{"id":26794626,"url":"https://github.com/rusticata/pcap-parser","last_synced_at":"2025-11-11T11:33:34.502Z","repository":{"id":49874354,"uuid":"118420951","full_name":"rusticata/pcap-parser","owner":"rusticata","description":"PCAP/PCAPNG file format parser written in pure Rust. Fast, zero-copy, safe.","archived":false,"fork":false,"pushed_at":"2024-04-23T09:42:10.000Z","size":503,"stargazers_count":93,"open_issues_count":1,"forks_count":24,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-04-24T07:37:41.403Z","etag":null,"topics":["pcap","pcap-format","pcap-parser","pcapng","streaming-parsers"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rusticata.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-01-22T07:19:31.000Z","updated_at":"2024-06-19T22:50:22.754Z","dependencies_parsed_at":"2024-02-05T11:27:01.620Z","dependency_job_id":"d9d018d9-5f42-4d83-9c32-90066c526477","html_url":"https://github.com/rusticata/pcap-parser","commit_stats":{"total_commits":208,"total_committers":4,"mean_commits":52.0,"dds":"0.019230769230769273","last_synced_commit":"444ccc6ccb43b30694cc352fa3b2fea9c9fb2baa"},"previous_names":[],"tags_count":31,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rusticata%2Fpcap-parser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rusticata%2Fpcap-parser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rusticata%2Fpcap-parser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rusticata%2Fpcap-parser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rusticata","download_url":"https://codeload.github.com/rusticata/pcap-parser/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247378138,"owners_count":20929296,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pcap","pcap-format","pcap-parser","pcapng","streaming-parsers"],"created_at":"2025-03-29T17:28:19.812Z","updated_at":"2025-11-11T11:33:34.496Z","avatar_url":"https://github.com/rusticata.png","language":"Rust","readme":"\u003c!-- cargo-sync-readme start --\u003e\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](./LICENSE-MIT)\n[![Apache License 2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](./LICENSE-APACHE)\n[![Crates.io Version](https://img.shields.io/crates/v/pcap-parser.svg)](https://crates.io/crates/pcap-parser)\n[![docs.rs](https://docs.rs/pcap-parser/badge.svg)](https://docs.rs/pcap-parser)\n[![Github CI](https://github.com/rusticata/pcap-parser/workflows/Continuous%20integration/badge.svg)](https://github.com/rusticata/pcap-parser/actions)\n[![Minimum rustc version](https://img.shields.io/badge/rustc-1.65.0+-lightgray.svg)](#rust-version-requirements)\n\n# PCAP and PCAPNG parsers\n\nThis crate contains several parsers for PCAP and PCAPNG files.\n\nCompared to other similar projects, it is designed to offer a complete support of the many\npossible formats (legacy pcap, pcapng, little or big-endian, etc.) and features (pcapng files\nwith multiple sections, interfaces, and endianness) while using only safe code and without\ncopying data (zero-copy).\n\nThe code is available on [Github](https://github.com/rusticata/pcap-parser)\nand is part of the [Rusticata](https://github.com/rusticata) project.\n\n# The pcap format(s)\n\nThe [PCAP] format (files usually ending with `.pcap` extension) is rather\ntrivial. The [PCAPNG] format (usually `.pcapng` extension) is much more complex: it\ncan be composed of multiple sections, each with multiple interfaces, having\ndifferent capture lengths, time precision and even endianness!\n\nThese formats are more containers than data formats: packets contain data,\nformatted according to its interface linktype. There are *many* possible\nlinktypes, defined in the [linktypes registry]. Support for parsing some of\nthem is provided using the `data` feature (disabled by default).\n\nThis crate provides an abstraction over these different formats.\n\n[PCAP]: https://wiki.wireshark.org/Development/LibpcapFileFormat\n[PCAPNG]: https://pcapng.github.io/pcapng/\n[linktypes registry]: https://www.tcpdump.org/linktypes.html\n\n# Parsing a file\n\n`pcap-parser` provides several ways of parsing pcap data. Choosing the right\none is mostly driven by resources: if the input file is small, the\n`parse_pcap` and `parse_pcapng` functions can be used directly.\n\nFine-grained functions are also available, to parse specifically some block\ntypes for example. They are listed in the `pcap` and `pcapng` modules.\n\nIf the input is larger and cannot fit into memory, then streaming parsers\nare available. They work by iterating on blocks, and so do not require to map\nthe entire input. They cannot seek to a specific block, however.\n\n*Note: due to PCAPNG limitations, it is not possible to directly seek in\na file to get a packet and handle it: the caller has to iterate though the\nfile and store (at least) the interface descriptions for the current\nsection, in order of appearance.*\n\n## Example: streaming parsers\n\nThe following code shows how to parse a file in the pcap-ng format, using a\n[`PcapNGReader`] streaming parser.\nThis reader provides a convenient abstraction over the file format, and takes\ncare of the endianness.\n\n```rust\nuse pcap_parser::*;\nuse pcap_parser::traits::PcapReaderIterator;\nuse std::fs::File;\n\nlet file = File::open(path).unwrap();\nlet mut num_blocks = 0;\nlet mut reader = PcapNGReader::new(65536, file).expect(\"PcapNGReader\");\nloop {\n    match reader.next() {\n        Ok((offset, _block)) =\u003e {\n            println!(\"got new block\");\n            num_blocks += 1;\n            reader.consume(offset);\n        },\n        Err(PcapError::Eof) =\u003e break,\n        Err(PcapError::Incomplete(_)) =\u003e {\n            reader.refill().unwrap();\n        },\n        Err(e) =\u003e panic!(\"error while reading: {:?}\", e),\n    }\n}\nprintln!(\"num_blocks: {}\", num_blocks);\n```\nSee [`PcapNGReader`] for a complete example,\nincluding handling of linktype and accessing packet data.\n\nSee also the [`pcapng`] module for more details about the new capture file format.\n\nFor legacy pcap files, use similar code with the\n[`LegacyPcapReader`] streaming parser.\n\nSee [pcap-analyzer](https://github.com/rusticata/pcap-analyzer), in particular the\n[libpcap-tools](https://github.com/rusticata/pcap-analyzer/tree/master/libpcap-tools) and\n[pcap-info](https://github.com/rusticata/pcap-analyzer/tree/master/pcap-info) modules\nfor more examples.\n\n## Example: generic streaming parsing\n\nTo create a pcap reader for input in either PCAP or PCAPNG format, use the\n[`create_reader`] function.\n\n# Serialization\n\nSupport for serialization (*i.e.* generating binary data) is available by\nenabling the `serialize` feature.\nMost structures gain the `to_vec()` method (provided by the `ToVec` trait).\n\nNote: support is still experimental, though working. API may change in the\nfuture.\n\u003c!-- cargo-sync-readme end --\u003e\n\n## Changes\n\nSee `CHANGELOG.md`.\n\n## License\n\nLicensed under either of\n\n * Apache License, Version 2.0\n   ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)\n * MIT license\n   ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)\n\nat your option.\n\n## Contribution\n\nUnless you explicitly state otherwise, any contribution intentionally submitted\nfor inclusion in the work by you, as defined in the Apache-2.0 license, shall be\ndual licensed as above, without any additional terms or conditions.\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frusticata%2Fpcap-parser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frusticata%2Fpcap-parser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frusticata%2Fpcap-parser/lists"}