PcapPlusPlus – Packet Manipulation Framework

PcapPlusPlus is a multiplatform C++ network sniffing and packet parsing and manipulation framework. PcapPlusPlus is meant to be lightweight, efficient and easy to use.

Packet Manipulation FrameworkWhat makes PcapPlusPlus different from similar C++ wrappers for libpcap/WinPcap?

  • Designed to be lightweight and efficient
  • Support for DPDK fast packet processing engine which enables packet capturing and transmition in line rate using kernel bypass
  • Support for ntop’s PF_RING packet capturing engine that dramatically improves the packet capture speed
  • Support for parsing and editing of many protocols, including L7 protocols like HTTP and SSL/TLS
  • Unique implementation of TCP reassembly logic which includes support of TCP retransmission, out-of-order TCP packets and missing TCP data
  • Support for Remote Capture capabilities on Windows (using RPCAP protocol supported in WinPcap)
  • Support for reading and writing PCAPNG files (a lot more more than currently supported in WinPcap/libpcap)
  • Vast object-oriented filtering mechanism that makes libpcap filters a lot more user-friendly (no need to know the exact filter string to use)

PcapPlusPlus is currently supported on WindowsLinux and Mac OS X. It was tested on the following platforms:

  • Windows:
    • Microsoft Visual Studio 2015 (32-bit + 64-bit compilation)
    • MinGW32 (32-bit compilation only)
    • MinGW-w64 (32-bit compilation only)
  • Linux:
    • Ubuntu (12.04 LTS, 14.04 LTS, 16.04 LTS, 14.10)
    • Fedora
    • CentOS
    • It should work on other Linux distributions as well
  • Mac OS X:
    • Yosemite (10.10)
    • El Capitan (10.11)
    • Sierra (10.12)

Download

Add Comment