Hacker News new | ask | show | jobs
by LinuxBender 1301 days ago
This looks interesting as an alternative to Wireshark. I noticed in the readme it has a menu to select "TCP", "UDP" or "both". If you select "All Protocols" does it also show ESP/IPSec or does it show ESP as "other"? The reason I ask is due to some cell phones encapsulating some traffic in a VPN tunnel unless it is blocked at which point I see it fall back to encapsulated UDP tunnels.
1 comments
GyulyVGC 1300 days ago
For the moment, upper protocols are determined just by looking at the port numbers, so it is likely that the protocols you mentioned would be shown as "Other". I know this is not the best method to determine app protocols, but otherwise it would have been too complex to detect specific layer 7 protocols.
link
LinuxBender 1300 days ago
Makes sense. I am not a proper developer so I can not comment how difficult it would be to add that level of dissection in Rust. Here [1] is a page that describes how to utilize libpcap but I have no idea if that would be helpful or how difficult it would be to port this to Rust.

[1] - https://www.tcpdump.org/pcap.html

link