpcap pkg-config
-
Npcap SDK Not Found: Set environment variable:
# PowerShell (User) $env:NPCAP_SDK = "C:\Path\To\Npcap\SDK" [System.Environment]::SetEnvironmentVariable("NPCAP_SDK", $env:NPCAP_SDK, "User") # Command Prompt (System) setx NPCAP_SDK "C:\Path\To\Npcap\SDK" /M
-
Missing Visual C++ Build Tools: Install from:
- Visual Studio Installer or
- Microsoft C++ Build Tools
For development with debug symbols and faster compilation:
# Build and run with debug features
cargo run -- -i eth0
# Run tests
cargo test
# Run specific test
cargo test test_packet_captureFor optimal performance and smaller binary size:
# Release build with optimizations
cargo build --release
# Strip debug symbols (Linux/macOS)
strip target/release/ferriscope
# Run with release optimizations
cargo run --release -- -i eth0For building on different target platforms:
# Add target
rustup target add x86_64-unknown-linux-musl
# Build for Linux with static linking
cargo build --target x86_64-unknown-linux-musl --release
# Build for Windows (from Linux/macOS)
cargo build --target x86_64-pc-windows-gnu --release# List all available network interfaces
sudo ferriscope
# Start capturing on a specific interface
sudo ferriscope -i eth0
# Capture with a filter (tcpdump syntax)
sudo ferriscope -i eth0 -f "tcp port 80"
# Save capture to file
sudo ferriscope -i eth0 -o capture.pcap# HTTP traffic
sudo ferriscope -i eth0 -f "tcp port 80 or tcp port 443"
# DNS queries
sudo ferriscope -i eth0 -f "udp port 53"
# ICMP (ping) traffic
sudo ferriscope -i eth0 -f "icmp"
# Traffic from/to specific host
sudo ferriscope -i eth0 -f "host 192.168.1.1"
# Traffic on specific ports
sudo ferriscope -i eth0 -f "port 22 or port 80"
# Complex filters
sudo ferriscope -i eth0 -f "tcp[tcpflags] & (tcp-syn|tcp-fin) != 0"
# Filter by packet size
sudo ferriscope -i eth0 -f "greater 1000"
# Exclude certain traffic
sudo ferriscope -i eth0 -f "not port 22"# Build and run (debug)
cargo build
sudo ./target/debug/ferriscope -i eth0
# Build and run (release)
cargo build --release
sudo ./target/release/ferriscope -i eth0
# Run tests
cargo test
# Run specific test
cargo test test_packet_captureβ/β - Navigate through packets
q - Quit application
Ctrl+C - Exit program
# Set capabilities (alternative to sudo)
sudo setcap cap_net_raw,cap_net_admin=eip target/release/ferriscope
# List available interfaces
ip link show# List available interfaces
networksetup -listallhardwareports
# Common interface names
en0 - Wi-Fi
en1 - Thunderbolt Ethernet
lo0 - Loopback# List available interfaces
Get-NetAdapter
# Run capture
.\ferriscope.exe -i Ethernet- Use specific filters to reduce CPU load
- Monitor terminal output for performance warnings
- Save to file for long-term analysis
- Use interface name from system's network configuration
- Check permissions if capture fails to start
The full documentation is available at:
# Run all benchmarks
sudo -E cargo bench
# Run specific benchmark
sudo -E cargo bench capture_benchFor consistent benchmark environments across different machines, you can use Docker:
# Clean up any existing containers
docker-compose down -v
# Build fresh image
docker-compose build --no-cache
# Run benchmarks
docker-compose run benchThe Docker setup ensures:
- Consistent environment for benchmarking
- Required dependencies are installed
- Network interfaces are properly configured
- Appropriate permissions for packet capture
- Default sample size: 10
- Measurement time: 1 second per iteration
- Captures packets on loopback interface
- Tests both filtered and unfiltered capture