Lib.rs

Parser implementations
#parser #pcapng #pcap #pcap-reader #read-write #pcap-ng #pcap-ng-reader

pcap-file

A crate to parse, read and write Pcap and PcapNg

by Courvoif and 6 contributors

13 releases (3 stable)

3.0.0-rc1 Jan 9, 2024
2.0.0 Feb 1, 2023
2.0.0-rc1 Jan 13, 2023
1.1.1 Nov 19, 2019
0.7.0 Jun 25, 2017

#63 in Parser implementations

Download history 8649/week @ 2025-01-28 10461/week @ 2025-02-04 90833/week @ 2025-02-11 101213/week @ 2025-02-18 110593/week @ 2025-02-25 115507/week @ 2025-03-04 109411/week @ 2025-03-11 89737/week @ 2025-03-18 96498/week @ 2025-03-25 80432/week @ 2025-04-01 76845/week @ 2025-04-08 61369/week @ 2025-04-15 65241/week @ 2025-04-22 71864/week @ 2025-04-29 68657/week @ 2025-05-06 57388/week @ 2025-05-13

270,945 downloads per month
Used in 24 crates (21 directly)

MIT license

150KB
3K SLoC

pcap-file

Provides parsers, readers and writers for Pcap and PcapNg files.

For Pcap files see the pcap module.

For PcapNg files see the pcapng module.

Crates.io rustdoc Crates.io

Documentation

https://docs.rs/pcap-file

Installation

This crate is on crates.io. Add it to your Cargo.toml:

[dependencies]
pcap-file = "3.0.0-rc1"

Examples

PcapReader

use std::fs::File;
use pcap_file::pcap::PcapReader;

let file_in = File::open("test.pcap").expect("Error opening file");
let mut pcap_reader = PcapReader::new(file_in).unwrap();

// Read test.pcap
while let Some(pkt) = pcap_reader.next_packet() {
    //Check if there is no error
    let pkt = pkt.unwrap();

    //Do something
 }

PcapNgReader

use std::fs::File;
use pcap_file::pcapng::PcapNgReader;

let file_in = File::open("test.pcapng").expect("Error opening file");
let mut pcapng_reader = PcapNgReader::new(file_in).unwrap();

// Read test.pcapng
while let Some(block) = pcapng_reader.next_block() {
    // Check if there is no error
    let block = block.unwrap();

    //  Do something
}

Fuzzing

Currently there are 4 crude harnesses to check that the parser won't panic in any situation. To start fuzzing you must install cargo-fuzz with the command:

$ cargo install cargo-fuzz

And then, in the root of the repository, you can run the harnesses as:

$ cargo fuzz run pcap_reader
$ cargo fuzz run pcap_ng_reader
$ cargo fuzz run pcap_parser
$ cargo fuzz run pcap_ng_parser

Keep in mind that libfuzzer by default uses only one core, so you can either run all the harnesses in different terminals, or you can pass the -jobs and -workers attributes. More info can be found in its documentation here. To get better crash reports add to you rust flags: -Zsanitizer=address. E.g.

RUSTFLAGS="-Zsanitizer=address" cargo fuzz run pcap_reader

License

Licensed under MIT.

Disclaimer

To test the library I used the excellent PcapNg testing suite provided by hadrielk.

Dependencies

~2MB
~41K SLoC