🦊 Kurama - Network Journey Visualizer

A network diagnostic tool written in Zig that visualizes the complete journey of your network traffic from your computer to any destination.

Features

• DNS Resolution: Resolves domain names to IP addresses
• Network Path Tracing: Shows all network hops (routers) between you and the destination
• Packet Capture: Captures and analyzes TCP packets in real-time
• Protocol Detection: Identifies TCP, TLS, and HTTP protocols
• Clean Output: Beautiful, tree-structured visualization of network flow

Example Output

🦊 Kurama - Network Journey Visualizer
==================================================

[1] DNS Resolution
    example.com -> 93.184.216.34

[2] Network Path (Traceroute)
    1. 192.168.1.1 (2ms) - Your router
    2. 10.x.x.x (15ms) - ISP gateway
    3. 103.x.x.x (45ms) - Destination

[3] Packet Capture
    ├─ TCP SYN → 93.184.216.34:443 (seq=0)
    ├─ TCP SYN-ACK ← 93.184.216.34:443 (seq=0, ack=1)
    ├─ TCP ACK → 93.184.216.34:443 [Connection established]
    ├─ TLS ClientHello → 93.184.216.34:443 (TLS 1.2)
    ├─ TLS ServerHello ← 93.184.216.34:443 (TLS 1.2)
    └─ HTTP GET / HTTP/1.1 → 93.184.216.34:443 [Encrypted]

✓ Journey complete!

Requirements

• Zig 0.15.0 or later (tested with 0.15.2)
• macOS, Linux, or BSD

Building

zig build

Usage

zig build run -- https://example.com

Or build and run separately:

zig build
./zig-out/bin/kurama https://example.com

How It Works

1. DNS Resolution

Uses std.net.getAddressList to resolve domain names to IP addresses, supporting both IPv4 and IPv6.

2. Traceroute

Implements ICMP-based traceroute using raw sockets:

• Sends UDP probes with incrementing TTL values
• Captures ICMP "Time Exceeded" responses from intermediate routers
• Falls back to system traceroute command if raw socket access is denied

3. Packet Capture

Captures TCP packets using raw sockets (SOCK_RAW):

• Parses IP and TCP headers to extract connection information
• Detects protocol types (HTTP, TLS) by analyzing packet payload
• Identifies TCP handshake phases (SYN, SYN-ACK, ACK)
• Recognizes TLS handshake messages

Project Structure

.
├── build.zig           # Build configuration
├── src/
│   ├── main.zig        # Entry point and CLI
│   ├── dns.zig         # DNS resolution
│   ├── traceroute.zig  # Network path tracing
│   ├── sniffer.zig     # Packet capture
│   └── protocol.zig    # Protocol parsing (TCP, TLS, HTTP)
└── README.md

Limitations

• Simulated packets: Shows protocol-accurate simulation of packet flow for demonstration
• IPv4 only: Currently only supports IPv4 addresses
• macOS/Linux: Designed for Unix-like systems
• Educational purpose: This is a portfolio/learning project showcasing systems programming

Testing

Run the test suite:

zig build test

Portfolio Use

This project demonstrates:

• Low-level systems programming in Zig
• Network protocol understanding (TCP/IP, DNS, ICMP, TLS)
• Raw socket programming
• Memory management with allocators
• Error handling patterns
• Clean CLI design

License

MIT

Author

Syaeful Bahri (@harmoniousmoss)

Built with Zig to showcase systems programming skills.