[pcap-ng-format] Announcing PackageSwiftPcapng and PcapngPrint: open source and written in Swift

feedback at networkmom.net feedback at networkmom.net
Thu Mar 12 19:21:45 UTC 2020 

pcap-ng-format folks,

I’m pleased to announce two open source Swift resources related to .pcapng files.

PackageSwiftPcapng parses .pcap and .pcapng files.  https://github.com/darrellroot/PackageSwiftPcapng <https://github.com/darrellroot/PackageSwiftPcapng>  It successfully handles all test cases at https://github.com/hadrielk/pcapng-test-generator <https://github.com/hadrielk/pcapng-test-generator> except test202 (which I think has an error, I opened an issue).

PcapngPrint uses PackageSwiftPcapng to print out .pcapng file structures for diagnostic purposes.  https://github.com/darrellroot/PcapngPrint <https://github.com/darrellroot/PcapngPrint> (sample output below)

I’ve updated https://github.com/pcapng/pcapng/wiki/Implementations <https://github.com/pcapng/pcapng/wiki/Implementations> to show the new Swift library.

PackageSwiftPcapng is used by “Etherdump”, “Etherdump Lite”, and “etherdump-CLI”, which are my new Swift/SwiftUI packet capture and analysis applications (admission: these applications output in .pcap format, not .pcapng format, but can import in either format).

Darrell Root
feedback at networkmom.net


% ./PcapngPrint ~/test/e.pcapng
File /Users/droot/test/e.pcapng Format: pcapng
PcapngPrint: info PcapngShb options data count 100
PcapngPrint: info code 1 length 21 startIndex 24
PcapngPrint: info PcapngOption.init code 1 length 21 data 21 bytes
PcapngPrint: info code 2 length 7 startIndex 0
PcapngPrint: info PcapngOption.init code 2 length 7 data 7 bytes
PcapngPrint: info code 3 length 14 startIndex 0
PcapngPrint: info PcapngOption.init code 3 length 14 data 14 bytes
PcapngPrint: info code 4 length 32 startIndex 0
PcapngPrint: info PcapngOption.init code 4 length 32 data 32 bytes
PcapngPrint: info code 0 length 0 startIndex 0
PcapngPrint: info PcapngOption.init code 0 length 0 data 0 bytes
PcapngPrint: info PcapngShg blockType 0xa0d0d0a blockTotalLength 128 byteOrderMagic 0x1a2b3c4d majorVersion 1 minorVersion 0 sectionLength -1 options.count 5
 interfaces.count 0 interfaceStatistics 0 nameResolutions 0 packetBlocks.count 0 customBlocks 0  comment section header block
  hardware x86_64
  os Darwin 19.3.0
  userappl tcpdump (libpcap version 1.9.1)
  endofopt

PcapngPrint: info PcapngIdb options data count 12
PcapngPrint: info code 2 length 4 startIndex 16
PcapngPrint: info PcapngOption.init code 2 length 4 data 4 bytes
PcapngPrint: info code 0 length 0 startIndex 0
PcapngPrint: info PcapngOption.init code 0 length 0 data 0 bytes
PcapngPrint: info PcapngIdb blockType 0x1 blockLength 32 linkType 1 snaplen 40000 options.count 2
  name en0
)  endofopt
)
PcapngPrint: info PcapngEpb options data count 20
PcapngPrint: info code 2 length 4 startIndex 204
PcapngPrint: info PcapngOption.init code 2 length 4 data 4 bytes

(output continues…)




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/pcap-ng-format/attachments/20200312/72a8cbd2/attachment.html>

More information about the pcap-ng-format mailing list