[−][src]Crate pcap

pcap is a packet capture library available on Linux, Windows and Mac. This crate supports creating and configuring capture contexts, sniffing packets, sending packets to interfaces, listing devices, and recording packet captures to pcap-format dump files.

Capturing packets

The easiest way to open an active capture handle and begin sniffing is to use .open() on a Device. You can obtain the "default" device using Device::lookup(), or you can obtain the device(s) you need via Device::list().

use pcap::Device;

let mut cap = Device::lookup().unwrap().open().unwrap();

while let Ok(packet) = cap.next() {
    println!("received packet! {:?}", packet);
}

Capture's .next() will produce a Packet which can be dereferenced to access the &[u8] packet contents.

Custom configuration

You may want to configure the timeout, snaplen or other parameters for the capture handle. In this case, use Capture::from_device() to obtain a Capture<Inactive>, and proceed to configure the capture handle. When you're finished, run .open() on it to turn it into a Capture<Active>.

use pcap::{Device,Capture};

let main_device = Device::lookup().unwrap();
let mut cap = Capture::from_device(main_device).unwrap()
                  .promisc(true)
                  .snaplen(5000)
                  .open().unwrap();

while let Ok(packet) = cap.next() {
    println!("received packet! {:?}", packet);
}

Modules

linktypes

LINK-LAYER HEADER TYPE VALUES https://www.tcpdump.org/linktypes.html

Structs

Capture	This is a pcap capture handle which is an abstraction over the `pcap_t` provided by pcap. There are many ways to instantiate and interact with a pcap handle, so phantom types are used to express these behaviors.
Device	A network device name and (potentially) pcap's description of it.
Linktype	This is a datalink link type.
Packet	Represents a packet returned from pcap.
PacketHeader	Represents a packet header provided by pcap, including the timeval, caplen and len.
Savefile	Abstraction for writing pcap savefiles, which can be read afterwards via `Capture::from_file()`.
Stat

Enums

Active	Phantom type representing an active capture handle.
Dead	Phantom type representing a dead capture handle. This can be use to create new save files that are not generated from an active capture. Implements `Activated` because it behaves nearly the same as a live handle.
Direction
Error	An error received from pcap
Inactive	Phantom type representing an inactive capture handle.
Offline	Phantom type representing an offline capture handle, from a pcap dump file. Implements `Activated` because it behaves nearly the same as a live handle.
Precision
TimestampType

Traits

Activated
State	`Capture`s can be in different states at different times, and in these states they may or may not have particular capabilities. This trait is implemented by phantom types which allows us to punt these invariants to the type system to avoid runtime errors.

Type Definitions

TstampType

Deprecated