Popularity
7.5
Growing
Activity
9.0
-
2,570
95
630

Description

PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, WinPcap, DPDK and PF_RING.

Programming language: C++
License: The Unlicense
Tags: Networking     Cpp     Packet-crafting     Dpdk     Packet-parsing     Pf_ring     Libpcap     WinPcap    
Latest version: v20.08

PcapPlusPlus alternatives and similar libraries

Based on the "Networking" category.
Alternatively, view PcapPlusPlus alternatives based on common mentions on social networks and blogs.

Do you think we are missing an alternative of PcapPlusPlus or a related project?

Add another 'Networking' Library
WorkOS - The modern identity platform for B2B SaaS
sponsored workos.com

Popular Comparisons

SaaSHub - Software Alternatives and Reviews
sponsored www.saashub.com

README

PcapPlusPlus Logo

GitHub Actions Build Status Build Status Build status Language grade: C/C++

PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use.

PcapPlusPlus enables decoding and forging capabilities for a large variety of network protocols. It also provides easy to use C++ wrappers for the most popular packet processing engines such as libpcap, WinPcap, Npcap, DPDK and PF_RING.

Table Of Contents

Download

You can choose between downloading pre-compiled binaries and build PcapPlusPlus yourself. For more details please visit the Download page in PcapPlusPlus web-site.

Pre Compiled Binaries

From Homebrew:

brew install pcapplusplus

From Conan:

conan remote add public-conan https://api.bintray.com/conan/bincrafters/public-conan
conan install pcapplusplus/20.08@bincrafters/stable -r public-conan

From GitHub release page:

https://github.com/seladb/PcapPlusPlus/releases/latest

Build It Yourself

Clone the git repository:

git clone https://github.com/seladb/PcapPlusPlus.git

Follow the build instructions according to your platform in the Build From Source page in PcapPlusPlus web-site.

Feature Overview

  • Packet capture through an easy to use C++ wrapper for popular packet capture engines such as libpcap, WinPcap, Npcap, Intel DPDK, ntop’s PF_RING and raw sockets [Learn more]
  • Packet parsing and crafting including detailed analysis of protocols and layers, packet generation and packet edit for a large variety of network protocols [Learn more]
  • Read and write packets from/to files in both PCAP and PCAPNG formats [Learn more]
  • Packet processing in line rate through an efficient and easy to use C++ wrapper for DPDK and PF_RING [Learn more]
  • Multiplatform support - PcapPlusPlus is fully supported on Linux, MacOS, Windows, Android and FreeBSD
  • Packet reassembly - unique implementation of TCP Reassembly which includes TCP retransmission, out-of-order TCP packets and missing TCP data, and IP Fragmentation and Defragmentation to create and reassemble IPv4 and IPv6 fragments [Learn more]
  • Packet filtering that makes libpcap's BPF filters a lot more user-friendly [Learn more]
  • TLS Fingerprinting - a C++ implementation of JA3 and JA3S TLS fingerprinting [Learn more]

Getting Started

Writing applications with PcapPlusPlus is very easy and intuitive. Here is a simple application that shows how to read a packet from a PCAP file and parse it:

#include "IPv4Layer.h"
#include "Packet.h"
#include "PcapFileDevice.h"

int main(int argc, char* argv[])
{
    // open a pcap file for reading
    pcpp::PcapFileReaderDevice reader("1_packet.pcap");
    if (!reader.open())
    {
        printf("Error opening the pcap file\n");
        return 1;
    }

    // read the first (and only) packet from the file
    pcpp::RawPacket rawPacket;
    if (!reader.getNextPacket(rawPacket))
    {
        printf("Couldn't read the first packet in the file\n");
        return 1;
    }

    // parse the raw packet into a parsed packet
    pcpp::Packet parsedPacket(&rawPacket);

    // verify the packet is IPv4
    if (parsedPacket.isPacketOfType(pcpp::IPv4))
    {
        // extract source and dest IPs
        pcpp::IPv4Address srcIP = parsedPacket.getLayerOfType<pcpp::IPv4Layer>()->getSrcIPv4Address();
        pcpp::IPv4Address destIP = parsedPacket.getLayerOfType<pcpp::IPv4Layer>()->getDstIPv4Address();

        // print source and dest IPs
        printf("Source IP is '%s'; Dest IP is '%s'\n", srcIP.toString().c_str(), destIP.toString().c_str());
    }

    // close the file
    reader.close();

    return 0;
}

You can find much more information in the Getting Started page in PcapPlusPlus web-site. This page will walk you through few easy steps to have an app up and running.

API Documentation

PcapPlusPlus consists of 3 libraries:

  1. Packet++ - a library for parsing, creating and editing network packets
  2. Pcap++ - a library for intercepting and sending packets, providing network and NIC info, stats, etc. It is actually a C++ wrapper for packet capturing engines such as libpcap, WinPcap, Npcap, DPDK and PF_RING
  3. Common++ - a library with some common code utilities used by both Packet++ and Pcap++

You can find an extensive API documentation in the API documentation section in PcapPlusPlus web-site. If you see any missing data please contact us.

Multi Platform Support

PcapPlusPlus is currently supported on Windows, Linux, MacOS, Android and FreeBSD. Please visit PcapPlusPlus web-site to see all of the supported platforms and refer to the Download section to start using PcapPlusPlus on your platform.

Supported Network Protocols

PcapPlusPlus currently supports parsing, editing and creation of packets of the following protocols:

  1. Ethernet II
  2. IEEE 802.3 Ethernet
  3. SLL (Linux cooked capture)
  4. Null/Loopback
  5. Raw IP (IPv4 & IPv6)
  6. IPv4
  7. IPv6
  8. ARP
  9. VLAN
  10. VXLAN
  11. MPLS
  12. PPPoE
  13. GRE
  14. TCP
  15. UDP
  16. GTP (v1)
  17. ICMP
  18. IGMP (IGMPv1, IGMPv2 and IGMPv3 are supported)
  19. IPSec AH & ESP - parsing only (no editing capabilities)
  20. SIP
  21. SDP
  22. Radius
  23. DNS
  24. DHCP
  25. BGP (v4)
  26. SSH - parsing only (no editing capabilities)
  27. HTTP headers (request & response)
  28. SSL/TLS - parsing only (no editing capabilities)
  29. Packet trailer (a.k.a footer or padding)
  30. Generic payload

DPDK And PF_RING Support

The Data Plane Development Kit (DPDK) is a set of data plane libraries and network interface controller drivers for fast packet processing.

PF_RING™ is a new type of network socket that dramatically improves the packet capture speed.

Both frameworks provide very fast packets processing (up to line speed) and are used in many network applications such as routers, firewalls, load balancers, etc. PcapPlusPLus provides a C++ abstraction layer over DPDK & PF_RING. This abstraction layer provides an easy to use interface that removes a lot of the boilerplate involved in using these frameworks. You can learn more by visiting the DPDK & PF_RING support pages in PcapPlusPlus web-site.

Benchmarks

We used Matias Fontanini's packet-capture-benchmarks project to compare the performance of PcapPlusPlus with other similar C++ libraries (such as libtins and libcrafter).

You can see the results in the Benchmarks page in PcapPlusPlus web-site.

Provide Feedback

We'd be more than happy to get feedback, please feel free to reach out to us in any of the following ways:

If you like this project please Star us on GitHub — it helps! :star: :star:

Please visit the PcapPlusPlus web-site to learn more.

Contributing

We would very much appreciate any contribution to this project. If you're interested in contributing please visit the contribution page in PcapPlusPlus web-site.

License

PcapPlusPlus is released under the Unlicense license.


*Note that all licence references and agreements mentioned in the PcapPlusPlus README section above are relevant to that project's source code only.