Expand description
pcap is a packet capture library available on Linux, Windows and Mac. This crate supports creating and configuring capture contexts, sniffing packets, sending packets to interfaces, listing devices, and recording packet captures to pcap-format dump files.
§Capturing packets
The easiest way to open an active capture handle and begin sniffing is to
use .open()
on a Device
. You can obtain the “default” device using
Device::lookup()
, or you can obtain the device(s) you need via Device::list()
.
use pcap::Device;
let mut cap = Device::lookup().unwrap().unwrap().open().unwrap();
while let Ok(packet) = cap.next_packet() {
println!("received packet! {:?}", packet);
}
Capture
’s .next_packet()
will produce a Packet
which can be dereferenced to access the
&[u8]
packet contents.
§Custom configuration
You may want to configure the timeout
, snaplen
or other parameters for the capture
handle. In this case, use Capture::from_device()
to obtain a Capture<Inactive>
, and
proceed to configure the capture handle. When you’re finished, run .open()
on it to
turn it into a Capture<Active>
.
use pcap::{Device, Capture};
let main_device = Device::lookup().unwrap().unwrap();
let mut cap = Capture::from_device(main_device).unwrap()
.promisc(true)
.snaplen(5000)
.open().unwrap();
while let Ok(packet) = cap.next_packet() {
println!("received packet! {:?}", packet);
}
§Abstracting over different capture types
You can abstract over live captures (Capture<Active>
) and file captures
(Capture<Offline>
) using generics and the Activated
trait, for example:
use pcap::{Activated, Capture};
fn read_packets<T: Activated>(mut capture: Capture<T>) {
while let Ok(packet) = capture.next_packet() {
println!("received packet! {:?}", packet);
}
}
Structs§
- Address information for an interface
- This is a pcap capture handle which is an abstraction over the
pcap_t
provided by pcap. There are many ways to instantiate and interact with a pcap handle, so phantom types are used to express these behaviors. - A network device name and pcap’s description of it.
- Network device flags.
- This is a datalink link type.
- Represents a packet returned from pcap.
- Represents a packet header provided by pcap, including the timeval, caplen and len.
- Implement an Iterator of Packet
- Implement Stream for async use of pcap
- Abstraction for writing pcap savefiles, which can be read afterwards via
Capture::from_file()
. - Packet statistics for a capture
Enums§
- Phantom type representing an active capture handle.
- Indication of whether the adapter is connected or not; for wireless interfaces, “connected” means “associated with a network”.
- Phantom type representing a dead capture handle. This can be use to create new save files that are not generated from an active capture. Implements
Activated
because it behaves nearly the same as a live handle. - The direction of packets to be captured. Use with
Capture::direction
. - An error received from pcap
- Phantom type representing an inactive capture handle.
- Phantom type representing an offline capture handle, from a pcap dump file. Implements
Activated
because it behaves nearly the same as a live handle. - Timestamp resolution types
- Timestamp types
Traits§
Capture
s can be in different states at different times, and in these states they may or may not have particular capabilities. This trait is implemented by phantom types which allows us to punt these invariants to the type system to avoid runtime errors.- This trait is used to implement Stream and Iterator feature. This is almost like
map()
. Capture
s can be in different states at different times, and in these states they may or may not have particular capabilities. This trait is implemented by phantom types which allows us to punt these invariants to the type system to avoid runtime errors.
Functions§
- Open a raw file descriptor.
Type Aliases§
- TstampTypeDeprecatedAn old name for
TimestampType
, kept around for backward-compatibility.