Code Monkey home page Code Monkey logo

duzhanyuan / pcapplusplus Goto Github PK

View Code? Open in Web Editor NEW

This project forked from seladb/pcapplusplus

0.0 1.0 0.0 75.93 MB

PcapPlusPlus is a multiplatform C++ network sniffing and packet parsing and crafting framework. PcapPlusPlus is meant to be lightweight, efficient and easy to use. It's a C++ wrapper for popular engines like libpcap, WinPcap, DPDK and PF_RING

Home Page: http://seladb.github.io/PcapPlusPlus-Doc

License: The Unlicense

C 8.50% CMake 0.14% Makefile 0.78% C++ 88.96% Shell 0.68% Batchfile 0.94%

pcapplusplus's Introduction

PcapPlusPlus

Build Status Build status

PcapPlusPlus is a multiplatform C++ network sniffing and packet parsing and crafting framework. PcapPlusPlus is meant to be lightweight, efficient and easy to use.

PcapPlusPlus web-site: http://seladb.github.io/PcapPlusPlus-Doc

Getting Started

Please visit the Tutorials in PcapPlusPlus web-site to learn about PcapPlusPlus and how to use it

What makes PcapPlusPlus different from similar C++ wrappers for libpcap/WinPcap?

  • Designed to be lightweight and efficient
  • Support for DPDK fast packet processing engine which enables packet capturing and transmition in line rate using kernel bypass
  • Support for ntop's PF_RING packet capturing engine that dramatically improves the packet capture speed
  • Support for parsing and editing of many protocols, including L5-7 protocols like HTTP, SSL/TLS and SIP
  • Unique implementation of TCP reassembly logic which includes support of TCP retransmission, out-of-order TCP packets and missing TCP data
  • Support for Remote Capture capabilities on Windows (using RPCAP protocol supported in WinPcap)
  • Support for reading and writing PCAPNG files (a lot more more than currently supported in WinPcap/libpcap)
  • Vast object-oriented filtering mechanism that makes libpcap filters a lot more user-friendly (no need to know the exact filter string to use)

PcapPlusPlus Is Multi-Platform!

PcapPlusPlus is currently supported on Windows, Linux and Mac OS X. It was tested on the following platforms:

  • Windows:

    • Microsoft Visual Studio 2015 (32-bit + 64-bit compilation)
    • MinGW32 (32-bit compilation only)
    • MinGW-w64 (32-bit compilation only)

  • Linux:

    • Ubuntu (12.04 LTS, 14.04 LTS, 16.04 LTS)
    • Fedora 26
    • CentOS 7
    • It should work on other Linux distributions as well

  • Mac OS X:

    • Yosemite (10.10)
    • El Capitan (10.11)
    • Sierra (10.12)

Supported Engines and Devices

PcapPlusPlus currently works with the following devices:

  1. libpcap live device (on Linux and Mac OS X)
  2. WinPcap live device (on Windows)
  3. Vanilla PF_RING device (on Linux)
  4. DPDK device (on Linux)
  5. Remote live device (on Windows)
  6. PCAP and PCAPNG file devices

Supported Protocols

The Packet++ library currently supports parsing, editing and creation of packets of the following protocols:

  1. Ethernet
  2. SLL (Linux cooked capture)
  3. Null/Loopback
  4. Raw IP (IPv4 & IPv6)
  5. IPv4
  6. IPv6
  7. ARP
  8. VLAN
  9. VXLAN
  10. MPLS
  11. PPPoE
  12. GRE
  13. TCP
  14. UDP
  15. ICMP
  16. IGMP (IGMPv1, IGMPv2 and IGMPv3 are supported)
  17. SIP
  18. SDP
  19. DNS
  20. DHCP
  21. HTTP headers (request & response)
  22. SSL/TLS - parsing only (no editing capabilities)
  23. Packet trailer (a.k.a footer or padding)
  24. Generic payload

Useful Packet And Network Utilities

  1. TCP reassembly logic
  2. IP reassembly logic (a.k.a IP de-fragmentation). Works for both IPv4 and IPv6
  3. Packet hash key creation (by 5-tuple and 2-tuple)
  4. Retrieve remote machine MAC address using ARP protocol
  5. Retrieve host IPv4 address by using DNS protocol
  6. Checksum calculation

Package Content

PcapPlusPlus consists of 3 libraries:

  1. Packet++ - a library for parsing, creating and editing packets
  2. Pcap++ - a library for intercepting and sending packets, providing network and NIC info, stats, etc. It is actually a C++ wrapper for packet capturing engines such as libpcap, WinPcap, DPDK and PF_RING
  3. Common++ - a library with some common code utilities used by both Packet++ and Pcap++

In addition it contains many examples, tutorials and utilities documented in the Examples and in the Tutorials pages in PcapPlusPlus web-site

Download

In order to download PcapPlusPlus, please visit the github page.

You can also download it using these links:

Or clone the git repository by:

git clone https://github.com/seladb/PcapPlusPlus.git

Compiled Binaries

If you want an already compiled version of PcapPlusPlus chekcout the latest release: https://github.com/seladb/PcapPlusPlus/releases/latest

Compile Yourself

For compilation instructions of the various platforms please refer to the Download page in PcapPlusPlus web-site

PcapPlusPlus Documentation

PcapPlusPlus web-site includes all the relevant documentation.

Also, the entire API of PcapPlusPlus is documented using doxygen. You can find it here: http://seladb.github.io/PcapPlusPlus-Doc/Documentation/index.html

If you see any missing information please tell me

PcapPlusPlus Support

I'll be very happy to get feedbacks, so feel free to contact me in any of the following ways:

DPDK & PF_RING Support

PcapPlusPLus provides a C++ absraction layers over DPDK & PF_RING. For more details please visit PcapPlusPlus web-site:

http://seladb.github.io/PcapPlusPlus-Doc/dpdk-pf_ring.html

Benchmarks

I used Matias Fontanini's packet-capture-benchmarks project to compare the performance of PcapPlusPlus with other similar C++ libraries (libtins and libcrafter).

The results can eviewed in the Benchmarks page in PcapPlusPlus web-site

Creating Applications With PcapPlusPlus

Please refer to the Tutorials section in PcapPlusPlus web-site

pcapplusplus's People

Contributors

seladb avatar echo-mike avatar max197616 avatar krepver avatar lgbaldoni avatar bpagon13 avatar f-squirrel avatar andreybronin avatar lasorda avatar vicenterb avatar

Watchers

netgod avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.