All Projects → seladb → Pcapplusplus

seladb / Pcapplusplus

Licence: unlicense
PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, WinPcap, DPDK and PF_RING.

Programming Languages

cpp
1120 projects

Projects that are alternatives of or similar to Pcapplusplus

Trafficengine
a high performance TCP traffic generator
Stars: ✭ 22 (-98.34%)
Mutual labels:  networking, dpdk
Npf
NPF: packet filter with stateful inspection, NAT, IP sets, etc.
Stars: ✭ 160 (-87.9%)
Mutual labels:  networking, dpdk
Fastclick
FastClick - A faster version the Click Modular Router featuring batching, advanced multi-processing and improved Netmap and DPDK support (ANCS'15). Check the metron branch for Metron specificities (NSDI'18).
Stars: ✭ 100 (-92.44%)
Mutual labels:  networking, dpdk
Capsule
A framework for network function development. Written in Rust, inspired by NetBricks and built on DPDK.
Stars: ✭ 217 (-83.59%)
Mutual labels:  networking, dpdk
Pypcap
pypcap - python libpcap module, forked from code.google.com/p/pypcap, now actively maintained
Stars: ✭ 255 (-80.71%)
Mutual labels:  networking, pcap
sip3-captain-ce
SIP3 Captain (Community Edition)
Stars: ✭ 73 (-94.48%)
Mutual labels:  pcap, dpdk
Skydive
An open source real-time network topology and protocols analyzer
Stars: ✭ 2,086 (+57.79%)
Mutual labels:  networking, pcap
Poseidon
Poseidon is a python-based application that leverages software defined networks (SDN) to acquire and then feed network traffic to a number of machine learning techniques. The machine learning algorithms classify and predict the type of device.
Stars: ✭ 310 (-76.55%)
Mutual labels:  networking, pcap
Nff Go
NFF-Go -Network Function Framework for GO (former YANFF)
Stars: ✭ 1,036 (-21.63%)
Mutual labels:  networking, dpdk
Panoptes
A Global Scale Network Telemetry Ecosystem
Stars: ✭ 80 (-93.95%)
Mutual labels:  networking
Wechatdemo
macOS WeChat 仿微信MAC端 QQ NSCollectionView,NSSplitView,ect..
Stars: ✭ 87 (-93.42%)
Mutual labels:  mac-osx
Hamms
Malformed servers to test your HTTP client
Stars: ✭ 1,216 (-8.02%)
Mutual labels:  networking
Ship
A simple, handy network addressing multitool with plenty of features
Stars: ✭ 81 (-93.87%)
Mutual labels:  networking
Kotlin Networking
Kotlin Networking - An elegant networking library written in Kotlin
Stars: ✭ 88 (-93.34%)
Mutual labels:  networking
Network Threats Taxonomy
Machine Learning based Intrusion Detection Systems are difficult to evaluate due to a shortage of datasets representing accurately network traffic and their associated threats. In this project we attempt at solving this problem by presenting two taxonomies
Stars: ✭ 79 (-94.02%)
Mutual labels:  networking
Daggy
Daggy - Data Aggregation Utility. Open source, free, cross-platform, server-less, useful utility for remote or local data aggregation and streaming
Stars: ✭ 91 (-93.12%)
Mutual labels:  pcap
Bluesocket
Socket framework for Swift using the Swift Package Manager. Works on iOS, macOS, and Linux.
Stars: ✭ 1,209 (-8.55%)
Mutual labels:  networking
Kotlin Inline Logger
A logger facilitating lazily-evaluated log calls via Kotlin's inline classes & functions.
Stars: ✭ 77 (-94.18%)
Mutual labels:  multiplatform
Computer Science Resources
A list of resources in different fields of Computer Science (multiple languages)
Stars: ✭ 1,316 (-0.45%)
Mutual labels:  networking
Freecad
This is the official source code of FreeCAD, a free and opensource multiplatform 3D parametric modeler. Issues are managed on our own bug tracker at https://www.freecadweb.org/tracker
Stars: ✭ 10,366 (+684.11%)
Mutual labels:  mac-osx

PcapPlusPlus Logo

GitHub Actions Build Status Build Status Build status Language grade: C/C++ Follow PcapPlusPlus

PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use.

PcapPlusPlus enables decoding and forging capabilities for a large variety of network protocols. It also provides easy to use C++ wrappers for the most popular packet processing engines such as libpcap, WinPcap, Npcap, DPDK and PF_RING.

Table Of Contents

Download

You can choose between downloading pre-compiled binaries and build PcapPlusPlus yourself. For more details please visit the Download page in PcapPlusPlus web-site.

Pre Compiled Binaries

From Homebrew:

brew install pcapplusplus

From Conan:

conan remote add public-conan https://api.bintray.com/conan/bincrafters/public-conan
conan install pcapplusplus/[email protected]/stable -r public-conan

From GitHub release page:

https://github.com/seladb/PcapPlusPlus/releases/latest

Build It Yourself

Clone the git repository:

git clone https://github.com/seladb/PcapPlusPlus.git

Follow the build instructions according to your platform in the Build From Source page in PcapPlusPlus web-site.

Feature Overview

  • Packet capture through an easy to use C++ wrapper for popular packet capture engines such as libpcap, WinPcap, Npcap, Intel DPDK, ntop’s PF_RING and raw sockets [Learn more]
  • Packet parsing and crafting including detailed analysis of protocols and layers, packet generation and packet edit for a large variety of network protocols [Learn more]
  • Read and write packets from/to files in both PCAP and PCAPNG formats [Learn more]
  • Packet processing in line rate through an efficient and easy to use C++ wrapper for DPDK and PF_RING [Learn more]
  • Multiplatform support - PcapPlusPlus is fully supported on Linux, MacOS, Windows and FreeBSD
  • Packet reassembly - unique implementation of TCP Reassembly which includes TCP retransmission, out-of-order TCP packets and missing TCP data, and IP Fragmentation and Defragmentation to create and reassemble IPv4 and IPv6 fragments [Learn more]
  • Packet filtering that makes libpcap's BPF filters a lot more user-friendly [Learn more]
  • TLS Fingerprinting - a C++ implementation of JA3 and JA3S TLS fingerprinting [Learn more]

Getting Started

Writing applications with PcapPlusPlus is very easy and intuitive. Here is a simple application that shows how to read a packet from a PCAP file and parse it:

#include "IPv4Layer.h"
#include "Packet.h"
#include "PcapFileDevice.h"

int main(int argc, char* argv[])
{
    // open a pcap file for reading
    pcpp::PcapFileReaderDevice reader("1_packet.pcap");
    if (!reader.open())
    {
        printf("Error opening the pcap file\n");
        return 1;
    }

    // read the first (and only) packet from the file
    pcpp::RawPacket rawPacket;
    if (!reader.getNextPacket(rawPacket))
    {
        printf("Couldn't read the first packet in the file\n");
        return 1;
    }

    // parse the raw packet into a parsed packet
    pcpp::Packet parsedPacket(&rawPacket);

    // verify the packet is IPv4
    if (parsedPacket.isPacketOfType(pcpp::IPv4))
    {
        // extract source and dest IPs
        pcpp::IPv4Address srcIP = parsedPacket.getLayerOfType<pcpp::IPv4Layer>()->getSrcIPv4Address();
        pcpp::IPv4Address destIP = parsedPacket.getLayerOfType<pcpp::IPv4Layer>()->getDstIPv4Address();

        // print source and dest IPs
        printf("Source IP is '%s'; Dest IP is '%s'\n", srcIP.toString().c_str(), destIP.toString().c_str());
    }

    // close the file
    reader.close();

    return 0;
}

You can find much more information in the Getting Started page in PcapPlusPlus web-site. This page will walk you through few easy steps to have an app up and running.

API Documentation

PcapPlusPlus consists of 3 libraries:

  1. Packet++ - a library for parsing, creating and editing network packets
  2. Pcap++ - a library for intercepting and sending packets, providing network and NIC info, stats, etc. It is actually a C++ wrapper for packet capturing engines such as libpcap, WinPcap, Npcap, DPDK and PF_RING
  3. Common++ - a library with some common code utilities used by both Packet++ and Pcap++

You can find an extensive API documentation in the API documentation section in PcapPlusPlus web-site. If you see any missing data please contact us.

Multi Platform Support

PcapPlusPlus is currently supported on Windows, Linux, MacOS and FreeBSD. Please visit PcapPlusPlus web-site to see all of the supported platforms and refer to the Download section to start using PcapPlusPlus on your platform.

Supported Network Protocols

PcapPlusPlus currently supports parsing, editing and creation of packets of the following protocols:

  1. Ethernet II
  2. IEEE 802.3 Ethernet
  3. SLL (Linux cooked capture)
  4. Null/Loopback
  5. Raw IP (IPv4 & IPv6)
  6. IPv4
  7. IPv6
  8. ARP
  9. VLAN
  10. VXLAN
  11. MPLS
  12. PPPoE
  13. GRE
  14. TCP
  15. UDP
  16. GTP (v1)
  17. ICMP
  18. IGMP (IGMPv1, IGMPv2 and IGMPv3 are supported)
  19. IPSec AH & ESP - parsing only (no editing capabilities)
  20. SIP
  21. SDP
  22. Radius
  23. DNS
  24. DHCP
  25. BGP (v4)
  26. SSH - parsing only (no editing capabilities)
  27. HTTP headers (request & response)
  28. SSL/TLS - parsing only (no editing capabilities)
  29. Packet trailer (a.k.a footer or padding)
  30. Generic payload

DPDK And PF_RING Support

The Data Plane Development Kit (DPDK) is a set of data plane libraries and network interface controller drivers for fast packet processing.

PF_RING™ is a new type of network socket that dramatically improves the packet capture speed.

Both frameworks provide very fast packets processing (up to line speed) and are used in many network applications such as routers, firewalls, load balancers, etc. PcapPlusPLus provides a C++ abstraction layer over DPDK & PF_RING. This abstraction layer provides an easy to use interface that removes a lot of the boilerplate involved in using these frameworks. You can learn more by visiting the DPDK & PF_RING support pages in PcapPlusPlus web-site.

Benchmarks

We used Matias Fontanini's packet-capture-benchmarks project to compare the performance of PcapPlusPlus with other similar C++ libraries (such as libtins and libcrafter).

You can see the results in the Benchmarks page in PcapPlusPlus web-site.

Provide Feedback

We'd be more than happy to get feedback, please feel free to reach out to us in any of the following ways:

If you like this project please Star us on GitHub — it helps! ⭐️ ⭐️

Please visit the PcapPlusPlus web-site to learn more.

Contributing

We would very much appreciate any contribution to this project. If you're interested in contributing please visit the contribution page in PcapPlusPlus web-site.

License

PcapPlusPlus is released under the Unlicense license.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].