Expand description
pcap is a packet capture library available on Linux, Windows and Mac. This crate supports creating and configuring capture contexts, sniffing packets, sending packets to interfaces, listing devices, and recording packet captures to pcap-format dump files.
Capturing packets
The easiest way to open an active capture handle and begin sniffing is to
use .open()
on a Device
. You can obtain the “default” device using
Device::lookup()
, or you can obtain the device(s) you need via Device::list()
.
use pcap::Device;
fn main() {
let mut cap = Device::lookup().unwrap().open().unwrap();
while let Ok(packet) = cap.next_packet() {
println!("received packet! {:?}", packet);
}
}
Capture
’s .next_packet()
will produce a Packet
which can be dereferenced to access the
&[u8]
packet contents.
Custom configuration
You may want to configure the timeout
, snaplen
or other parameters for the capture
handle. In this case, use Capture::from_device()
to obtain a Capture<Inactive>
, and
proceed to configure the capture handle. When you’re finished, run .open()
on it to
turn it into a Capture<Active>
.
use pcap::{Device,Capture};
fn main() {
let main_device = Device::lookup().unwrap();
let mut cap = Capture::from_device(main_device).unwrap()
.promisc(true)
.snaplen(5000)
.open().unwrap();
while let Ok(packet) = cap.next_packet() {
println!("received packet! {:?}", packet);
}
}
Abstracting over different capture types
You can abstract over live captures (Capture<Active>
) and file captures
(Capture<Offline>
) using generics and the Activated
trait, for example:
use pcap::{Activated, Capture};
fn read_packets<T: Activated>(mut capture: Capture<T>) {
while let Ok(packet) = capture.next_packet() {
println!("received packet! {:?}", packet);
}
}
Structs
pcap_t
provided by pcap.
There are many ways to instantiate and interact with a pcap handle, so phantom types are
used to express these behaviors.Capture::from_file()
.Enums
Activated
because it behaves nearly the same as a live handle.Capture::direction
.Activated
because it behaves nearly the same as a live handle.Traits
Capture
s can be in different states at different times, and in these states they
may or may not have particular capabilities. This trait is implemented by phantom
types which allows us to punt these invariants to the type system to avoid runtime
errors.map()
.Capture
s can be in different states at different times, and in these states they
may or may not have particular capabilities. This trait is implemented by phantom
types which allows us to punt these invariants to the type system to avoid runtime
errors.Functions
Type Definitions
TimestampType
, kept around for backward-compatibility.