"Etherdump" family of open source packet capture applications and Swift packages

I’ve released a family of open source Swift SwiftUI apps and packages for Ethernet Frame / Network Packet capture and analysis.

You don’t need to do low-level network programming in C. You can do it in Swift!

Available in the MacOS App store, “Etherdump Lite” decodes .pcap and .pcapng packet captures made with other tools (such as tcpdump or Wireshark). This version does not directly capture packets (per Mac App Store sandbox restrictions).

The full version, “Etherdump”, supports direct packet captures (assuming your user account has read-access to /dev/bpf*, see the help for details). The binary is notarized by Apple and free for download at Etherdump index

Etherdump and Etherdump Lite are implemented in Swift and SwiftUI. Source code is at GitHub - darrellroot/Etherdump: A GUI tool for capturing and analyzing network packets

PackageEtherCapture is a Swift package for MacOS which wraps the C PCAP libraries, allowing convenient capture of ethernet frames and network packets from a Swift MacOS Application (non-sandboxed). It vends a Frame hierarchical data structure with the network protocols decoded. GitHub - darrellroot/PackageEtherCapture: Swift Package for capturing ethernet frames and putting them into a data structure

PackageSwiftPcapng : A swift package for parsing .pcap and .pcapng files (the standard output format generated by packet capture tools such as tcpdump and Wireshark). PackageSwiftPcapng is designed to make it easy to get the packet data out of the .pcap/.pcapng files for protocol decode by PackageEtherCapture. GitHub - darrellroot/PackageSwiftPcapng

At this time the following protocol decodes are supported:

Layer 2: Ethernet, 802.3, 802.2 SNAP
Layer 2+: ARP, BPDU, CDP, LLDP
Layer 3: IPv4, IPv6
Layer 4: TCP, UDP, ICMPv4, ICMPv6

Additional decodes are under active development. Warning: The Frame data structure vended by PackageEtherCapture is constantly changing, so develop against a specific package version rather than “latest version”.

Darrell
email: feedback AT networkmom.net
Screen Shot 2020-03-23 at 11.20.38 PM

1 Like

Thank you for sharing your projects @darrellr! Open source and having it in SwiftUI is awesome.

1 Like

This topic was automatically closed after 166 days. New replies are no longer allowed.