I'm delighted to announce that Sniffnet v1.4 is finally available!
For those of you that still don't know it, Sniffnet is an open-source, cross-platform, Rust-based application enabling you to comfortably monitor Internet traffic (official website | GitHub repository).
This major release brings a bunch of improvements and fixes, making Sniffnet more powerful and reliable than ever before.
One of the most exciting new features is the ability to process network data from PCAP files in addition to network adapters.
PCAP (Packet Capture) is a standardized file format for storing network traffic data, widely used by many renowned network analysis tools, including tcpdump and Wireshark (the de-facto standard when it comes to network packet analyzers).
Supporting PCAP files import not only makes Sniffnet fully compatible with other network monitoring tools, but also enables to inspect historical data, which is crucial for troubleshooting and network forensics.
It takes just about 25 seconds for Sniffnet to process a 1.6 GB file (2.6 million packets) on an 8-years old MacBook Air (1,8 GHz Dual-Core Intel Core i5).
This corresponds to more than 100k packets per second, making it 2.2 times faster than Wireshark on the same machine, which takes about 55 seconds to process the file.
Not only Sniffnet is faster, but it also allows to preview and interact with the data while it's being processed, as opposed to Wireshark that requires the whole file to be parsed before displaying any information.
This is a notable feature, especially for large files, as it permits you to start examining the traffic immediately, without waiting for the entire file to be read.
But... how is Sniffnet this fast?
Part of the reason is that Sniffnet is based on the Rust programming language (well-known for its efficiency), but this doesn't tell the whole story.
In fact Wireshark is written in C that, despite not being as safe as Rust, is still characterized by top-tier performance.
Additionally, Sniffnet uses the pcap crate to process data, which is just a Rust binding library to libpcap (the same underlying engine used by Wireshark).
What really sets Sniffnet apart is that it takes a different approach to process network data: instead of parsing the full packets' payloads, it focuses on extracting only the most relevant fields from the packets' headers, such as IP addresses, ports, and protocols.
This minimal amount of information is then used to infer other details like countries, domain names, autonomous systems names, upper layer services, and more.
Considering that nowadays more than 90% of the web traffic uses TLS, this strategy enables having huge performance gains without losing much relevant information: if payloads are encrypted, no meaningful data can be discerned from them anyway.
Besides supporting PCAP files, Sniffnet 1.4 introduces several other features, including:
- support for ARP protocol
- a donut chart reporting overall traffic statistics
- identification and tagging of unassigned/reserved "bogon" IP addresses
- new default themes based on palettes optimized for Accessibility
- enhanced notifications including more details about each event
These are just some of the most relevant changes introduced in this release.
For more details, you can check the release page on GitHub.
Top comments (1)
bug - W10 - 64
