Announcing the "Etherdump" family of open source packet capture applications and Swift packages
I'm pleased to announce my latest project: a set of open source applications and Swift packages for network protocol display and analysis:
• "Etherdump": A MacOS App for capturing and displaying ethernet frames and network packets. Binary notarized by Apple and free for download from https://networkmom.net/etherdump/ Source code on Github: https://github.com/darrellroot/Etherdump
• "Etherdump Lite": A "lite" version of Etherdump which displays packet captures made by other tools (such as tcpdump or Wireshark). Does not directly capture packets (per Mac App Store sandbox restrictions). Free in the MacOS App Store. https://apps.apple.com/us/app/etherdump-lite/id1501736329
"etherdump CLI": A command-line version of etherdump intended as a Swift replacement for tcpdump. Open source at: https://github.com/darrellroot/etherdump-CLI
PackageEtherCapture: A Swift package for MacOS which wraps the C PCAP libraries, allowing convenient capture of ethernet frames and network packets from a Swift MacOS Application. It vends a Frame hierarchical data structure with the network protocols decoded. https://github.com/darrellroot/PackageEtherCapture Below is a test case showing PackageEtherCapture decoding an Ethernet Frame containing an IPv6 packet into a data structure.
PackageSwiftPcapng: A swift package for parsing .pcap and .pcapng files (the standard output format generated by packet capture tools such as tcpdump and Wireshark). PackageSwiftPcapng is designed to make it easy to get the packet data out of the .pcap/.pcapng files for protocol decode by PackageEtherCapture.
Protocols Supported:
As of 11 March 2020, the Etherdump family supports the following protocol decodes:
- Layer2: Ethernet, 802.3, 802.2 SNAP
- Layer 2+: ARP, BPDU, CDP, LLDP
- Layer 3: IPv4, IPv6
- Layer 4: TCP, UDP, ICMPv4, ICMPv6
Additional decodes are under active development. Decoding network protocols is an excellent Computer Science project and we welcome (but will carefully review) pull requests.
About Wireshark:
The leading packet capture tool is Wireshark. Developed for over 20 years, Wireshark is an indispensable network troubleshooting tool. While Etherdump is not in Wireshark's league, we are pleased to demonstrate low-level network programming in Swift. We hope PackageEtherCapture will help the development of competitive network analyzers implemented in Swift and SwiftUI.
#Swift #OpenSource #SwiftUI #IPv6 #MacOS
Hmm, I see you are in California, US, and I am as well. App store link says the app is not available in our country/region. Is it a compatibility issue with newer macOS version or requirements have changed for App Store submissions? Since it has been a few years since this blog post.