p
pktana
GitHub
Current release v0.3.1

See every packet with clarity.

pktana is a modern Linux packet analyzer built for network engineers, SREs, and infrastructure teams who need fast packet inspection, clean protocol visibility, flow intelligence, and a practical path from debugging to production observability.

View Project Explore Features
Rust memory-safe systems implementation
L2-L7 packet and flow visibility roadmap
Linux built for real ops workflows
P pktana
Product Story

A cleaner way to inspect Linux network traffic.

pktana is designed to reduce the gap between low-level packet debugging and day-to-day operational visibility. Instead of jumping between multiple command-line utilities and handwritten scripts, pktana aims to give developers and operators a focused workspace for packet decoding, protocol summaries, capture workflows, and future dataplane observability.

The project is built in Rust because packet tooling needs both performance and safety. Packet analyzers operate on untrusted inputs, and memory-safe parsing matters when the tool is expected to grow into a serious production-grade platform.

Today, pktana already provides a strong MVP foundation with raw frame decoding, protocol parsing, flow summaries, batch input modes, and optional live capture through feature-gated pcap support.

The long-term vision is larger: a Linux-native packet analysis platform with richer L2-L7 decoding, native capture paths, better operational packaging, and a more complete observability experience for real infrastructure teams.

Rust safe parsing and systems-grade performance
MVP working parser, flows, CLI, and packaging scripts
Linux-first designed around real server and infrastructure usage
Extensible clear path toward deeper protocol coverage
Install

Install instantly on your Linux system.

Current release: v0.3.1. Install pktana directly with a single RPM command on RHEL 9, Rocky Linux, AlmaLinux, and CentOS Stream 9 compatible systems. Also published on crates.io.

Install with dnf:

sudo dnf install \ https://github.com/omnayak27199/pktana/releases/latest/download/pktana-0.3.1-1.el9.x86_64.rpm

Use as a Rust library:

cargo add pktana-core # core DPI engine cargo add pktana-cli # full CLI binary
๐Ÿ“ฆ pktana-cli on crates.io ๐Ÿ“ฆ pktana-core on crates.io ๐ŸŒ pktana.online
Core Features

Production-grade packet analysis, today.

pktana v0.3.1 is a fully capable packet analysis platform. The core and CLI are split across two crates for reusability, with deep protocol coverage, live DPI, risk scoring, and a Wireshark-style TUI โ€” all in a single static binary.

01

Full L2โ€“L7 DPI

Ethernet, ARP, IPv4, IPv6, TCP, UDP, ICMP, TLS, HTTP, DNS, QUIC, HTTP/2, gRPC, WebSocket, SSH, SIP, NTP, BGP โ€” decoded in one pass.

02

TLS Fingerprinting (JA3)

Full ClientHello parse: cipher suites, extensions, elliptic curves, ALPN. JA3 raw string generated for every TLS handshake. GREASE values filtered automatically.

03

Tunnel inner-frame re-inspection

VXLAN, GRE, and Geneve inner frames are fully re-decoded including inner IPs, ports, and application protocol โ€” not just outer headers.

04

Risk scoring & classification

0โ€“100 composite risk score per packet and per flow. Catches deprecated TLS, SSHv1, NTP amplification, high-entropy DNS (DGA detection), NULL scans, and more.

05

PCAP file support

Record live traffic to a file, parse any .pcap / .pcapng / .cap file with full DPI, or browse it interactively in the TUI โ€” no root needed for offline analysis.

06

Wireshark-style TUI

Full-screen terminal dashboard with live packet table, protocol breakdown, top-talker GeoIP, flow detail popup (layers + hex dump), and offline pcap browsing.

07

Replaces 8+ tools

One binary covers tcpdump, ethtool, ss, netstat, ip route, ip link, iftop, and geoiplookup. Reads sysfs/procfs โ€” no external binaries required.

08

XDP / DPDK / SR-IOV detection

Probes the NIC dataplane path to detect XDP programs, AF_XDP zero-copy sockets, DPDK userspace bindings, SR-IOV PF/VF roles, and hardware offload status.

09

GeoIP โ€” offline, no API

Country and continent lookup for every remote IP in live capture, TUI top-talker list, and connection table. No network call, no key required.

How It Works

From raw bytes to deep packet intelligence.

pktana ingests traffic from the wire or a pcap file, decodes every frame through a full L2โ€“L7 pipeline, enriches each packet with DPI, risk scoring, GeoIP, and tunnel re-inspection, then surfaces it in the CLI or TUI.

What pktana does today

  • Live capture on any interface with BPF filter support
  • Full L2โ€“L7 decode: Ethernet, ARP, IPv4, IPv6, TCP, UDP, ICMP, TLS, HTTP, DNS, QUIC, HTTP/2, gRPC, WebSocket, SSH, SIP, NTP, BGP
  • JA3 TLS fingerprinting, ALPN extraction, cipher suite listing
  • Tunnel inner-frame re-inspection: VXLAN, GRE, Geneve
  • Risk scoring (0โ€“100) and app category classification per packet
  • Record live traffic to .pcap, analyse any pcap offline, browse in TUI
  • GeoIP country lookup โ€” offline, no API key needed
  • XDP / DPDK / SR-IOV / AF_XDP dataplane detection
  • Replaces: tcpdump, ethtool, ss, netstat, ip route, ip link, iftop, geoiplookup

What's next

  • Stream reassembly and TCP session state tracking
  • eBPF / XDP native capture path (no libpcap dependency)
  • Indexed flow store with time-range queries
  • Web dashboard for remote packet analysis
  • REST API for integration with observability pipelines
  • PCAPNG metadata, comments, and interface blocks
  • Plugin architecture for custom protocol dissectors
Roadmap

Strong foundation. Clear path forward.

v0.3.1 already delivers full L2โ€“L7 DPI, JA3, tunnel re-inspection, risk scoring, TUI, and pcap support. Here's what comes next.

Stream Reassembly

TCP session state tracking, stream reassembly, and per-stream application-layer decode for HTTP, TLS, and other connection-oriented protocols.

eBPF / XDP Capture

Native Linux capture path using eBPF and XDP โ€” no libpcap dependency, lower overhead, and the ability to attach at the driver level before sk_buff allocation.

Indexed Flow Store

Persistent flow storage with time-range queries, so operators can go back and inspect traffic from any point in time without replaying pcap files.

Web Dashboard & API

A browser-based interface and REST API for remote packet analysis, team collaboration, and integration with existing observability and SIEM pipelines.

Reviews

Share what you think about pktana.

Visitors can leave a review directly on the page. Reviews submitted here are published below immediately and stored in the browser for this site experience.

โ˜…โ˜…โ˜…โ˜…โ˜…

pktana speaks directly to engineers who want clean Linux packet visibility without the usual fragmented workflow across too many tools.

Early project impression
โ˜…โ˜…โ˜…โ˜…โ˜…

The product story is strong because it combines packet analysis, flow summaries, Linux-first deployment, and a serious roadmap for deeper protocol support.

Open-source viewer feedback
โ˜…โ˜…โ˜…โ˜…โ˜…

The architecture feels intentional. A reusable core parser plus a CLI workflow makes pktana look like a strong foundation for a bigger observability platform.

Systems engineering perspective

Post your review

Rating
Review published successfully.
Contact

Build pktana into a real packet-analysis platform.

If you want feedback, collaboration, consulting help, or just a sharper open-source presentation for the project, this page can be the start of a much more polished product presence.

Email

omnayak27199@gmail.com

Phone

+91 8966902655

GitHub

github.com/omnayak27199/pktana