bandwidth c++ libpcap lidar network networkprogramming pcap protocols socket utilities windows winpcap winsock winsocket

My tags:

From Wikipedia, the free encyclopedia

In the field of computer network administration, pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as WinPcap.

Monitoring software may use libpcap and/or WinPcap to capture packets travelling over a network and, in newer versions, to transmit packets on a network at the link layer, as well as to get a list of network interfaces for possible use with libpcap or WinPcap.

libpcap and WinPcap also support saving captured packets to a file, and reading files containing saved packets; applications can be written, using libpcap or WinPcap, to be able to capture network traffic and analyze it, or to read a saved capture and analyze it, using the same analysis code. A capture file saved in the format that libpcap and WinPcap use can be read by applications that understand that format.

libpcap and WinPcap provide the packet-capture and filtering engines of many open source and commercial network tools, including protocol analyzers (packet sniffers), network monitors, network intrusion detection systems, traffic-generators and network-testers.

The implementors of the pcap API wrote it for use in C and C++, so other languages such as Java, .NET languages, and scripting languages generally use a wrapper.

Contents 1 libpcap 2 WinPcap 3 Some programs that use libpcap/WinPcap 4 Some programs that support the libpcap file format 5 Wrappers for use of libpcap/WinPcap in languages other than C and C++ 6 External links

[edit] libpcap

libpcap was originally developed by the tcpdump developers in the Network Research Group at Lawrence Berkeley Laboratory. The low-level packet capture, capture file reading, and capture file writing code of tcpdump was extracted and made into a library, with which tcpdump was linked. It is now developed by the same tcpdump.org group that develops tcpdump. The latest version is 1.0.0 as of March 1, 2009.

[edit] WinPcap

WinPcap consists of:

• drivers for Windows 95/98/Me, and for the Windows NT family (Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, etc.), which use NDIS to read packets directly from a network adapter;
• implementations of a lower-level library for the listed operating systems, to communicate with those drivers;
• a port of libpcap that uses the API offered by the low-level library implementations.

Programmers at the Politecnico di Torino wrote the original code; as of 2008 CACE Technologies, a company set up by some of the WinPcap developers, develops and maintains the product.

[edit] Some programs that use libpcap/WinPcap

• tcpdump, a tool for capturing and dumping packets for further analysis, and WinDump, the Windows port of tcpdump.
• Wireshark (formerly Ethereal), a graphical packet-capture and protocol-analysis tool.
• Snort, a network-intrusion-detection system.
• ssldump, an SSLv3/TLS analyzer. It decodes SSL records and displays them to stdout.
• Nmap, a port-scanning and fingerprinting network utility
• the Bro IDS and network-monitoring platform.
• URL Snooper, locate the URLs of audio and video files so that they can be recorded.
• Kismet, for 802.11 wireless LANs
• L0phtCrack, a password auditing and recovery application.
• Xplico, open source Network Forensic Analysis Tool (NFAT).

[edit] Some programs that support the libpcap file format

• CA NetMaster Network Management for TCP/IP
• Dream Software Defined Radio

[edit] Wrappers for use of libpcap/WinPcap in languages other than C and C++

• Net::Pcap, a Perl wrapper for pcap
• python-libpcap, a Python wrapper for pcap
• pcapy, another Python wrapper for pcap
• PacketFu, a Ruby wrapper for pcap
• tclpcap, a Tcl wrapper for pcap
• jpcap, a Java wrapper for pcap
• jNetPcap, another Java wrapper for pcap
• WinPcapNET and SharpPcap, .NET wrappers for WinPcap
• pcap, Haskell bindings for pcap
• mlpcap, Objective Caml bindings for pcap
• pcap, Chicken Scheme wrapper for pcap
• PLOKAMI, a Common Lisp wrapper for pcap

[edit] External links

• Official site for libpcap (and tcpdump)
• Official site for WinPcap (and WinDump)
• CPAN page for Net::Pcap
• Official site for pcapy (module for Python)
• SourceForge page for python-libpcap
• Official site for Ruby/Pcap
• Official site for ssldump
• Official site for tclpcap
• jpcap on SourceForge
• another jpcap implementation
• jNetPcap a comprehensive Java wrapper
• WinPcapNET presentation
• SharpPcap capture framework for .NET
• Man Page for tcpdump
• List of pcap applications