This is a Rust language crate for accessing the packet sniffing capabilities of pcap (or wpcap on Windows). If you need anything feel free to post an issue or submit a pull request!
- List devices
- Open capture handle on a device or savefiles
- Get packets from the capture handle
- Filter packets using BPF programs
- List/set/get datalink link types
- Configure some parameters like promiscuity and buffer length
- Write packets to savefiles
- Inject packets into an interface
See examples for usage.
As of 0.8.0 this crate uses Rust 2018 and requires a compiler version >= 1.40.0.
As of 0.9.0 the capture-stream feature requires a compiler version >= 1.45.0.
As of 0.9.2 the capture-stream feature requires a compiler version >= 1.47.0.
Install WinPcap.
Download the WinPcap Developer's Pack.
Add the /Lib or /Lib/x64 folder to your LIB environment variable.
On Debian based Linux, install libpcap-dev. If not running as root, you need to set capabilities like so: sudo setcap cap_net_raw,cap_net_admin=eip path/to/bin
libpcap should be installed on Mac OS X by default.
Note: A timeout of zero may cause pcap::Capture::next to hang and never return (because it waits for the timeout to expire before returning). This can be fixed by using a non-zero timeout (as the libpcap manual recommends) and calling pcap::Capture::next in a loop.
If LIBPCAP_LIBDIR environment variable is set when building the crate, it will be added to the linker search path - this allows linking against a specific libpcap.
The crate will automatically try to detect the installed libpcap/wpcap version by loading it during the build and calling pcap_lib_version. If for some reason this is not suitable, you can specify the desired library version by setting the environment variable LIBPCAP_VER to the desired version (e.g. env LIBPCAP_VER=1.5.0). The version number is used to determine which library calls to include in the compilation.
Use the capture-stream feature to enable support for streamed packet captures.
This feature is supported only on ubuntu and macosx.
Use the static feature to link statically with libpcap.a.
This feature is supported only on Linux and macOS.
To build all examples with a static libpcap on Ubuntu:
LIBPCAP_LIBDIR=/usr/lib/x86_64-linux-gnu/ cargo build --features static --examples
[dependencies]
pcap = { version = "0.9", features = ["capture-stream", "static"] }Licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.