pcap

From Wikipedia, the free encyclopedia

In the field of computer network administration, pcap consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as WinPcap.

Monitoring software may use libpcap and/or WinPcap to capture packets travelling over a network and, in newer versions, to transmit packets on a network at the link layer, as well as to get a list of network interfaces for possible use with libpcap or WinPcap.

libpcap and WinPcap also support saving captured packets to a file, and reading files containing saved packets; applications can be written, using libpcap or WinPcap, to be able to capture network traffic and analyze it, or to read a saved capture and analyze it, using the same analysis code. A capture file saved in the format that libpcap and WinPcap use can be read by applications that understand that format.

libpcap and WinPcap provide the packet-capture and filtering engines of many open-source and commercial network tools, including protocol analyzers (packet sniffers), network monitors, network intrusion detection systems, traffic-generators and network-testers.

The implementors of the pcap API wrote for use from C and C++, so other languages such as Java, .NET and the scripting languages generally use a wrapper.

Contents 1 WinPcap 2 Some programs that use libpcap/WinPcap 3 Some programs that support the libpcap file format 4 Wrappers for use of libpcap/WinPcap in languages other than C and C++ 5 External links

[edit] WinPcap

WinPcap consists of:

• drivers for Windows 95/98/Me, and for the Windows NT family (Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, etc.), which use NDIS to read packets directly from a network adapter;
• implementations of a lower-level library for the listed operating systems, to communicate with those drivers;
• a port of libpcap that uses the API offered by the low-level library implementations.

Programmers at the Politecnico di Torino wrote the original code; as of 2008 CACE Technologies, a company set up by some of the WinPcap developers, develops and maintains the product.

[edit] Some programs that use libpcap/WinPcap

• tcpdump, a tool for capturing and dumping packets for further analysis, and WinDump, the Windows port of tcpdump.
• Wireshark (formerly Ethereal), a graphical packet-capture and protocol-analysis tool.
• Snort, a network-intrusion-detection system.
• ssldump, an SSLv3/TLS analyzer. It decodes SSL records and displays them to stdout.
• Nmap, a port-scanning and fingerprinting network utility
• the Bro IDS and network-monitoring platform.
• URL Snooper, locate the URLs of audio and video files so that they can be recorded.
• Kismet, for 802.11 wireless LANs
• AppRadar, a database intrusion detection system.
• AutoScan-Network - AutoScan-Network is a network discovering and managing application
• L0phtCrack a password auditing and recovery application.

[edit] Some programs that support the libpcap file format

• CA NetMaster Network Management for TCP/IP

[edit] Wrappers for use of libpcap/WinPcap in languages other than C and C++

• Net::Pcap, a Perl wrapper for pcap
• python-libpcap, a Python wrapper for pcap
• pcapy, another Python wrapper for pcap
• Ruby/Pcap, a Ruby wrapper for pcap
• tclpcap, a Tcl wrapper for pcap
• jpcap, a Java wrapper for pcap
• jNetPcap, another Java wrapper for pcap
• WinPcapNET and SharpPcap, .NET wrappers for WinPcap
• pcap, Haskell bindings for pcap
• mlpcap, Objective Caml bindings for pcap

[edit] External links

• Official site for libpcap (and tcpdump)
• Official site for tclpcap
• jpcap on SourceForge