Expand description
Connection packet stream.
This is a connection-level subscription that provides a stream of raw Ethernet frames associated with connections that satisfy the subscription filter in the order of arrival. The callback is invoked once per frame.
§Example
Prints raw packet data from TLS connections on TCP/443 with subdomains of google.com:
#[filter("tcp.port = 443 and tls.sni ~ 'google\\.com$'")]
fn main() {
let config = default_config();
let cb = |frame: ConnectionFrame| {
println!("{:?}", frame.data);
};
let mut runtime = Runtime::new(config, filter, cb).unwrap();
runtime.run();
}§Remarks
The first few packets in the connection may be delivered in sequence order if the subscription’s filter requires Retina to reassemble the stream. Once the filter is satisfied, all remaining packets in the connection are delivered in the order of observation.
Structs§
- Connection
Frame - Ethernet frames in a TCP or UDP connection.