A pcap-ng parser
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
examples
integration_tests
src
.gitignore
.travis.yml
Cargo.toml
PULL_REQUEST_TEMPLATE.md
README.md
UNLICENSE

README.md

pcarp

A pure-Rust library for reading pcap-ng files.

  • Correct: Produces the same results as tshark for all the pcapng files I could scrape from the Wireshark wiki. See integration_tests/ for details.
  • Fast: Performance is comparable to libpcap. Actually, on some files pcarp consistently underperforms, and on some it consistently overperforms, so it's not really possible to say which of the two performs better; but it's fair to say they're similar.
  • Flexible: The input can be anything which implements Read as input. Are your pcaps compressed? No problem, just wrap your File in a GzDecoder before you pass it to Capture::new.
  • Flexible (again): The output API is streaming-iterator-style (advance and get), which is more general than iterator-style (next) when the content is borrowed.

License

The software itself is in the public domain.

Some of the documentation is copied from the pcap spec, so the copyright is owned by the IETF; these places are cleary marked. The pcaps used by the integration tests are distributed by the Wireshark Foundation under the terms of the GNU GPL.