Module pcap_parser::pcap[−][src]

Expand description

PCAP file format

See https://wiki.wireshark.org/Development/LibpcapFileFormat for details.

There are 2 main ways of parsing a PCAP file. The first method is to use parse_pcap. This method requires to load the entire file to memory, and thus may not be good for large files.

The PcapCapture implements the Capture trait to provide generic methods. However, this trait also reads the entire file.

The second method is to first parse the PCAP header using parse_pcap_header, then loop over parse_pcap_frame to get the data. This can be used in a streaming parser.

Structs

LegacyPcapBlock

Container for network data in legacy Pcap files

PcapHeader

PCAP global header

Functions

parse_pcap_frame

Read a PCAP record header and data

parse_pcap_frame_be

Read a PCAP record header and data (big-endian)

parse_pcap_header

Read the PCAP global header