This is a Rust language crate for accessing the packet sniffing capabilities of pcap (or wpcap on Windows). If you need anything feel free to post an issue or submit a pull request!
- List devices
- Open capture handle on a device or savefiles
- Get packets from the capture handle
- Filter packets using BPF programs
- List/set/get datalink link types
- Configure some parameters like promiscuity and buffer length
- Write packets to savefiles
- Inject packets into an interface
See examples for usage.
As of 0.9.0 if using the capture-stream
feature this crate requires a compiler version >= 1.45.0.
Install WinPcap.
Download the WinPcap Developer's Pack.
Add the /Lib
or /Lib/x64
folder to your LIB
environment variable.
On Debian based Linux, install libpcap-dev
. If not running as root, you need to set capabilities like so: sudo setcap cap_net_raw,cap_net_admin=eip path/to/bin
libpcap should be installed on Mac OS X by default.
Note: A timeout of zero may cause pcap::Capture::next
to hang and never return (because it waits for the timeout to expire before returning). This can be fixed by using a non-zero timeout (as the libpcap manual recommends) and calling pcap::Capture::next
in a loop.
If LIBPCAP_LIBDIR
environment variable is set when building the crate, it will be added to the linker search path - this allows linking against a specific libpcap
.
The crate will automatically try to detect the installed libpcap
/wpcap
version by loading it during the build and calling pcap_lib_version
. If for some reason this is not suitable, you can specify the desired library version by setting the environment variable LIBPCAP_VER
to the desired version (e.g. env LIBPCAP_VER=1.5.0
). The version number is used to determine which library calls to include in the compilation.
Use the capture-stream
feature to enable support for streamed packet captures.
This feature is supported only on ubuntu and macosx.
[dependencies]
pcap = { version = "0.9", features = ["capture-stream"] }
Licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.