Touka banner

Touka

Created by: Pratik
8 devlogs
37h 16m 6s

Browser based packet analysis tool like wireshark to analyse PCAP files.
Made with NO external library for analysis or parsing, all hand written.

If you have no idea about packet analysis or wireshark i would recommend asking ChatGPT or watc…

Browser based packet analysis tool like wireshark to analyse PCAP files.
Made with NO external library for analysis or parsing, all hand written.

If you have no idea about packet analysis or wireshark i would recommend asking ChatGPT or watching a video to understand before voting :3

This project uses AI

ChatGPT was used to:

  • Debug and come up with better way to show data
  • Understand packet structure

AI WAS NOT USED TO WRITE CODE EXCEPT MINIMAL TAILWIND CLASSES!

Demo Repository

README

Loading README...
Pratik
Pratik shipped Touka
about 3 hours ago

Shipped this project!

I built Touka, a packet analyser like Wireshark.
It reads PCAP file and parses the packets all by itself with no help from external libraries.

The hardest part was the beginning lol, parsing global header and going down on packet tree parsing on each layer byte-by-byte using a custom BinaryReader class, took 11 hours as i had to change structure many times to figure out the correct way to do it

Right now it can parse:

  • Link Layer: Ethernet Frame
  • Network Layer: IPv4, IPv6, ARP
  • Transport Layer: TCP, UDP, ICMPv4, ICMPv6

it has 3 panes just like wiresharkf for packet list, packet details, and hex dump pane to see raw data

Pratik
Pratik worked on Touka
about 6 hours ago
1h 6m logged

Smol things added

  • added pcap generation code using python
  • added sample test file on UI
  • added error on uploading non-PCAP files
  • updated dev note
Attachment
0
Pratik
Pratik worked on Touka
about 14 hours ago
6h 12m logged

Completed Hex Dump Pane

oof, it was very tiring

  • started hex work with builders giving absolute offse but it was having lots of problems
  • converted absolute offsets to relative which will be added with protocol’s offset to get absolute
  • created 3 columns in hex pane to show binary ascii and hex
  • added hex highlighting when clicked/field clicked and vice versa
  • added a tool tip to show offset
  • had to rewrite entire hex dump pane because i was having so much problem with absolute offsets and console logs and stuff were everywhere lol

stable now tho!

Attachment
0
Pratik
Pratik worked on Touka
3 days ago
1h 36m logged

UI Update 33

  • connected builder functions to UI
  • now all protocol contents are shown in packet details pane

yay

Attachment
0
Pratik
Pratik worked on Touka
5 days ago
4h 30m logged

Internal updates

  • made “Details Builder” function which takes a packet and gives it’s details of the protocols in a flat array like [link, network, transport], it will be used to show data on UI
  • controlled easily using registry i made just like parsing functions
  • preparation for packet details pane (currently named protocol tree, will change it)
  • made ICMP and ICMPv6 save icmpType in the struct too for ease in details building
  • removed the type flag: number from IPv4 and made it a boolean object, which is eaiser to understand and corrct way to do it
  • fixed a typo in etherTypes constant

image is of an ARP packet, showing protocol details of both Link layer (ethernet) and Network layer (ARP)

Attachment
0
Pratik
Pratik worked on Touka
7 days ago
4h 37m logged

UI Update

  • made the 3 pane UI layout
  • made resize hanldes for all 3 panes
  • completed packet list pane, used @tanstack/react-virtual to show the packets
  • added colors for each protocol, makes it so beautiful
  • removed an ugly scroll bar using webkit
Attachment
0
Pratik
Pratik worked on Touka
9 days ago
5h 16m logged

Parsers and thingamajigs updates:

  • added parser for ICMPv4
  • added parser for ICMPv6
  • added parser for IPv6
  • added parser for ARP
  • updated types to include raw bytes along side other data too so i can show it on a hex pane like wireshark
  • added definition look table for codes and types of packets: ARP, ICMPv4, IP Protocols (shared between IPv4 and IPv6), Link types, and application layer ports
Attachment
Attachment
Attachment
0
Pratik
Pratik worked on Touka
11 days ago
11h 28m logged

lots of stuff sob-wx

  • created a BinaryReader class to easily read PCAP files, passing the buffer through DataView API and using UInt8Array in some places too
  • made structs for typing the data, like PacketHeader, GlobalHeader, EthernetFrame, IPv4Packet, etc
  • created parsers for PCAP file global header
  • created parser for packet headers
  • started working on ethernet link type dissector in which i built parsers for Link Layer, Network Layer, and Transport Layer
  • Link layer parsers: parseEthernet (ethernet frames)
  • Network layer parsers: parseIPv4
  • Transport layer parsers: parseTCP and parseUDP

nothing worked.

Refactored EVERYTHING

  • this time started from bottom most parser, network layer stuff that is, then went up towards link layer
  • while refactoring identified the problem which was in ethernet frame parser function parseEthernet where i was doing rawPayload = reader.readBytes(1500); which is wrong, because 1500 bytes is the theoretical upper limit of payload size in ethernet frame
  • fixed the problem by creating a function in reader class readRemaining which reads the remaining bytes by calculating total packet size - offset, exactly needed this
  • fixed the file structure of dissectors, bad structure was also one reason last time stuff didnt work

it works now.

–

things left to do:

  1. complete network layer parsers: IPv6, ARP
  2. complete transport layer parsers: ICMP
  3. start working on TCP packet reassembly for application layer parsing

sorry for bad pic, i could’ve edited it to show better but i have to GOO T___T

Attachment
Attachment
0