Advertisements

PcapPlusPlus – Packet Manipulation Framework

PcapPlusPlus is a multiplatform C++ network sniffing and packet parsing and manipulation framework. PcapPlusPlus is meant to be lightweight, efficient and easy to use.

 

What makes PcapPlusPlus different from similar C++ wrappers for libpcap/WinPcap?

  • Designed to be lightweight and efficient
  • Support for DPDK fast packet processing engine which enables packet capturing and transmition in line rate using kernel bypass
  • Support for ntop’s PF_RING packet capturing engine that dramatically improves the packet capture speed
  • Support for parsing and editing of many protocols, including L7 protocols like HTTP and SSL/TLS
  • Unique implementation of TCP reassembly logic which includes support of TCP retransmission, out-of-order TCP packets and missing TCP data
  • Support for Remote Capture capabilities on Windows (using RPCAP protocol supported in WinPcap)
  • Support for reading and writing PCAPNG files (a lot more more than currently supported in WinPcap/libpcap)
  • Vast object-oriented filtering mechanism that makes libpcap filters a lot more user-friendly (no need to know the exact filter string to use)

 

PcapPlusPlus is currently supported on WindowsLinux and Mac OS X. It was tested on the following platforms:

  • Windows:
    • Microsoft Visual Studio 2015 (32-bit + 64-bit compilation)
    • MinGW32 (32-bit compilation only)
    • MinGW-w64 (32-bit compilation only)
  • Linux:
    • Ubuntu (12.04 LTS, 14.04 LTS, 16.04 LTS, 14.10)
    • Fedora
    • CentOS
    • It should work on other Linux distributions as well
  • Mac OS X:
    • Yosemite (10.10)
    • El Capitan (10.11)
    • Sierra (10.12)

 

Supported packet capture engines

PcapPlusPlus currently works with the following packet capture engines:

  • libpcap live capture (on Linux and Mac OS X)
  • WinPcap live capture (on Windows)
  • ntop’s Vanilla PF_RING engine (on Linux)
  • Intel DPDK engine (on Linux)
  • WinPcap Remote live capture (on Windows)
  • PCAP and PCAPNG file devices (reading and writing)

 

Supported protocols

The Packet++ library currently supports parsing, editing and creation of packets of the following protocols:

  • Ethernet
  • SLL (Linux cooked capture)
  • Null/Loopback
  • Raw IP (IPv4 & IPv6)
  • IPv4
  • IPv6
  • ARP
  • VLAN
  • VXLAN
  • MPLS
  • PPPoE
  • GRE
  • TCP
  • UDP
  • ICMP
  • IGMP (IGMPv1, IGMPv2 and IGMPv3 are supported)
  • DNS
  • DHCP
  • HTTP headers (request & response)
  • SSL/TLS – parsing only (no editing capabilities)
  • Generic payload

 

Packet And Network Utilities

  • TCP reassembly logic
  • Packet hash key creation (by 5-tuple and 2-tuple)
  • Retrieve remote machine MAC address using ARP protocol
  • Retrieve host IPv4 address by using DNS protocol
  • Checksum calculation

 

Packet Manipulation Framework: PcapPlusPlus Download


Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisements
Advertisements
Advertisements
Advertisements
%d bloggers like this: