[−][src]Module pcap_parser::pcap
PCAP file format
See https://wiki.wireshark.org/Development/LibpcapFileFormat for details.
There are 2 main ways of parsing a PCAP file. The first method is to use
parse_pcap. This method requires to load the entire
file to memory, and thus may not be good for large files.
The PcapCapture implements the
Capture trait to provide generic methods. However,
this trait also reads the entire file.
The second method is to first parse the PCAP header
using parse_pcap_header, then
loop over parse_pcap_frame to get the data.
This can be used in a streaming parser.
Structs
| LegacyPcapBlock | Container for network data in legacy Pcap files |
| PcapHeader | PCAP global header |
Functions
| parse_pcap_frame | Read a PCAP record header and data |
| parse_pcap_frame_be | Read a PCAP record header and data (big-endian) |
| parse_pcap_header | Read the PCAP global header |