A pure-Rust library for reading pcap-ng files.
tsharkfor all the pcapng files I could scrape from the Wireshark wiki. See integration_tests/ for details.
pcarpis zero-copy. Performance is comparable to
libpcap. Actually, on some files
pcarpconsistently underperforms, and on some it consistently overperforms, so it's not really possible to say which of the two performs better; but it's fair to say they're similar.
Read. Are your pcaps gzipped? No problem, just wrap your
GzDecoderbefore you feed it to
get()), which is more general than iterator-style (
next()) when the content is borrowed. An iterator-style API is also included for convenience.
pcarpis fuzzed extensively to ensure that this is the case. (Note that, given pathological input,
pcarpmay give you an infinite series of errors.)
Limitations compared to
pcarpgives you the raw packet data. If you want to parse ethernet/IP/TCP/whatever protocol, try pnet or rshark.
The software itself is in the public domain.
Some of the documentation is copied from the pcap spec, so the copyright is owned by the IETF; these places are cleary marked. The pcaps used by the integration tests are distributed by the Wireshark Foundation under the terms of the GNU GPL.