[][src]Module pcap_parser::pcapng

PCAPNG file format

See https://github.com/pcapng/pcapng for details.

There are 2 main ways of parsing a PCAPNG file. The first method is to use parse_pcapng. This method requires to load the entire file to memory, and thus may not be good for large files.

The PcapNGCapture implements the Capture trait to provide generic methods. However, this trait also reads the entire file.

The second method is to loop over parse_block and match the result. The first block should be a Section header, then there should be one or more interfaces, etc. This can be used in a streaming parser.

Structs

CustomBlock
EnhancedPacketBlock
InterfaceBlockIterator
InterfaceDescriptionBlock
InterfaceStatisticsBlock
NameRecord
NameResolutionBlock
OptionCode
PcapNGHeader
PcapNGOption
Section

A Section (including all blocks) from a PcapNG file

SectionBlockIterator
SectionHeaderBlock
SimplePacketBlock
UnknownBlock

Enums

Block

A block from a PcapNG file

Constants

BOM_MAGIC

Byte Order magic

CB_MAGIC

Custom Block magic

DCB_MAGIC

Do-not-copy Custom Block magic

EPB_MAGIC

Enhanced Packet Block magic

IDB_MAGIC

Interface Description Block magic

ISB_MAGIC

Interface Statistic Block magic

NRB_MAGIC

Name Resolution Block magic

SHB_MAGIC

Section Header Block magic

SPB_MAGIC

Simple Packet Block magic

Functions

build_ts

Given the timestamp parameters, return the timestamp seconds, fractional part and precision (unit) of the fractional part.

parse_block

Parse any block, as little-endian

parse_block_be

Parse any block, as big-endian

parse_customblock
parse_customblock_be
parse_enhancedpacketblock
parse_enhancedpacketblock_be
parse_interfacedescription
parse_interfacedescription_be
parse_interfacedescriptionblock
parse_interfacedescriptionblock_be
parse_interfacestatisticsblock
parse_interfacestatisticsblock_be
parse_nameresolutionblock
parse_nameresolutionblock_be
parse_option
parse_option_be
parse_section

Parse one section

parse_section_content_block

Parse any block from a section

parse_section_content_block_be

Parse any block from a section (big-endian version)

parse_sectionheader
parse_sectionheaderblock
parse_sectionheaderblock_be
parse_sectionheaderblock_le
parse_sections

Parse multiple sections

parse_simplepacketblock

Parse a Simple Packet Block

parse_simplepacketblock_be

Parse a Simple Packet Block (big-endian)

parse_unknownblock
parse_unknownblock_be