Lib.rs

Network programming
#pcap #packet #sniffing

pcap_on_demand

A packet capture API around pcap/wpcap that loads pcap/wpcap on demand

by Malte Schledjewski, Sean Bowe

2 releases

0.1.3 May 12, 2020
0.1.2 Mar 11, 2020
0.1.1 Mar 10, 2020
0.1.0 Mar 10, 2020

#4 in #sniffing

MIT/Apache

56KB
981 lines

pcap_on_demand Build status Crates.io Docs.rs

This is a fork of the pcap crate.
This crate load the pcap library on demand.
It therefore gives even less guarantees.

Documentation

This is a Rust language crate for accessing the packet sniffing capabilities of pcap (or wpcap on Windows). If you need anything feel free to post an issue or submit a pull request!

Features:

  • List devices
  • Open capture handle on a device or savefiles
  • Get packets from the capture handle
  • Filter packets using BPF programs
  • List/set/get datalink link types
  • Configure some parameters like promiscuity and buffer length
  • Write packets to savefiles
  • Inject packets into an interface

See examples for usage.

Building

Windows

Install WinPcap.

Place wpcap.dll in your C:\Rust\bin\rustlib\x86_64-pc-windows-gnu\lib\ directory on 64 bit or C:\Rust\bin\rustlib\i686-pc-windows-gnu\lib\ on 32 bit.

Linux

On Debian based Linux, install libpcap-dev. If not running as root, you need to set capabilities like so: sudo setcap cap_net_raw,cap_net_admin=eip path/to/bin

Mac OS X

libpcap should be installed on Mac OS X by default.

Note: A timeout of zero may cause pcap::Capture::next to hang and never return (because it waits for the timeout to expire before returning). This can be fixed by using a non-zero timeout (as the libpcap manual recommends) and calling pcap::Capture::next in a loop.

Library Location

If PCAP_LIBDIR environment variable is set when building the crate, it will be added to the linker search path - this allows linking against a specific libpcap.

Optional Features

tokio

Use the tokio feature to enable support for streamed packet captures.

[dependencies]
pcap = { version = "0.7", features = ["tokio"] }

pcap-savefile-append

To get access to the Capture::savefile_append function (which allows appending to an existing pcap file) you have to depend on the pcap-savefile-append feature flag. It requires at least libpcap version 1.7.2.

[dependencies]
pcap = { version = "0.7", features = ["pcap-savefile-append"] }

pcap-fopen-offline-precision

To enable Capture::from_raw_fd_with_precision constructor (which allows opening an offline capture from a raw file descriptor with a predefined timestamp precision) you have to add pcap-fopen-offline-precision feature flag. This requires libpcap version 1.5.0 or later.

[dependencies]
pcap = { version = "0.7", features = ["pcap-fopen-offline-precision"] }

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Dependencies

~0.1–1.5MB
~23K SLoC