Expand description
PCAP file format
See https://wiki.wireshark.org/Development/LibpcapFileFormat for details.
There are 2 main ways of parsing a PCAP file. The first method is to use
parse_pcap. This method requires to load the entire
file to memory, and thus may not be good for large files.
The PcapCapture implements the
Capture trait to provide generic methods. However,
this trait also reads the entire file.
The second method is to first parse the PCAP header
using parse_pcap_header, then
loop over parse_pcap_frame to get the data.
This can be used in a streaming parser.
Structs§
- Legacy
Pcap Block - Container for network data in legacy Pcap files
- Legacy
Pcap Iterator - Iterator over
PcapCapture - Legacy
Pcap Reader - Parsing iterator over legacy pcap data (streaming version)
- Legacy
Pcap Slice - Parsing iterator over legacy pcap data (requires data to be loaded into memory)
- Pcap
Capture - Generic interface for PCAP file access
- Pcap
Header - PCAP global header
Functions§
- parse_
pcap - Parse the entire file
- parse_
pcap_ frame - Read a PCAP record header and data
- parse_
pcap_ frame_ be - Read a PCAP record header and data (big-endian)
- parse_
pcap_ frame_ modified - Read a PCAP record header and data (“modified” pcap format)
- parse_
pcap_ header - Read the PCAP global header