PcapPlusPlus is a multiplatform C++ network sniffing and packet parsing and crafting framework. PcapPlusPlus is meant to be lightweight, efficient and easy to use.
PcapPlusPlus web-site: http://seladb.github.io/PcapPlusPlus-Doc
Please visit the Tutorials in PcapPlusPlus web-site to learn about PcapPlusPlus and how to use it
- Designed to be lightweight and efficient
- Support for DPDK fast packet processing engine which enables packet capturing and transmition in line rate using kernel bypass
- Support for ntop's PF_RING packet capturing engine that dramatically improves the packet capture speed
- Support for parsing and editing of many protocols, including L5-7 protocols like HTTP, SSL/TLS and SIP
- Unique implementation of TCP reassembly logic which includes support of TCP retransmission, out-of-order TCP packets and missing TCP data
- Support for Remote Capture capabilities on Windows (using RPCAP protocol supported in WinPcap)
- Support for reading and writing PCAPNG files (a lot more more than currently supported in WinPcap/libpcap)
- Vast object-oriented filtering mechanism that makes libpcap filters a lot more user-friendly (no need to know the exact filter string to use)
PcapPlusPlus is currently supported on Windows, Linux and Mac OS X. It was tested on the following platforms:
-
Windows:
- Microsoft Visual Studio 2015 (32-bit + 64-bit compilation)
- MinGW32 (32-bit compilation only)
- MinGW-w64 (32-bit compilation only)
-
Linux:
- Ubuntu (12.04 LTS, 14.04 LTS, 16.04 LTS)
- Fedora 26
- CentOS 7
- It should work on other Linux distributions as well
-
Mac OS X:
- Yosemite (10.10)
- El Capitan (10.11)
- Sierra (10.12)
PcapPlusPlus currently works with the following devices:
- libpcap live device (on Linux and Mac OS X)
- WinPcap live device (on Windows)
- Vanilla PF_RING device (on Linux)
- DPDK device (on Linux)
- Remote live device (on Windows)
- PCAP and PCAPNG file devices
The Packet++ library currently supports parsing, editing and creation of packets of the following protocols:
- Ethernet
- SLL (Linux cooked capture)
- Null/Loopback
- Raw IP (IPv4 & IPv6)
- IPv4
- IPv6
- ARP
- VLAN
- VXLAN
- MPLS
- PPPoE
- GRE
- TCP
- UDP
- ICMP
- IGMP (IGMPv1, IGMPv2 and IGMPv3 are supported)
- SIP
- SDP
- DNS
- DHCP
- HTTP headers (request & response)
- SSL/TLS - parsing only (no editing capabilities)
- Generic payload
- TCP reassembly logic
- Packet hash key creation (by 5-tuple and 2-tuple)
- Retrieve remote machine MAC address using ARP protocol
- Retrieve host IPv4 address by using DNS protocol
- Checksum calculation
PcapPlusPlus consists of 3 libraries:
- Packet++ - a library for parsing, creating and editing packets
- Pcap++ - a library for intercepting and sending packets, providing network and NIC info, stats, etc. It is actually a C++ wrapper for packet capturing engines such as libpcap, WinPcap, DPDK and PF_RING
- Common++ - a library with some common code utilities used by both Packet++ and Pcap++
In addition it contains many examples, tutorials and utilities documented in the Examples and in the Tutorials pages in PcapPlusPlus web-site
In order to download PcapPlusPlus, please visit the github page.
You can also download it using these links:
Or clone the git repository by:
git clone https://github.com/seladb/PcapPlusPlus.git
If you want an already compiled version of PcapPlusPlus chekcout the latest release: https://github.com/seladb/PcapPlusPlus/releases/latest
For compilation instructions of the various platforms please refer to the Download page in PcapPlusPlus web-site
PcapPlusPlus web-site includes all the relevant documentation.
Also, the entire API of PcapPlusPlus is documented using doxygen. You can find it here: http://seladb.github.io/PcapPlusPlus-Doc/Documentation/index.html
If you see any missing information please tell me
I'll be very happy to get feedbacks, so feel free to contact me in any of the following ways:
- Open a Github ticket
- PcapPlusPlus Google group: https://groups.google.com/d/forum/pcapplusplus-support
- Send an email to: [email protected]
PcapPlusPLus provides a C++ absraction layers over DPDK & PF_RING. For more details please visit PcapPlusPlus web-site:
http://seladb.github.io/PcapPlusPlus-Doc/dpdk-pf_ring.html
I used Matias Fontanini's packet-capture-benchmarks project to compare the performance of PcapPlusPlus with other similar C++ libraries (libtins and libcrafter).
The results can eviewed in the Benchmarks page in PcapPlusPlus web-site
Please refer to the Tutorials section in PcapPlusPlus web-site