package pcap-format

You can search for identifiers within the package.

in-package search v0.2.0

Decode and encode PCAP (packet capture) files

Install

dune-project

Dependency

github.com Readme Changelog ISC License Edit opam file Versions (3)

Authors

Maintainers

D

Dave Scott <dave@recoil.org>

Sources

pcap-format-0.6.0.tbz

sha256=2d48f2f179ba56c9ccab51472b398983bba8ae44efedc393b282f09ad34791a6

sha512=6c46b314b665eff3e46550e28a88f6de5370ed5299e88fa76f612330fa704bea5e436608e4f0eff489b444cc8b534e1f5710a0d92083469ec52f375d6435baf8

doc/pcap-format/Pcap/index.html

Module `Pcap`Source

PCAP encoding and encoding

v0.6.0 - homepage

Sourceval major_version : int

Major version of the pcap format which we understand

Sourceval minor_version : int

Minor version of the pcap format which we understand

Sourcetype endian =

| Big
(*
Big endian (pcap headers)
*)
| Little
(*
Little endian (pcap headers)
*)

Sourceval string_of_endian : endian -> string

Sourceval sizeof_pcap_header : int

The size of the initial pcap header in bytes

Sourceval sizeof_pcap_packet : int

The size of the per-packet pcap headers in bytes

Sourceval magic_number : int32

The magic number which identifies a pcap file (and endian-ness)

Sourcemodule Network : sig ... end

Type of outermost network protocol within the captured frames

Sourcemodule LE : sig ... end

Sourcemodule BE : sig ... end

Sourcemodule type HDR = sig ... end

Functions to read/write pcap header fields of a particular endian-ness

Sourceval detect : Cstruct.t -> (module HDR) option

detect buf returns a module capable of reading the pcap header fields, or None if the buffer doesn't contain pcap data.

Sourceval packets : (module HDR) -> Cstruct.t -> (Cstruct.t * Cstruct.t) Cstruct.iter

packets hdr buf returns a Cstruct.iter (sequence) containing (pcap header, pcap body) pairs.