[−][src]Crate pcap_parser
PCAP and PCAPNG parsers
This crate contains several parsers for PCAP and PCAPNG files.
The code is available on Github and is part of the Rusticata project.
Example: generic parsing
The following code shows how to parse a file either in PCAP or PCAPNG format.
use pcap_parser::*; use nom::IResult; use std::fs::File; use std::io::Read; let mut file = File::open(path).unwrap(); let mut buffer = Vec::new(); file.read_to_end(&mut buffer).unwrap(); let mut num_packets = 0; // try pcap first match PcapCapture::from_file(&buffer) { Ok(capture) => { println!("Format: PCAP"); for _packet in capture.iter_packets() { num_packets += 1; } return; }, _ => () } // otherwise try pcapng match PcapNGCapture::from_file(&buffer) { Ok(capture) => { println!("Format: PCAPNG"); // most pcaps have one section, with one interface // // global iterator - provides a unified iterator over all // sections and interfaces. It will usually work only if there // is one section with one interface // otherwise, the next iteration code is better for _packet in capture.iter_packets() { // num_packets += 1; } // The following code iterates all sections, for each section // all interfaces, and for each interface all packets. // Note that the link type can be different for each interface! println!("Num sections: {}", capture.sections.len()); for (snum,section) in capture.sections.iter().enumerate() { println!("Section {}:", snum); for (inum,interface) in section.interfaces.iter().enumerate() { println!(" Interface {}:", inum); println!(" Linktype: {:?}", interface.header.linktype); // ... for _packet in section.iter_packets() { num_packets += 1; } } } }, _ => () }
The above code requires the file to be entirely loaded into memory. Other functions in this crate allows for writing streaming parsers. See pcap-tools for examples.
Re-exports
pub use pcap::*; |
pub use pcapng::*; |
Modules
pcap | PCAP file format |
pcapng | PCAPNG file format |
Structs
Linktype | Data link type |
Packet | Packet data |
PacketHeader | Record (Packet) Header |
Traits
Capture | Generic interface for PCAP or PCAPNG file access |