Crate pcarp

source ·
Expand description

pcarp is a pure-Rust library for reading pcapng files.

  • Correct: Agrees with tshark across a broad test suite.
  • Fast: Performance is similar to libpcap.
  • Flexible: Wraps anything which implements Read.
  • Ergonomic: It’s an iterator of Packets - no lifetimes.
  • Resilient: Handles malformed pcaps as gracefully as possible.

See the README for more details.

The entry point is Capture.

Example

In this example, the pcap is compressed - but not to worry! Since Capture::new() takes anything with a Read impl, we can just wrap our File with an XzDecoder.

let path = "10_sqldeveloper10_2016.pcapng.xz";
let file = XzDecoder::new(File::open(path)?);
for pkt in Capture::new(file) {
    let pkt = pkt.unwrap();
    println!("{:?} {}", pkt.timestamp, pkt.data.len());
}

Modules

  • [Internal] Block definitions.
  • Info and stats about the network interfaces used to capture packets

Structs

  • An iterator that reads packets from a pcap
  • A captured packet

Enums

  • An error; may be fatal or non-fatal