#pcap #pcapng #parse #read #write

pcap-file

A crate to parse, read and write Pcap and PcapNg

12 releases (3 stable)

2.0.0 Feb 1, 2023
1.1.1 Nov 19, 2019
0.10.0 Feb 20, 2018
0.8.0 Nov 27, 2017
0.7.0 Jun 25, 2017

#75 in Encoding

Download history 2122/week @ 2022-12-05 1813/week @ 2022-12-12 1093/week @ 2022-12-19 569/week @ 2022-12-26 1678/week @ 2023-01-02 2256/week @ 2023-01-09 1826/week @ 2023-01-16 1915/week @ 2023-01-23 2095/week @ 2023-01-30 2210/week @ 2023-02-06 2252/week @ 2023-02-13 1945/week @ 2023-02-20 2232/week @ 2023-02-27 2208/week @ 2023-03-06 2147/week @ 2023-03-13 2186/week @ 2023-03-20

8,811 downloads per month
Used in 12 crates (10 directly)

MIT license

145KB
2.5K SLoC

pcap-file

Provides parsers, readers and writers for Pcap and PcapNg files.

For Pcap files see the pcap module.

For PcapNg files see the pcapng module.

Crates.io rustdoc Crates.io

Documentation

https://docs.rs/pcap-file

Installation

This crate is on crates.io. Add it to your Cargo.toml:

[dependencies]
pcap-file = "2.0.0-rc1"

Examples

PcapReader

use std::fs::File;
use pcap_file::pcap::PcapReader;

let file_in = File::open("test.pcap").expect("Error opening file");
let mut pcap_reader = PcapReader::new(file_in).unwrap();

// Read test.pcap
while let Some(pkt) = pcap_reader.next_packet() {
    //Check if there is no error
    let pkt = pkt.unwrap();

    //Do something
 }

PcapNgReader

use std::fs::File;
use pcap_file::pcapng::PcapNgReader;

let file_in = File::open("test.pcapng").expect("Error opening file");
let mut pcapng_reader = PcapNgReader::new(file_in).unwrap();

// Read test.pcapng
while let Some(block) = pcapng_reader.next_block() {
    // Check if there is no error
    let block = block.unwrap();

    //  Do something
}

Fuzzing

Currently there are 4 crude harnesses to check that the parser won't panic in any situation. To start fuzzing you must install cargo-fuzz with the command:

$ cargo install cargo-fuzz

And then, in the root of the repository, you can run the harnesses as:

$ cargo fuzz run pcap_reader
$ cargo fuzz run pcap_ng_reader
$ cargo fuzz run pcap_parser
$ cargo fuzz run pcap_ng_parser

Keep in mind that libfuzzer by default uses only one core, so you can either run all the harnesses in different terminals, or you can pass the -jobs and -workers attributes. More info can be found in its documentation here. To get better crash reports add to you rust flags: -Zsanitizer=address. E.g.

RUSTFLAGS="-Zsanitizer=address" cargo fuzz run pcap_reader

License

Licensed under MIT.

Disclaimer

To test the library I used the excellent PcapNg testing suite provided by hadrielk.

Dependencies

~0.7–1.2MB
~28K SLoC