IHE-RO-Tooling/dicom-trace
IHE-RO-Tooling/dicom-trace
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
A tool to trace DICOM communication via DIMSE or DICOMWeb
6 commits 1 branch 0 tags 116 KiB
  • Rust 99.9%
  • Shell 0.1%
Find a file
Exact
zees b853805a27 chore: attribution for icon
2026-04-27 20:47:54 +02:00
.vscode fix: multiple bug fixes 2026-04-27 20:37:46 +02:00
doc chore: initial docs 2026-04-27 14:26:09 +02:00
src fix: multiple bug fixes 2026-04-27 20:37:46 +02:00
.gitignore feat: initial feature set 2026-04-27 16:57:48 +02:00
Cargo.toml fix: multiple bug fixes 2026-04-27 20:37:46 +02:00
LICENSE Initial commit 2026-04-27 14:18:27 +02:00
README.md chore: attribution for icon 2026-04-27 20:47:54 +02:00
run.sh fix: multiple bug fixes 2026-04-27 20:37:46 +02:00

README.md

dicom-trace

A passive network sniffer for DICOM traffic with a graphical user interface. Captures and decodes DIMSE protocol messages (C-FIND, C-STORE, C-MOVE, C-GET, C-ECHO, A-ASSOCIATE, A-RELEASE) in real time without any proxy or modification of the network traffic.

Features

  • Passive capture — listens on a network interface using libpcap, zero impact on the DICOM connection
  • TCP reassembly — handles fragmented PDUs, out-of-order segments, and retransmissions
  • DIMSE decoding — parses all standard PDU types and DIMSE command sets including the query/response datasets
  • Dataset display — shows DICOM tags with known names, supports Implicit VR LE and Explicit VR LE
  • Association tree — events are grouped by DICOM association in a collapsible list
  • C-STORE export — captured instances can be saved as .dcm files or opened directly in a DICOM browser
  • IP filter — restrict capture to traffic between specific hosts
  • Text search — filter events by command type or AE title

Requirements

  • Linux (tested), macOS, Windows
  • libpcap / Npcap installed
  • CAP_NET_RAW capability or root for packet capture

Building

cargo build --release

Running

The binary needs raw socket access. On Linux, set the capability once after each build:

cargo build
sudo setcap cap_net_raw+ep target/debug/dicom-trace
./target/debug/dicom-trace

Or use the helper script:

./run.sh

Usage

  1. Select a network interface from the dropdown (use lo for localhost traffic)
  2. Optionally enter IP addresses to filter traffic between specific hosts
  3. Click Start to begin capture
  4. DICOM associations appear as collapsible nodes; click any event to see its details
  5. Click Stop to end capture; Clear to reset

Architecture

pcap thread  →  pipeline thread  →  egui main thread
  (libpcap)     (TCP reassembly      (event store +
                 + DIMSE dissector)   UI rendering)

Communication between threads uses bounded mpsc channels. The dissector maintains per-stream state for PDU reassembly and accumulates P-DATA fragments before emitting events.

Log file

Debug output is written to /tmp/dicom-trace.log on every run.

Icon

Traceability icons created by mia elysia - Flaticon.