PcapPlusPlus is a multiplatform C++ network sniffing and packet parsing and manipulation framework. PcapPlusPlus is meant to be lightweight, efficient and easy to use.
- Designed to be lightweight and efficient
- Support for DPDK fast packet processing engine which enables packet capturing and transmition in line rate using kernel bypass
- Support for ntop’s PF_RING packet capturing engine that dramatically improves the packet capture speed
- Support for parsing and editing of many protocols, including L7 protocols like HTTP and SSL/TLS
- Unique implementation of TCP reassembly logic which includes support of TCP retransmission, out-of-order TCP packets and missing TCP data
- Support for Remote Capture capabilities on Windows (using RPCAP protocol supported in WinPcap)
- Support for reading and writing PCAPNG files (a lot more more than currently supported in WinPcap/libpcap)
- Vast object-oriented filtering mechanism that makes libpcap filters a lot more user-friendly (no need to know the exact filter string to use)
PcapPlusPlus is currently supported on Windows, Linux and Mac OS X. It was tested on the following platforms:
- Windows:
- Microsoft Visual Studio 2015 (32-bit + 64-bit compilation)
- MinGW32 (32-bit compilation only)
- MinGW-w64 (32-bit compilation only)
- Linux:
- Ubuntu (12.04 LTS, 14.04 LTS, 16.04 LTS, 14.10)
- Fedora
- CentOS
- It should work on other Linux distributions as well
- Mac OS X:
- Yosemite (10.10)
- El Capitan (10.11)
- Sierra (10.12)
Leave a Reply