[−][src]Module pcap_parser::pcap
PCAP file format
See https://wiki.wireshark.org/Development/LibpcapFileFormat for details.
There are 2 main ways of parsing a PCAP file. The first method is to use
parse_pcap
. This method requires to load the entire
file to memory, and thus may not be good for large files.
The PcapCapture
implements the
Capture
trait to provide generic methods. However,
this trait also reads the entire file.
The second method is to first parse the PCAP header
using parse_pcap_header
, then
loop over parse_pcap_frame
to get the data.
This can be used in a streaming parser.
Structs
LegacyPcapBlock | Container for network data in legacy Pcap files |
PcapHeader | PCAP global header |
Functions
parse_pcap_frame | Read a PCAP record header and data |
parse_pcap_frame_be | Read a PCAP record header and data (big-endian) |
parse_pcap_header | Read the PCAP global header |