- Pcap
In the field of
computer network administration , pcap (packet capture) consists of anapplication programming interface (API) for capturing network traffic.Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as WinPcap.Monitoring software may use libpcap and/or WinPcap to capture packets travelling over a network and, in newer versions, to transmit packets on a network at the
link layer , as well as to get a list of network interfaces for possible use with libpcap or WinPcap.libpcap and WinPcap also support saving captured packets to a file, and reading files containing saved packets; applications can be written, using libpcap or WinPcap, to be able to capture network traffic and analyze it, or to read a saved capture and analyze it, using the same analysis code. A capture file saved in the format that libpcap and WinPcap use can be read by applications that understand that format.
libpcap and WinPcap provide the packet-capture and filtering engines of many open-source and commercial network tools, including protocol analyzers (
packet sniffer s),network monitor s,network intrusion detection system s, traffic-generators and network-testers.The implementors of the pcap API wrote for use from C and C++, so other languages such as Java, .NET and the
scripting languages generally use awrapper .libpcap
libpcap was originally developed by the
tcpdump developers in the Network Research Group atLawrence Berkeley Laboratory . The low-level packet capture, capture file reading, and capture file writing code of tcpdump was extracted and made into a library, with which tcpdump was linked. It is now developed by the same tcpdump.org group that develops tcpdump.WinPcap
WinPcap consists of:
* drivers for
Windows 95 /98/Me, and for theWindows NT family (Windows NT 4.0 ,Windows 2000 ,Windows XP ,Windows Server 2003 ,Windows Vista , etc.), which useNDIS to read packets directly from anetwork adapter ;
* implementations of a lower-level library for the listed operating systems, to communicate with those drivers;
* a port of libpcap that uses the API offered by the low-level library implementations.Programmers at the
Politecnico di Torino wrote the original code; as of 2008CACE Technologies , a company set up by some of the WinPcap developers, develops and maintains the product.Some programs that use libpcap/WinPcap
*
tcpdump , a tool for capturing and dumping packets for further analysis, and WinDump, the Windows port of tcpdump.
*Wireshark (formerly Ethereal), a graphical packet-capture and protocol-analysis tool.
* Snort, a network-intrusion-detection system.
* ssldump, an SSLv3/TLS analyzer. It decodes SSL records and displays them to stdout.
*Nmap , a port-scanning and fingerprinting network utility
* the Bro IDS and network-monitoring platform.
*URL Snooper , locate the URLs of audio and video files so that they can be recorded.
* Kismet, for 802.11 wireless LANs
*L0phtCrack , apassword audit ing and recovery application.
*Xplico , open source Network Forensic Analysis Tool (NFAT).Some programs that support the libpcap file format
* CA
NetMaster Network Management for TCP/IP
= Wrappers for use of libpcap/WinPcap in languages other than C andC++ =* Net::Pcap, a
Perl wrapper for pcap
* python-libpcap, a Python wrapper for pcap
* pcapy, another Python wrapper for pcap
* Ruby/Pcap, a Ruby wrapper for pcap
* tclpcap, aTcl wrapper for pcap
* jpcap, a Java wrapper for pcap
* jNetPcap, another Java wrapper for pcap
* WinPcapNET and SharpPcap, .NET wrappers for WinPcap
* pcap, Haskell bindings for pcap
* mlpcap,Objective Caml bindings for pcap
* pcap,Chicken Scheme wrapper for pcapExternal links
* [http://www.tcpdump.org/ Official site for libpcap (and tcpdump)]
* [http://www.winpcap.org/ Official site for WinPcap (and WinDump)]
* [http://search.cpan.org/~saper/Net-Pcap/Pcap.pm CPAN page for Net::Pcap]
* [http://oss.coresecurity.com/projects/pcapy.html Official site for pcapy (module for Python)]
* [http://sourceforge.net/projects/pylibpcap/ SourceForge page for python-libpcap]
* [http://www.goto.info.waseda.ac.jp/~fukusima/ruby/pcap-e.html Official site for Ruby/Pcap]
* [http://www.rtfm.com/ssldump/ Official site for ssldump]
* [http://tclpcap.sourceforge.net/ Official site for tclpcap]
* [http://jpcap.sourceforge.net/ jpcap on SourceForge]
* [http://netresearch.ics.uci.edu/kfujii/jpcap/doc/index.html another jpcap implementation]
* [http://jnetpcap.sourceforge.net/ jNetPcap a comprehensive Java wrapper]
* [http://www.codeproject.com/csharp/pktcap.asp WinPcapNET presentation]
* [http://www.tamirgal.com/home/dev.aspx?Item=SharpPcap SharpPcap capture framework for .NET]
* [http://www.tcpdump.org/tcpdump_man.html Man Page for tcpdump]
* [http://www.stearns.org/doc/pcap-apps.html List of pcap applications]
Wikimedia Foundation. 2010.
