Bump version to 1.0.1
Fix typo in docs
README: Note read-only
A pure-Rust library for reading pcap-ng files.
tshark
for all the pcapng
files I could scrape from the Wireshark wiki. See
integration_tests/ for details.pcarp
is zero-copy. Performance is comparable to libpcap
.
Actually, on some files pcarp
consistently underperforms, and on
some it consistently overperforms, so it's not really possible to say
which of the two performs better; but it's fair to say they're similar.Read
.
Are your pcaps gzipped? No problem, just wrap your File
in a
GzDecoder
before you feed it to Capture::new()
.advance()
and get()
), which is more general than iterator-style
(next()
) when the content is borrowed. An iterator-style API is
also included for convenience.pcarp
is fuzzed extensively to ensure that this is the case.
(Note that, given pathological input, pcarp
may give you an infinite
series of errors.)Limitations compared to libpcap
:
pcarp
is pcap-ng-only.pcarp
is read-only.pcarp
gives you the raw packet data.
If you want to parse ethernet/IP/TCP/whatever protocol, try pnet or
rshark.The software itself is in the public domain.
Some of the documentation is copied from the pcap spec, so the copyright is owned by the IETF; these places are cleary marked. The pcaps used by the integration tests are distributed by the Wireshark Foundation under the terms of the GNU GPL.