This is a Rust language crate for accessing the packet sniffing capabilities of pcap (or...

Download the WinPcap MIT license (LICENSE-MIT or

pcap

Documentation

This is a Rust language crate for accessing the packet sniffing capabilities of pcap (or wpcap on Windows). If you need anything feel free to post an issue or submit a pull request!

Features:

  • List devices
  • Open capture handle on a device or savefiles
  • Get packets from the capture handle
  • Filter packets using BPF programs
  • List/set/get datalink link types
  • Configure some parameters like promiscuity and buffer length
  • Write packets to savefiles
  • Inject packets into an interface

See examples for usage.

Building

As of 0.8.0 this crate uses Rust 2018 and requires a compiler version >= 1.40.0.

As of 0.9.0 the capture-stream feature requires a compiler version >= 1.45.0.

As of 0.9.2 the capture-stream feature requires a compiler version >= 1.49.0.

Windows

Install WinPcap.

Download the WinPcap Developer's Pack. Add the /Lib or /Lib/x64 folder to your LIB environment variable.

Linux

On Debian based Linux, install libpcap-dev. If not running as root, you need to set capabilities like so:

Mac OS X

libpcap should be installed on Mac OS X by default.

Note: A timeout of zero may cause to hang and never return (because it waits for the timeout to expire before returning). This can be fixed by using a non-zero timeout (as the libpcap manual recommends) and calling in a loop.

Library Location

If LIBPCAP_LIBDIR environment variable is set when building the crate, it will be added to the linker search path - this allows linking against a specific libpcap.

Library Version

The crate will automatically try to detect the installed libpcap/wpcap version by loading it during the build and calling pcap_lib_version. If for some reason this is not suitable, you can specify the desired library version by setting the environment variable LIBPCAP_VER to the desired version (e.g. env LIBPCAP_VER=1.5.0). The version number is used to determine which library calls to include in the compilation.

Optional Features

capture-stream

Use the capture-stream feature to enable support for streamed packet captures. This feature is supported only on ubuntu and macosx.

License

Licensed under either of

  • Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
  • MIT license (LICENSE-MIT or #404)

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Issues

Collection of the latest Issues

gmacon

gmacon

0

Currently, Capture::dead calls pcap_open_dead, but there should be a way to call pcap_open_dead_with_tstamp_precision instead. I propose adding a new Capture::dead_with_precision function to handle that.

Aside: If I were designing the API from scratch, I might have a separate DeadCaptureBuilder that provides default values for the snaplen and precision and lets you set either or both before finally calling pcap_open_dead_with_tstamp_precision at the end. Would there be any objection to such an API?

AAPLM

AAPLM

windows
9

In an effort to consolidate our efforts to update the crate to use Npcap over winpcap, I made this ticket so we can centralize any discussion. @Wojtek242 has put forth two ideas for upgrading the use of winpcap to Npcap:

  1. Update the documentation to support both winpcap and Npcap options and note that the CI pipeline still relies on winpcap
  2. Fully replace winpcap with npcap and update the CI pipeline to use Npcap

I was considering a third option that combines both of the above:

  1. Update the documentation and CI to use Npcap with winpcap compatibility mode, until we fully remove the old winpcap references
    • Silently install Npcap with the /winpcap_mode switch
    • This would also let us get the new updates and improvements that Npcap contributed towards the winpcap libraries

This allows us to keep the same code, but only update the documentation and CI pipeline until we fully remove the dependence on winpcap. The only issue is that we need to get the paid version of Npcap (Npcap OEM). Fortunately, another contributor asked the nmap folks and they mentioned that we just need to email them to get it sorted out.

From my limited testing, installing Npcap with winpcap compatibility worked without any issues. The tests completed successfully and I was able to get a list of devices.

Thoughts? I can reach back out to nmap to get this started if we want to go that route or we can just wait until we fully remove winpcap in one go.

gkamathe

gkamathe

bug
3

Steps to reproduce

Clone repo

Try building it, errors out saying "No such file or directory" for libpcap.so

libpcap library is installed however the symlink is "libpcap.so.1" instead of "libpcap.so"

Creating a new symlink with expected name solves the build issue

Able to build now

However it would be good to consider possible libpcap.so file names (symlinks) by other means instead of depending on hard coding in the source code

OS version I used where the "expected" symlink was not available

Trolldemorted

Trolldemorted

windows
2

The windows tests are not run against npcap, because only npcap OEM has a silent installer.

I contacted the npcap project, and they say we could work something out! I boldly assume you'll receive something you'll have to put into a github actions secret, so you might want to send the email yourselves, but if you are too busy I could do it too.

korczis

korczis

testing
4

Please provide example how to inject packet.

PS: README.md says it is possible to use this library for packet injection but I found that pcap_inject is commented out. Is this intended?

@ebfull can you clarify this, please?

From src/raw.rs

ebfull

ebfull

testing
2

There's no real way to use travis to do this, that I know. Solutions for this issue would be very nice as I could move most of our "examples" into tests.

Information - Updated Jun 28, 2022

Stars: 358
Forks: 113
Issues: 17

Repositories & Extras

Rust bindings for libinjection

Add libinjection to dependencies of Cargo

Rust bindings for libinjection

CDRS is looking for maintainers

CDRS is Apache Cassandra driver written in pure Rust

CDRS is looking for maintainers

Rust bindings for the C++ api of PyTorch

LIghtweight wrapper for pytorch eg libtorch in rust

Rust bindings for the C++ api of PyTorch

Rust leveldb bindings

Almost-complete bindings for leveldb for Rust

Rust leveldb bindings

rust-analyzer is a modular compiler frontend for the Rust language

It also contains some tips & tricks to help you be more productive when using rust-analyzer

rust-analyzer is a modular compiler frontend for the Rust language

Rust-Lightning is a Bitcoin Lightning library written in Rust

lightning, does not handle networking, persistence, or any other I/O

Rust-Lightning is a Bitcoin Lightning library written in Rust

Rust FUSE - Filesystem in Userspace

Rust library crate for easy implementation of Crate documentation

Rust FUSE - Filesystem in Userspace

Rust crate to implement a counterpart to the PBRT book's (3rd edition) C++ code:

Some images of the test scenes are shown below, but you can find more

Rust crate to implement a counterpart to the PBRT book's (3rd edition) C++ code:

Rust Persian Calendar

1** provides functionality for conversion among Persian (Solar Hijri) and Gregorian calendars

Rust Persian Calendar

Rust DjangoHashers

A Rust port of the password primitives used in alternatice implementation: the package library that requires OpenSSL

Rust DjangoHashers

The arkworks ecosystem consist of Rust libraries for designing and working with zero knowledge succinct...

This library is released under the MIT License and the Apache v2 License (see License)

The arkworks ecosystem consist of Rust libraries for designing and working with zero knowledge succinct...
Facebook Instagram Twitter GitHub Dribbble
Privacy