Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Features 2 History 3 pcap libraries for Windows 3.1 WinPcap 3.2 Npcap 3.3 Win10Pcap 4 Programs that use or used libpcap 5 Wrapper libraries for libpcap 6 Non-pcap libraries that read pcap files 7 Other applications or devices that read or write pcap or pcapng files 8 References 9 External links

pcap

●العربية ●Català ●Čeština ●Deutsch ●Español ●فارسی ●Français ●한국어 ●עברית ●Монгол ●日本語 ●Português ●Русский ●Slovenčina ●Türkçe ●中文 Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)

This article needs additional citations for verification. Please help improve this articlebyadding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Pcap" – news · newspapers · books · scholar · JSTOR (October 2010) (Learn how and when to remove this message)

(Learn how and when to remove this message)

libpcap
Developer(s)	The Tcpdump team

Stable release	1.10.4 / April 7, 2023; 14 months ago (2023-04-07)^[1]

Repository	libpcaponGitHub
Written in	C
Operating system	Linux, Solaris, FreeBSD, NetBSD, OpenBSD, macOS, other Unix-like
Type	Library for packet capture
License	BSD^[2]
Website	www.tcpdump.org

WinPcap
Developer(s)	Riverbed Technology

Final release	4.1.3 / March 8, 2013; 11 years ago (2013-03-08)^[3]

Operating system	Windows
Type	Library for packet capture
License	Freeware
Website	www.winpcap.org

Npcap
Developer(s)	the Nmap project

Stable release	1.79 / January 19, 2024; 4 months ago (2024-01-19)^[4]

Operating system	Windows
Type	Library for packet capture
License	Proprietary (source available)
Website	npcap.com

In the field of computer network administration, pcap is an application programming interface (API) for capturing network traffic. While the name is an abbreviation of packet capture, that is not the API's proper name. Unix-like systems implement pcap in the libpcap library; for Windows, there is a port of libpcap named WinPcap that is no longer supported or developed, and a port named Npcap for Windows 7 and later that is still supported.

Monitoring software may use libpcap, WinPcap, or Npcap to capture network packets traveling over a computer network and, in newer versions, to transmit packets on a network at the link layer, and to get a list of network interfaces for possible use with libpcap, WinPcap, or Npcap.

The pcap API is written in C, so other languages such as Java, .NET languages, and scripting languages generally use a wrapper; no such wrappers are provided by libpcap or WinPcap itself. C++ programs may link directly to the C API or make use of an object-oriented wrapper.

Features[edit]

libpcap, WinPcap, and Npcap provide the packet-capture and filtering engines of many open-source and commercial network tools, including protocol analyzers (packet sniffers), network monitors, network intrusion detection systems, traffic-generators and network-testers.

libpcap, WinPcap, and Npcap also support saving captured packets to a file, and reading files containing saved packets; applications can be written, using libpcap, WinPcap, or Npcap, to be able to capture network traffic and analyze it, or to read a saved capture and analyze it, using the same analysis code. A capture file saved in the format that libpcap, WinPcap, and Npcap use can be read by applications that understand that format, such as tcpdump, Wireshark, CA NetMaster, or Microsoft Network Monitor 3.x. The file format is described by Internet-Draft draft-ietf-opsawg-pcap;^[5] the current editors' version of the draft is also available.^[6]

The MIME type for the file format created and read by libpcap, WinPcap, and Npcap is application/vnd.tcpdump.pcap. The typical file extension is .pcap, although .cap and .dmp are also in common use.^[7]

History[edit]

libpcap was originally developed by the tcpdump developers in the Network Research Group at Lawrence Berkeley Laboratory. The low-level packet capture, capture file reading, and capture file writing code of tcpdump was extracted and made into a library, with which tcpdump was linked.^[8] It is now developed by the same tcpdump.org group that develops tcpdump.^[9]

pcap libraries for Windows[edit]

While libpcap was originally developed for Unix-like operating systems, a successful port for Windows was made, called WinPcap. It has been unmaintained since 2013,^[10] and several competing forks have been released with new features and support for newer versions of Windows.

WinPcap[edit]

WinPcap consists of:^[11]

x86 and x86-64 drivers for the Windows NT family (Windows NT 4.0, 2000, XP, Server 2003, Vista, 7, 8, and 10), which use Network Driver Interface Specification (NDIS) 5.x to read packets directly from a network adapter;
implementations of a lower-level library for the listed operating systems, to communicate with those drivers;
a port of libpcap that uses the API offered by the low-level library implementations.

Programmers at the Politecnico di Torino wrote the original code. As of 2008, CACE Technologies, a company set up by some of the WinPcap developers, developed and maintained the product. CACE was acquired by Riverbed Technology on October 21, 2010.^[12]

Because WinPcap uses the older NDIS 5.x APIs, it does not work on some builds of Windows 10, which have deprecated or removed those APIs in favor of the newer NDIS 6.x APIs. It also forces some limitations such as being unable to capture 802.1Q VLAN tagsinEthernet headers.

The WinPcap project has ceased development and WinPcap and WinDump are no longer maintained. The last official WinPcap release was 4.1.3 released March 8, 2013.^[13]

Npcap[edit]

Npcap is the Nmap Project's packet sniffing library for Windows.^[14] It is based on WinPcap, but written to make use of Windows networking improvements in NDIS version 6. Its authors rewrote the WinPcap NDIS 5 Protocol Driver as a Light-Weight Filter (LWF) driver, a change that reduces processing overhead.^[15] Npcap maintenance releases updated the version of the included libpcap library to the latest available, allowing software authors to use the newer API features that Linux software had already supported.^[16] Most software that used WinPcap can be easily ported to use Npcap with minimal changes.^[17]

Npcap introduced several innovations that were not available in WinPcap:

Npcap can be restricted so that only Administrators can sniff packets.^[18]
Npcap is able to sniff and inject loopback packets (transmissions between services on the same machine) by using the Windows Filtering Platform.^[19]
Npcap can capture 802.11 WiFi frames on a variety of commonly-available network adapters.^[20]

Unlike Nmap, Npcap is proprietary software and requires a special license for use and redistribution except for some limited internal uses.^[21]

Win10Pcap[edit]

Win10Pcap implementation is also based on the NDIS 6 driver model and works stably with Windows 10.^[22] The project, however, has been inactive since 2016.^[23]

Programs that use or used libpcap[edit]

Bit-Twist, a libpcap-based Ethernet packet generator and editor for BSD, Linux, and Windows.
Cain and Abel, a discontinued password recovery tool for Microsoft Windows
EtherApe, a graphical tool for monitoring network traffic and bandwidth usage in real time.
Firesheep, a discontinued extension for the Firefox web browser that captured packets and performed session hijacking
iftop, a tool for displaying bandwidth usage (like top for network traffic)
Kismet, for 802.11 wireless LANs
L0phtCrack, a password auditing and recovery application.
McAfee ePolicy Orchestrator, Rogue System Detection feature
ngrep, aka "network grep", isolate strings in packets, show packet data in human-friendly output.
Nmap, a port-scanning and fingerprinting network utility
Pirni, a discontinued network security tool for jailbroken iOS devices.
Scapy, a packet manipulation tool for computer networks, written in Python by Philippe Biondi.
Snort, a network-intrusion-detection system.
Suricata, a network intrusion prevention and analysis platform.
Symantec Data Loss Prevention, Used to monitor and identify sensitive data, track its use, and location. Data loss policies allow sensitive data to be blocked from leaving the network or copied to another device.
tcpdump, a tool for capturing and dumping packets for further analysis, and WinDump, the Windows port of tcpdump.
Zeek, an intrusion detection system and network monitoring platform.
URL Snooper, locate the URLs of audio and video files in order to allow recording them.
WhatPulse, a statistical (input, network, uptime) measuring application.
Wireshark (formerly Ethereal), a graphical packet-capture and protocol-analysis tool.
XLink Kai, software that allows various LAN console games to be played online
Xplico, a network forensics analysis tool (NFAT).

Wrapper libraries for libpcap[edit]

C++: Libtins, Libcrafter, PcapPlusPlus
Perl: Net::Pcap
Python: python-libpcap, Pcapy, WinPcapy
Ruby: PacketFu
Rust: pcap
Tcl: tclpcap, tcap, pktsrc
Java: jpcap, jNetPcap, Jpcap, Pcap4j, Jxnet
.NET: WinPcapNET, SharpPcap, Pcap.Net
Haskell: pcap
OCaml: mlpcap
Chicken Scheme: pcap
Common Lisp: PLOKAMI
Racket: SPeaCAP
Go: pcap by Andreas Krennmair, pcap fork of the previous by Miek Gieben, pcap developed as part of the gopacket package
Erlang: epcap
Node.js: node_pcap

Non-pcap libraries that read pcap files[edit]

Python: pycapfile
Python: PyPCAPKit

References[edit]

^ "tcpdump and libpcap latest release". tcpdump.org. Retrieved 2023-02-08.

^ "tcpdump and libpcap license". tcpdump.org. Retrieved 2020-05-02.

^ "WinPcap Changelog".

^ "npcap/CHANGELOG.md". GitHub.

^ PCAP Capture File Format. 23 July 2023. I-D draft-ietf-opsawg-pcap.

^ "PCAP Capture File Format". 1 March 2024.

^ Turner, Glen (2011-03-30). "IANA record of application for MIME type application/vnd.tcpdump.pcap". IANA. Retrieved 2023-02-25.

^ McCanne, Steve. "libpcap: An Architecture and Optimization Methodology for Packet Capture" (PDF). Retrieved December 27, 2013.

^ "TCPDUMP/LIBPCAP public repository". Retrieved December 27, 2013.

^ "WinPcap News". Retrieved November 6, 2017.

^ "WinPcap internals". Retrieved December 27, 2013.

^ "Riverbed Expands Further Into The Application-Aware Network Performance Management Market with the Acquisition of CACE Technologies" (Press release). Riverbed Technology. 2010-10-21. Archived from the original on 2013-03-08. Retrieved 2010-10-21.

^ "WinPcap · News". WinPcap. 2013-03-08.

^ "Npcap".

^ "Filter drivers". 15 December 2021.

^ "Release Npcap 1.20". GitHub.

^ "Updating WinPcap software to Npcap". Developing software with Npcap. Retrieved 2023-02-25.

^ "Graphical installer options". Npcap Users' Guide. Retrieved 2023-02-25.

^ "For software that uses Npcap loopback feature". Npcap User's Guide. Retrieved 2023-02-25.

^ "For software that uses Npcap raw 802.11 feature". Npcap User's Guide. Retrieved 2023-02-25.

^ "Npcap License". GitHub.

^ "Win10Pcap: WinPcap for Windows 10".

^ Win10Pcap: WinPcap for Windows 10 (NDIS 6.x driver model): SoftEtherVPN/Win10Pcap, SoftEther VPN Project, 2019-12-31, retrieved 2020-01-09

^ Bevens, Bridget (July 31, 2017). "Drill 1.11 Released".

^ Packet.javaonGitHub

^ "What Can Read or Save a PCAP?". What is a PCAP file?. Endace.

External links[edit]

Retrieved from "https://en.wikipedia.org/w/index.php?title=Pcap&oldid=1225433718" Categories: ●Network analyzers ●Unix network-related software ●Windows network-related software ●MacOS network-related software ●Windows security software ●MacOS security software ●Free software programmed in C ●Cross-platform free software ●Free network management software ●Software using the BSD license Hidden categories: ●Articles with short description ●Short description matches Wikidata ●Articles needing additional references from October 2010 ●All articles needing additional references ●Articles with a promotional tone from October 2017 ●All articles with a promotional tone ●Articles with multiple maintenance issues ●Official website different in Wikidata and Wikipedia ●This page was last edited on 24 May 2024, at 12:34 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view