Module pcap_parser::pcap

Expand description

PCAP file format

See https://wiki.wireshark.org/Development/LibpcapFileFormat for details.

There are 2 main ways of parsing a PCAP file. The first method is to use parse_pcap. This method requires to load the entire file to memory, and thus may not be good for large files.

The PcapCapture implements the Capture trait to provide generic methods. However, this trait also reads the entire file.

The second method is to first parse the PCAP header using parse_pcap_header, then loop over parse_pcap_frame to get the data. This can be used in a streaming parser.

Structs§

LegacyPcapBlock
Container for network data in legacy Pcap files
PcapHeader
PCAP global header

Functions§

parse_pcap_frame
Read a PCAP record header and data
parse_pcap_frame_be
Read a PCAP record header and data (big-endian)
parse_pcap_header
Read the PCAP global header