import ddn.net.pcap;
// Open an offline capture
auto pcap = Pcap.openOffline("traffic.pcap");
scope(exit) pcap.close();
// Iterate over packets
foreach (packet; pcap.packets) {
writeln("Captured ", packet.capturedLen, " bytes");
}
// Use a filter
auto filter = CompiledFilter(pcap, "tcp port 80");
foreach (packet; pcap.packets) {
if (filter.matches(packet)) {
// process HTTP packet
}
}ddn.net.pcap.capture
High-level packet capture API.
This module provides the Pcap class, which offers an idiomatic D interface for packet capture and analysis.
Examples
License
BSD-3-Clause
Copyright
© 2026 DDN (D Developer Network) Members
Types 4
classPcapException : Exception
Exception thrown by high-level libpcap operations.
Fields
PcapStatus statusConstructors
this(PcapStatus s, string msg, string file = __FILE__, size_t line = __LINE__)structPacket
Represents a single captured packet.
This struct is safe to use from @safe code.
Fields
timeval timestampuint capturedLenuint originalLenubyte[] datastructPacketRange
An input range for iterating over packets in a capture.
Each call to popFront copies packet data out of libpcap's internal buffer into GC-owned memory, so front.data remains valid after the range advances.
Note
creating multiple PacketRange instances over a single
Pcap handle
shares the underlying stream state. Advancing one range advances the stream for all of them. For independent iteration, open the capture file multiple times.
Methods
classPcap
Represents a packet capture session.
Fields
private PcapHandle _handleMethods
void close()Closes the capture session.PacketRange packets()Returns an input range for iterating over packets.Pcap openOffline(string path)Opens an offline capture from a pcap file.int datalink()Returns the datalink type.int snapshot()Returns the snapshot length.Constructors
this(ref PcapHandle handle)Internal constructor.Destructors
~thisDestructor closes the capture session.