Pcap

From Wikipedia, the free encyclopedia

pcap is an application programming interface for packet capturing. The implementation of pcap for Unix-like systems is known as libpcap; the Windows port of libpcap is called WinPcap.

libpcap and WinPcap may be used by a program to capture packets travelling over a network and, in newer versions, to transmit packets on a network at the link layer, as well as to get a list of network interfaces that can be used with libpcap or WinPcap.

libpcap and WinPcap are the packet capture and filtering engines of many open source and commercial network tools, including protocol analyzers, network monitors, network intrusion detection systems, packet sniffers, traffic generators and network testers.

The pcap API is designed for use from C and C++, so, for other languages such as scripting languages, Java, and .NET languages, a wrapper is generally used.

Contents 1 WinPcap 2 Some programs that use libpcap/WinPcap 3 Wrappers for use of libpcap/WinPcap in languages other than C and C++ 4 External links

[edit] WinPcap

WinPcap consists of:

• drivers for Windows 95/98/Me, and for the Windows NT family (Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, etc.), that use NDIS to read packets directly from a network adapter;
• implementations of a lower-level library for those OSes, to communicate with those drivers;
• a port of libpcap that uses the API offered by the low-level library implementations.

It was originally developed at the Politecnico di Torino.

[edit] Some programs that use libpcap/WinPcap

• Wireshark (formerly Ethereal), a graphical packet capture and protocol analysis tool
• tcpdump, a tool for capturing and dumping packets for further analysis, and WinDump, the Windows port of tcpdump
• Snort, a network intrusion detection system
• Nmap, a port scanning and fingerprinting network utility
• WC3Banlist, a program to detect suspected leavers from Warcraft 3 games.

[edit] Wrappers for use of libpcap/WinPcap in languages other than C and C++

• Net::Pcap, a Perl wrapper for pcap
• python-libpcap, a Python wrapper for pcap
• Ruby/Pcap, a Ruby wrapper for pcap
• tclpcap, a Tcl wrapper for pcap
• JpCap, a Java wrapper for pcap
• NetpCap, a .NET wrapper for WinPcap

[edit] External links

• Official site for libpcap (and tcpdump)
• Official site for WinPcap (and WinDump)
• CPAN page for Net::Pcap
• SourceForge page for python-libpcap
• Official site for Ruby/Pcap
• Official site for tclpcap
• Official site for JpCap
• Official site for NetpCap