[−][src]Crate pcap_parser
PCAP and PCAPNG parsers
This crate contains several parsers for PCAP and PCAPNG files.
Compared to other similar projects, it is designed to offer a complete support of the many possible formats (legacy pcap, pcapng, little or big-endian, etc.) and features (pcanpng files with multiple sections, interfaces, and endianness) while using only safe code and without copying data (zero-copy).
The code is available on Github and is part of the Rusticata project.
Example: streaming parsers
The following code shows how to parse a file in the pcap-ng format, using a PcapNGReader streaming parser.
use pcap_parser::*; use pcap_parser::traits::PcapReaderIterator; use nom::ErrorKind; use std::fs::File; use std::io::Read; let mut file = File::open(path).unwrap(); let mut num_blocks = 0; let mut reader = PcapNGReader::new(65536, file).expect("PcapNGReader"); loop { match reader.next() { Ok((offset, _block)) => { println!("got new block"); num_blocks += 1; reader.consume(offset); }, Err(ErrorKind::Eof) => break, Err(e) => panic!("error while reading: {:?}", e), } } println!("num_blocks: {}", num_blocks);
See PcapNGReader for a complete example, including handling of linktype and accessing packet data.
For legacy pcap files, use similar code with the LegacyPcapReader streaming parser.
See pcap-tools and pcap-parse for more examples.
Example: generic streaming parsing
To create a pcap reader for input in either PCAP or PCAPNG format, use the create_reader function.
Re-exports
pub use pcap::*; |
pub use pcapng::*; |
Modules
data | Helper functions to access block contents (depending in linktype) |
pcap | PCAP file format |
pcapng | PCAPNG file format |
traits |
Structs
CurrentSectionInfo | |
LegacyPcapIterator | Iterator over |
LegacyPcapReader | Parsing iterator over legacy pcap data (streaming version) |
LegacyPcapSlice | Parsing iterator over legacy pcap data (requires data to be loaded into memory) |
Linktype | Data link type |
PcapCapture | Generic interface for PCAP file access |
PcapNGCapture | Generic interface for PCAPNG file access |
PcapNGCaptureIterator | Iterator over |
PcapNGReader | Parsing iterator over pcap-ng data (streaming version) |
PcapNGSlice | Parsing iterator over pcap-ng data (requires data to be loaded into memory) |
Enums
Data | A container for owned or borrowed data |
MutableData | A container for owned or borrowed mutable data |
PcapBlock | A block from a Pcap or PcapNG file |
PcapBlockOwned | A block from a Pcap or PcapNG file |
Traits
Capture | Generic interface for PCAP or PCAPNG file access |
Functions
create_reader | Get a generic |
parse_pcap | Parse the entire file |
parse_pcapng | Parse the entire file |