I’ve released a family of open source Swift SwiftUI apps and packages for Ethernet Frame / Network Packet capture and analysis.
You don’t need to do low-level network programming in C. You can do it in Swift!
Available in the MacOS App store, “Etherdump Lite” decodes .pcap and .pcapng packet captures made with other tools (such as tcpdump or Wireshark). This version does not directly capture packets (per Mac App Store sandbox restrictions).
The full version, “Etherdump”, supports direct packet captures (assuming your user account has read-access to /dev/bpf*, see the help for details). The binary is notarized by Apple and free for download at Etherdump index
Etherdump and Etherdump Lite are implemented in Swift and SwiftUI. Source code is at GitHub - darrellroot/Etherdump: A GUI tool for capturing and analyzing network packets
PackageEtherCapture is a Swift package for MacOS which wraps the C PCAP libraries, allowing convenient capture of ethernet frames and network packets from a Swift MacOS Application (non-sandboxed). It vends a Frame hierarchical data structure with the network protocols decoded. GitHub - darrellroot/PackageEtherCapture: Swift Package for capturing ethernet frames and putting them into a data structure
PackageSwiftPcapng : A swift package for parsing .pcap and .pcapng files (the standard output format generated by packet capture tools such as tcpdump and Wireshark). PackageSwiftPcapng is designed to make it easy to get the packet data out of the .pcap/.pcapng files for protocol decode by PackageEtherCapture. GitHub - darrellroot/PackageSwiftPcapng
At this time the following protocol decodes are supported:
Layer 2: Ethernet, 802.3, 802.2 SNAP
Layer 2+: ARP, BPDU, CDP, LLDP
Layer 3: IPv4, IPv6
Layer 4: TCP, UDP, ICMPv4, ICMPv6
Additional decodes are under active development. Warning: The Frame data structure vended by PackageEtherCapture is constantly changing, so develop against a specific package version rather than “latest version”.
Darrell
email: feedback AT networkmom.net