No description

Find a file

Fatih Karahan ce1492ec49 Fix typo in README.md regarding Ethernet Frames		2025-11-27 13:21:52 +03:00
src	add README and explanatory comments	2025-11-27 00:47:31 +03:00
.gitignore	setup BPF filter for parsing	2025-11-27 00:03:27 +03:00
build.zig	setup BPF filter for parsing	2025-11-27 00:03:27 +03:00
build.zig.zon	setup BPF filter for parsing	2025-11-27 00:03:27 +03:00
README.md	Fix typo in README.md regarding Ethernet Frames	2025-11-27 13:21:52 +03:00

README.md

BPF Packet Parser

Disclaimer: This is not a comprehensive or a performant implementation. Consider it as a starting point / reference if needed.

This repository is a simple packet capture program / packet parser. The parsers and packet structures can be found under src/packet/<type>.zig, where each file corresponds to one type of packet, regardless of the layer. Currently the following packets are supported:

BPF packets with headers (reference)
Ethernet Frames (802.3 on Layer 2, no preamble/SFD)
IPv4 datagrams (RFC 791)
ICMP ping packets (RFC 792)

Running

As it stands, the executable part is currently only set up to be run on MacOS and not tested on other platforms. To run, install Zig v15.+ and run the application via sudo zig build run. The BPF setup requires root.

Interesting files

setup.zig contains the setup for the BPF for a given network interface
packet/bpf.zig contains the structure of the BPF headers, which are not very commonly seen.

A great tool to use to parse unsupported packets is packetor.