Crate pcap [] [src]

pcap is a packet capture library available on Linux, Windows and Mac. This crate supports creating and configuring capture contexts, sniffing packets, sending packets to interfaces, listing devices, and recording packet captures to pcap-format dump files.

Capturing packets

The easiest way to open an active capture handle and begin sniffing is to use .open() on a Device. You can obtain the "default" device using Device::lookup(), or you can obtain the device(s) you need via Device::list().

use pcap::Device;

fn main() {
    let mut cap = Device::lookup().unwrap().open().unwrap();

    while let Ok(packet) = cap.next() {
        println!("received packet! {:?}", packet);
    }
}

Capture's .next() will produce a Packet which can be dereferenced to access the &[u8] packet contents.

Custom configuration

You may want to configure the timeout, snaplen or other parameters for the capture handle. In this case, use Capture::from_device() to obtain a Capture<Inactive>, and proceed to configure the capture handle. When you're finished, run .open() on it to turn it into a Capture<Active>.

use pcap::{Device,Capture};

fn main() {
    let main_device = Device::lookup().unwrap();
    let mut cap = Capture::from_device(main_device).unwrap()
                      .promisc(true)
                      .snaplen(5000)
                      .open().unwrap();

    while let Ok(packet) = cap.next() {
        println!("received packet! {:?}", packet);
    }
}

Structs

Capture

This is a pcap capture handle which is an abstraction over the pcap_t provided by pcap. There are many ways to instantiate and interact with a pcap handle, so phantom types are used to express these behaviors.

Device

A network device name and (potentially) pcap's description of it.

Linktype

This is a datalink link type.

Packet

Represents a packet returned from pcap.

PacketHeader

Represents a packet header provided by pcap, including the timeval, caplen and len.

Savefile

Abstraction for writing pcap savefiles, which can be read afterwards via Capture::from_file().

Stat

Enums

Active

Phantom type representing an active capture handle.

Dead

Phantom type representing a dead capture handle. This can be use to create new save files that are not generated from an active capture. Implements Activated because it behaves nearly the same as a live handle.

Direction
Error

An error received from pcap

Inactive

Phantom type representing an inactive capture handle.

Offline

Phantom type representing an offline capture handle, from a pcap dump file. Implements Activated because it behaves nearly the same as a live handle.

Precision
TimestampType

Traits

Activated
State

Captures can be in different states at different times, and in these states they may or may not have particular capabilities. This trait is implemented by phantom types which allows us to punt these invariants to the type system to avoid runtime errors.

Functions

open_raw_fd

Type Definitions

TstampType [
Deprecated
]