A pure-Rust library for reading pcap-ng files.
tshark for all the pcapng files I
could scrape from the Wireshark wiki. See integration_tests/ for
details.libpcap. Actually, on some files
pcarp consistently underperforms, and on some it consistently overperforms,
so it's not really possible to say which of the two performs better; but
it's fair to say they're similar.Read as input. Are
your pcaps compressed? No problem, just wrap your File in a
GzDecoder before you pass it to Capture::new.advance
and get), which is more general than iterator-style (next) when the
content is borrowed.The software itself is in the public domain.
Some of the documentation is copied from the pcap spec, so the copyright is owned by the IETF; these places are cleary marked. The pcaps used by the integration tests are distributed by the Wireshark Foundation under the terms of the GNU GPL.