During a recent project involving listening research for cyber security, I came across the need to build a utility that could ‘fingerprint’ TCP connections for analysis. My use case was specifically around honeypots and making those ‘listening’ sensors, so I needed something realtime, no dependencies and light-weight. Many of the tools out there are written in C, hard to maintain and have alot of dependencies in order to read the packets and process.
I wrote my own using RUST and it involves it’s own network tap using the pnet crate and logs the fingerprint as well as the pcaps. If you don’t need the pcap, you can send them to /dev/null.
Here is the repo: