This is a Rust language crate for accessing the packet sniffing capabilities of pcap (or wpcap on Windows). If you need anything feel free to post an issue or submit a pull request!
- List devices
- Open capture handle on a device or savefiles
- Get packets from the capture handle
- Filter packets using BPF programs
- List/set/get datalink link types
- Configure some parameters like promiscuity and buffer length
- Write packets to savefiles
- Inject packets into an interface
See examples for usage.
As of 0.8.0 this crate uses Rust 2018 and requires a compiler version >= 1.40.0.
The feature capture-stream depends on tokio, but we only lock tokio version to 1.0. Therefore, when capture-stream is enabled, this crate requires a compiler version new enough to compile the tokio crate.
Install WinPcap.
Download the WinPcap Developer's Pack.
Add the /Lib or /Lib/x64 folder to your LIB environment variable.
On Debian based Linux, install libpcap-dev. If not running as root, you need to set capabilities like so: sudo setcap cap_net_raw,cap_net_admin=eip path/to/bin
libpcap should be installed on Mac OS X by default.
Note: A timeout of zero may cause pcap::Capture::next to hang and never return (because it waits for the timeout to expire before returning). This can be fixed by using a non-zero timeout (as the libpcap manual recommends) and calling pcap::Capture::next in a loop.
If LIBPCAP_LIBDIR environment variable is set when building the crate, it will be added to the linker search path - this allows linking against a specific libpcap.
The crate will automatically try to detect the installed libpcap/wpcap version by loading it during the build and calling pcap_lib_version. If for some reason this is not suitable, you can specify the desired library version by setting the environment variable LIBPCAP_VER to the desired version (e.g. env LIBPCAP_VER=1.5.0). The version number is used to determine which library calls to include in the compilation.
Use the capture-stream feature to enable support for streamed packet captures.
This feature is supported only on ubuntu and macosx.
[dependencies]
pcap = { version = "0.9", features = ["capture-stream"] }Licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.