PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, WinPcap, DPDK and PF_RING.

Overview

PcapPlusPlus Logo

GitHub Actions Build Status Build Status Build status Language grade: C/C++ Follow PcapPlusPlus

PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use.

PcapPlusPlus enables decoding and forging capabilities for a large variety of network protocols. It also provides easy to use C++ wrappers for the most popular packet processing engines such as libpcap, WinPcap, Npcap, DPDK and PF_RING.

Table Of Contents

Download

You can choose between downloading pre-compiled binaries and build PcapPlusPlus yourself. For more details please visit the Download page in PcapPlusPlus web-site.

Pre Compiled Binaries

From Homebrew:

brew install pcapplusplus

From Conan:

conan remote add public-conan https://api.bintray.com/conan/bincrafters/public-conan
conan install pcapplusplus/[email protected]/stable -r public-conan

From GitHub release page:

https://github.com/seladb/PcapPlusPlus/releases/latest

Build It Yourself

Clone the git repository:

git clone https://github.com/seladb/PcapPlusPlus.git

Follow the build instructions according to your platform in the Build From Source page in PcapPlusPlus web-site.

Feature Overview

  • Packet capture through an easy to use C++ wrapper for popular packet capture engines such as libpcap, WinPcap, Npcap, Intel DPDK, ntop’s PF_RING and raw sockets [Learn more]
  • Packet parsing and crafting including detailed analysis of protocols and layers, packet generation and packet edit for a large variety of network protocols [Learn more]
  • Read and write packets from/to files in both PCAP and PCAPNG formats [Learn more]
  • Packet processing in line rate through an efficient and easy to use C++ wrapper for DPDK and PF_RING [Learn more]
  • Multiplatform support - PcapPlusPlus is fully supported on Linux, MacOS, Windows and FreeBSD
  • Packet reassembly - unique implementation of TCP Reassembly which includes TCP retransmission, out-of-order TCP packets and missing TCP data, and IP Fragmentation and Defragmentation to create and reassemble IPv4 and IPv6 fragments [Learn more]
  • Packet filtering that makes libpcap's BPF filters a lot more user-friendly [Learn more]
  • TLS Fingerprinting - a C++ implementation of JA3 and JA3S TLS fingerprinting [Learn more]

Getting Started

Writing applications with PcapPlusPlus is very easy and intuitive. Here is a simple application that shows how to read a packet from a PCAP file and parse it:

#include "IPv4Layer.h"
#include "Packet.h"
#include "PcapFileDevice.h"

int main(int argc, char* argv[])
{
    // open a pcap file for reading
    pcpp::PcapFileReaderDevice reader("1_packet.pcap");
    if (!reader.open())
    {
        printf("Error opening the pcap file\n");
        return 1;
    }

    // read the first (and only) packet from the file
    pcpp::RawPacket rawPacket;
    if (!reader.getNextPacket(rawPacket))
    {
        printf("Couldn't read the first packet in the file\n");
        return 1;
    }

    // parse the raw packet into a parsed packet
    pcpp::Packet parsedPacket(&rawPacket);

    // verify the packet is IPv4
    if (parsedPacket.isPacketOfType(pcpp::IPv4))
    {
        // extract source and dest IPs
        pcpp::IPv4Address srcIP = parsedPacket.getLayerOfType<pcpp::IPv4Layer>()->getSrcIPv4Address();
        pcpp::IPv4Address destIP = parsedPacket.getLayerOfType<pcpp::IPv4Layer>()->getDstIPv4Address();

        // print source and dest IPs
        printf("Source IP is '%s'; Dest IP is '%s'\n", srcIP.toString().c_str(), destIP.toString().c_str());
    }

    // close the file
    reader.close();

    return 0;
}

You can find much more information in the Getting Started page in PcapPlusPlus web-site. This page will walk you through few easy steps to have an app up and running.

API Documentation

PcapPlusPlus consists of 3 libraries:

  1. Packet++ - a library for parsing, creating and editing network packets
  2. Pcap++ - a library for intercepting and sending packets, providing network and NIC info, stats, etc. It is actually a C++ wrapper for packet capturing engines such as libpcap, WinPcap, Npcap, DPDK and PF_RING
  3. Common++ - a library with some common code utilities used by both Packet++ and Pcap++

You can find an extensive API documentation in the API documentation section in PcapPlusPlus web-site. If you see any missing data please contact us.

Multi Platform Support

PcapPlusPlus is currently supported on Windows, Linux, MacOS and FreeBSD. Please visit PcapPlusPlus web-site to see all of the supported platforms and refer to the Download section to start using PcapPlusPlus on your platform.

Supported Network Protocols

PcapPlusPlus currently supports parsing, editing and creation of packets of the following protocols:

  1. Ethernet II
  2. IEEE 802.3 Ethernet
  3. SLL (Linux cooked capture)
  4. Null/Loopback
  5. Raw IP (IPv4 & IPv6)
  6. IPv4
  7. IPv6
  8. ARP
  9. VLAN
  10. VXLAN
  11. MPLS
  12. PPPoE
  13. GRE
  14. TCP
  15. UDP
  16. GTP (v1)
  17. ICMP
  18. IGMP (IGMPv1, IGMPv2 and IGMPv3 are supported)
  19. IPSec AH & ESP - parsing only (no editing capabilities)
  20. SIP
  21. SDP
  22. Radius
  23. DNS
  24. DHCP
  25. BGP (v4)
  26. SSH - parsing only (no editing capabilities)
  27. HTTP headers (request & response)
  28. SSL/TLS - parsing only (no editing capabilities)
  29. Packet trailer (a.k.a footer or padding)
  30. Generic payload

DPDK And PF_RING Support

The Data Plane Development Kit (DPDK) is a set of data plane libraries and network interface controller drivers for fast packet processing.

PF_RING™ is a new type of network socket that dramatically improves the packet capture speed.

Both frameworks provide very fast packets processing (up to line speed) and are used in many network applications such as routers, firewalls, load balancers, etc. PcapPlusPLus provides a C++ abstraction layer over DPDK & PF_RING. This abstraction layer provides an easy to use interface that removes a lot of the boilerplate involved in using these frameworks. You can learn more by visiting the DPDK & PF_RING support pages in PcapPlusPlus web-site.

Benchmarks

We used Matias Fontanini's packet-capture-benchmarks project to compare the performance of PcapPlusPlus with other similar C++ libraries (such as libtins and libcrafter).

You can see the results in the Benchmarks page in PcapPlusPlus web-site.

Provide Feedback

We'd be more than happy to get feedback, please feel free to reach out to us in any of the following ways:

If you like this project please Star us on GitHub — it helps!

Please visit the PcapPlusPlus web-site to learn more.

Contributing

We would very much appreciate any contribution to this project. If you're interested in contributing please visit the contribution page in PcapPlusPlus web-site.

License

PcapPlusPlus is released under the Unlicense license.

Comments
  • introduce CMake build system

    introduce CMake build system

    Hi,

    I have updated the cmake branch, and compilation of libs examples and tests are okay on my linux.

    Unfortunately I don't know much about github-ci, so I din't backport travis jobs.

    opened by clementperon 36
  • Add TcpSorter to support sorting TCP segments.

    Add TcpSorter to support sorting TCP segments.

    I have performed online capturing test and offline pcap file test. The result looks good.

    Also, I ran valgrind to check memory leak for hours. The shared pointer makes my life easier. I did find pcap library itself has memory leak when lists NIC. I didn't look deeper into the issue since I can't fix libpcap here.

    Regarding to the TCP sorter logic, the TCP packet is flushed to the user once another side sends ACK. You can find more technical detail in the Doxygen header.

    opened by rickyzhang82 34
  • Bug in IDnsResource::decodeName.

    Bug in IDnsResource::decodeName.

    If non-dns packet gets into DnsLayer, then we will get SIGSEGV, because function size_t IDnsResource::decodeName not checking going beyond the limits of the packet.

    bug 
    opened by max197616 32
  • 22.05 build fails on dpdk

    22.05 build fails on dpdk

    Using openSUSE Tumbleweed on x86_64, after the 22.05 update I'm seeing this error:

    ==== Building target: Pcap++ ====
    Building file: src/DpdkDevice.cpp
    src/DpdkDevice.cpp: In member function 'bool pcpp::DpdkDevice::configurePort(uint8_t, uint8_t)':
    src/DpdkDevice.cpp:44:57: error: 'ETH_RSS' was not declared in this scope; did you mean 'ETH_RSS_AH'?
       44 | #define DPDK_CONFIG_MQ_MODE                             ETH_RSS
          |                                                         ^~~~~~~
    src/DpdkDevice.cpp:249:35: note: in expansion of macro 'DPDK_CONFIG_MQ_MODE'
      249 |         portConf.rxmode.mq_mode = DPDK_CONFIG_MQ_MODE;
          |                                   ^~~~~~~~~~~~~~~~~~~
    src/DpdkDevice.cpp: In member function 'bool pcpp::DpdkDevice::startCaptureSingleThread(pcpp::OnDpdkPacketsArriveCallback, void*)':
    src/DpdkDevice.cpp:566:36: error: 'rte_get_master_lcore' was not declared in this scope; did you mean 'rte_get_main_lcore'?
      566 |                 if (coreId == (int)rte_get_master_lcore() || !rte_lcore_is_enabled(coreId))
          |                                    ^~~~~~~~~~~~~~~~~~~~
          |                                    rte_get_main_lcore
    

    Using dpdk 21.11.1.

    packaging 
    opened by lgbaldoni 27
  • intel XL710 i40e driver got PMD 'net_i40e' doesn't support the request RSS hash functions 0x41

    intel XL710 i40e driver got PMD 'net_i40e' doesn't support the request RSS hash functions 0x41

    Just as title, I got issue of intel XL710 NIC

    Envirorment dpdk 20.11 LTS PcapPlusPlus 21.11 Ubuntu 20.04

    setup command ./setup_dpdk.py setup -g 2048 -i enp11s0f0

    execute command

    ./PcapPlusPlus-21.11/Dist/DpdkExample-FilterTraffic -d 0
    

    envirorment

    driver: i40e
    version: 2.14.13
    firmware-version: 8.60 0x8000bd7c 1.3140.0
    expansion-rom-version: 
    bus-info: 0000:0b:00.0
    supports-statistics: yes
    supports-test: yes
    supports-eeprom-access: yes
    supports-register-dump: yes
    supports-priv-flags: yes
    

    How can i fix it?

    bug enhancement 
    opened by laskdjlaskdj12 27
  • Modifying code cause undefined behavior

    Modifying code cause undefined behavior

    @seladb

    This issue more or less likely reproducible. But I don't know what's the root cause of this.

    Anyway, I modified PcapPlusPlus's SSL as follows,

    On SSLHandshake.cpp I replaced the following code

    SSLCipherSuite* SSLClientHelloMessage::getCipherSuite(int index) const
    {
    	if (index < 0 || index >= getCipherSuiteCount())
    		return NULL;
    
    	size_t cipherSuiteStartOffset = sizeof(ssl_tls_client_server_hello) + sizeof(uint8_t) + getSessionIDLength() + sizeof(uint16_t);
    	if (cipherSuiteStartOffset + sizeof(uint16_t) > m_DataLen)
    		return NULL;
    
    	uint16_t* cipherSuiteStartPos = (uint16_t*)(m_Data + cipherSuiteStartOffset);
    	return SSLCipherSuite::getCipherSuiteByID(be16toh(*(cipherSuiteStartPos+index)));
    }
    

    with

    uint16_t SSLClientHelloMessage::getCipherSuiteHexValue(int index) const
    {
    	if (index < 0 || index >= getCipherSuiteCount())
    		return 0;
    
    	size_t cipherSuiteStartOffset = sizeof(ssl_tls_client_server_hello) + sizeof(uint8_t) + getSessionIDLength() + sizeof(uint16_t);
    	if (cipherSuiteStartOffset + sizeof(uint16_t) > m_DataLen)
    		return 0;
    
    	uint16_t* cipherSuiteStartPos = (uint16_t*)(m_Data + cipherSuiteStartOffset);
    	return be16toh(*(cipherSuiteStartPos+index));
    }
    

    Then added following header declaration on SSLHandshake.h

    	/**
    	 * Get hex value of a cipher-suite by index.
    	 * @param[in] index The index of the cipher-suite to return
    	 * @return The hex value of the cipher-suite or NULL if index is out of bounds
    	 */
    
    	uint16_t getCipherSuiteHexValue(int index) const;
    

    Then I just removed tests related to SSL and compiled the lib as usual

    At first Iterations when I run my program, it works fine but after couple of days I noticing it outputs weird cipher suite counts like 1200 and 1500, 9000 and so on when calling the getCipherSuiteCount() method on lib.

    The exact CipherSuiteCount for Chrome is 16 and for Firefox is 18

    The program outputs 16 and 18 at first days but somehow magically it get broken after days even after re-compiled it output same wired numbers.

    I greatly appreciate your opinion on this matter!

    question 
    opened by gerald-dotcom 27
  • Pcap++ test issue related to the RSS hash function 0x41

    Pcap++ test issue related to the RSS hash function 0x41

    Here is the snippet of when we are trying to run the Bin/Pcap++ test.EAL: Detected 24 lcore(s) EAL: Probing VFIO support... EAL: PCI device 0000:01:00.0 on NUMA socket -1 EAL: probe driver: 8086:10d3 net_e1000_em EAL: PCI device 0000:04:00.0 on NUMA socket -1 EAL: probe driver: 8086:1583 net_i40e EAL: PCI device 0000:04:00.1 on NUMA socket -1 EAL: probe driver: 8086:1583 net_i40e PMD: eth_i40e_dev_init(): FW 6.0 API 1.7 NVM 06.00.01 eetrack 800035da [src/DpdkDeviceList.cpp : initDpdkDevices : line:164 ] Found 1 DPDK ports. Constructing DpdkDevice for each one [src/DpdkDevice.cpp : initMemPool : line:623 ] Successfully initialized packets pool of size [16383] for device [DPDK_0] [src/DpdkDevice.cpp : setDeviceInfo : line:722 ] Device [DPDK_0] has 320 RX queues [src/DpdkDevice.cpp : setDeviceInfo : line:723 ] Device [DPDK_0] has 320 TX queues [src/DpdkDeviceList.cpp : initDpdkDevices : line:175 ] DpdkDevice #0: Name='DPDK_0', PCI-slot='0000:04:00.1', PMD='net_i40e', MAC Addr='3c:fd:fe:c3:38:d9' PMD 'net_i40e' doesn't support the request RSS hash functions 0x41 TestDpdkDevice : FAILED. assertion failed: Cannot open DPDK device PMD 'net_i40e' doesn't support the request RSS hash functions 0x41 TestDpdkMultiThread : FAILED. assertion failed: Cannot open DPDK device 'DPDK_0' with 16 RX queues [src/DpdkDevice.cpp : close : line:455 ] Trying to close device [DPDK_0] but device is already closed PMD 'net_i40e' doesn't support the request RSS hash functions 0x41 TestDpdkDeviceSendPackets : FAILED. assertion failed: Cannot open DPDK device 'DPDK_0' with 320 TX queues [src/DpdkDevice.cpp : close : line:455 ] Trying to close device [DPDK_0] but device is already closed PMD 'net_i40e' doesn't support the request RSS hash functions 0x41 TestDpdkMbufRawPacket : FAILED. assertion failed: Cannot open DPDK device TestDpdkDeviceWorkerThreads : FAILED. assertion failed: Couldn't open DPDK device

    Also, about the setup script, I did the setup complete. Here is the current status: [email protected]:~/PcapPlusPlus# ./setup-dpdk.sh -s


    PcapPlusPlus setup DPDK script


    Network devices using DPDK-compatible driver

    0000:04:00.1 'Ethernet Controller XL710 for 40GbE QSFP+' drv=igb_uio unused=uio_pci_generic

    Network devices using kernel driver

    0000:01:00.0 '82574L Gigabit Network Connection' if=eth0 drv=e1000e unused=igb_uio,uio_pci_generic Active

    Other network devices

    0000:04:00.0 'Ethernet Controller XL710 for 40GbE QSFP+' unused=igb_uio,uio_pci_generic

    Crypto devices using DPDK-compatible driver

    Crypto devices using kernel driver

    Other crypto devices

    And we are planning to use one port for now, and we are getting this error:

    PMD 'net_i40e' doesn't support the request RSS hash functions 0x41 TestDpdkDevice : FAILED. assertion failed: Cannot open DPDK device PMD 'net_i40e' doesn't support the request RSS hash functions 0x41 TestDpdkMultiThread : FAILED. assertion failed: Cannot open DPDK device 'DPDK_0' with 16 RX queues [src/DpdkDevice.cpp : close : line:455 ] Trying to close device [DPDK_0] but device is already closed PMD 'net_i40e' doesn't support the request RSS hash functions 0x41 TestDpdkDeviceSendPackets : FAILED. assertion failed: Cannot open DPDK device 'DPDK_0' with 320 TX queues [src/DpdkDevice.cpp : close : line:455 ] Trying to close device [DPDK_0] but device is already closed PMD 'net_i40e' doesn't support the request RSS hash functions 0x41 TestDpdkMbufRawPacket : FAILED. assertion failed: Cannot open DPDK device TestDpdkDeviceWorkerThreads : FAILED. assertion failed: Couldn't open DPDK device

    I have few queries:

    • I can see the traffic moving from one side to another, I am trying to test with the following command: [email protected]:~/PcapPlusPlus/Tests/Pcap++Test# Bin/Pcap++Test -i x.x.x.x -r x.x.x.x -k p1p2 -d
    • May I know why this is happening, why the TestDpdkWorkerThreads test is failing?
    • About the RSS hash 0x41, are there any such hardware constraint which can or cannot support the function?
    • We have classic DPDK huge pages of 1 GB and 16 of them, and while setup I put -p as 16 only.

    Need ur help in this scenario.

    opened by sabhishepalc 24
  • The new classes IPv4Address, IPv6Address and IPAddress (discussion)

    The new classes IPv4Address, IPv6Address and IPAddress (discussion)

    I have developed the new lightweight classes for manipulating the IP addresses. These are very fast and use less memory.

    I have made the tests for the most common use case: creation the address out of byte array (for example: IP/TCP reassembly logic). The tests ran under Core i7 9700K, Win10(x64):

    === Current ===
    Sizeof IPv4 = 68
    Sizeof IPv6 = 80
    IPv4 (uint): duration(ms) = 1803, iterations = 10.000.000, calls per sec = 5.546.000
    IPv6: duration(ms) = 4411, iterations = 10.000.000, calls per sec = 2.267.000
    
    === New ===
    Sizeof IPv4 = 4
    Sizeof IPv6 = 16
    Sizeof IP = 24
    IPv4 (uint): duration(ms) = 12, iterations = 10.000.000, calls per sec = 833.333.000
    IPv6: duration(ms) = 32, iterations = 10.000.000, calls per sec = 312.500.000
    

    Replacing the old classes to the new ones will take some time so I placed the new classes into namespace experimental. First of all I am planning to change the IPReassembly and TCPReassembly.

    Is any chance that this PR will be merged?

    opened by gx740 23
  • TcpReassembly (question)

    TcpReassembly (question)

    I have found that the methods closeConnectionInternal and closeAllConnections have different behavior in relation to m_ConnectionInfo vector. The closeAllConnections clears this vector while closeConnectionInternal does not remove the data from it.

    Should closeConnectionInternal remove data from vector or not?

    bug 
    opened by gx740 23
  • Npcap read + write wastes memory

    Npcap read + write wastes memory

    SKIP THIS POST AND GO TO BOTTOM - I was wrong here!

    Just FYI I am using NPCAP as my capture library behind the scenes and working in Windows 10.

    In the example live capture code a simple example is given to capture live packets with a callback

    // start capture in async mode. Give a callback function to call to whenever a packet is captured and the stats object as the cookie
    dev->startCapture(onPacketArrives, &stats);
    
    /**
     * A callback function for the async capture which is called each time a packet is captured
     */
    static void onPacketArrives(pcpp::RawPacket* packet, pcpp::PcapLiveDevice* dev, void* cookie)
    {
    	// extract the stats object form the cookie
    	PacketStats* stats = (PacketStats*)cookie;
    
    	// parsed the raw packet
    	pcpp::Packet parsedPacket(packet);
    
    	// collect stats from packet
    	stats->consumePacket(parsedPacket);
    }
    

    When i run this in windows the memory usage seems to be growing unbounded. Granted I have only run it for up to one minute (initial testing and dev) but memory usage is steadily ticking up. I would expect it to more or less reach a steady state and plateau (I am capturing from a sensor device that provides a more or less steady stream).

    Looking at the live PcapLiveDevice code that runs our callback function it creates a RawPacket with the flag NOT to release the packet memory. Why?

    void PcapLiveDevice::onPacketArrives(uint8_t *user, const struct pcap_pkthdr *pkthdr, const uint8_t *packet)
    {
    	PcapLiveDevice* pThis = (PcapLiveDevice*)user;
    	if (pThis == NULL)
    	{
    		LOG_ERROR("Unable to extract PcapLiveDevice instance");
    		return;
    	}
    
    	RawPacket rawPacket(packet, pkthdr->caplen, pkthdr->ts, false, pThis->getLinkType());
    
    	if (pThis->m_cbOnPacketArrives != NULL)
    		pThis->m_cbOnPacketArrives(&rawPacket, pThis, pThis->m_cbOnPacketArrivesUserCookie);
    }
    

    Are we expected to release the raw packet pointer in our callback? That isn't in the example code. Or is there something in the libraries behind the scene the it keeps a cache of captures and eventually cleans that up it self?

    If I recompile the code with the flag swapped to true my memory plateaus at a few MB and stays steady (which is what I originally expected).

    Anyways please let me know how the memory is expected to be managed here.

    enhancement 
    opened by Dysl3xik 23
  • linker error

    linker error

    Platform: Macosx - High Sierra

    First time using this library, I cloned the repository and successfully built it. I am trying to test if it works by copying and running the reading pcap example from the documentation. Here is how i compile and build it

    g++ -Iinclude -c main.cpp --std=c++14
    g++ main.o lib/libCommon++.a lib/libPacket++.a lib/libPcap++.a
    

    And I used the pcaps that was being captured by using wireshark and export it as .pcap file, changed the file name and run it, and this is the output i got:

    screen shot 2018-02-07 at 11 39 40 pm

    question 
    opened by xxhenglyxx 22
  • Fix #967 - TcpReassembly handles unilateral RST

    Fix #967 - TcpReassembly handles unilateral RST

    I added a minimal pcap example the reproduces #967, and updated the TestTcpReassemblyWithFIN_RST test. Then a patched the code to pass the test.

    Checked on Linux with libpcap.

    opened by neilstephens 0
  • How can I check the network connection status?

    How can I check the network connection status?

    Hi all.

    I would like to check the network connection status.

    I have a desktop and laptop. They are directly connected by Ethernet cable.

    If I disconnect and reconnect the laptop's Ethernet cable, I can see the 'M-SEARCH * HTTP/1.1' messages via the Wireshark on the desktop.

    no title

    So, I think I can check the network connection status using this message.

    Is this the correct way? If yes, how can I check this message via PcapPlusPlus? If not, could you please let me know the correct way?

    Thank you :)

    question 
    opened by luckygg 1
  • TCP reassembly treats FIN and RST the same

    TCP reassembly treats FIN and RST the same

    Gday,

    I've just finished debugging an issue in my application that uses pcpp::TcpReassembly. I was having an issue where the number of tracked connections would continue to grow, even though pcpp::TcpReassemblyConfiguration::removeConnInfo == true, and in reality the number of established connections was steady state. After a while I was getting pcpp::TcpReassembly::ReassemblyStatus::Ignore_PacketOfClosedFlow when new connections were clashing with the stale flows in the tracked connections.

    I eventually reproduced the issue under test conditions and figured out that the problem is that pcpp::TcpReassembly treats a RST flag as if it was a FIN flag. That is, it only marks the flow in one direction closed and expects a FIN/RST in the other direction before it would mark the connection as fully closed and add it to the cleanup list.

    The problem is that RST (with valid sequence), unlike FIN, deems a connection immediately closed, and the other side should never respond on a reset connection. But that means that pcpp::TcpReassembly is left with a half closed connection in it's collection that never gets cleaned up.

    I've worked around the issue in my application for now, by checking tcpLayer->getTcpHeader()->rstFlag myself and calling pcpp::TcpReassembly::closeConnection().

    I'm using the pre-compiled binaries at the moment, but if you would like me to attempt to fix the library code and submit a patch, I'm happy to have a go but it might take a while to find the time.

    bug 
    opened by neilstephens 1
  • add a method to get ipv6 similar to ipv4 for pcapLiveDevice

    add a method to get ipv6 similar to ipv4 for pcapLiveDevice

    modified:   Pcap++/header/PcapLiveDevice.h
    modified:   Pcap++/src/PcapLiveDevice.cpp
    modified:   Tests/Pcap++Test/TestDefinition.h
    modified:   Tests/Pcap++Test/Tests/LiveDeviceTests.cpp
    modified:   Tests/Pcap++Test/main.cpp
    
    opened by jafar75 2
  • Is it possible to get IPv6 address for a PcapLiveDevice

    Is it possible to get IPv6 address for a PcapLiveDevice

    Currently you have a function, PcapLiveDevice::getIPv4Address(). Is it possible to have an equivalent to return the IPv6 addresses from a live device? Thanks

    enhancement good first issue 
    opened by HIGGSSAM 5
Releases(v22.05)
the LIBpcap interface to various kernel packet capture mechanism

LIBPCAP 1.x.y by The Tcpdump Group To report a security issue please send an e-mail to [email protected] To report bugs and other problems, contri

The Tcpdump Group 2k Sep 23, 2022
DPDK / Packet processing experimentation project

flow-orchestrator About This is currently just a platform for me to learn more about DPDK and to have a foundation for some experiments. Building Buil

stefan 4 May 6, 2022
A software C library designed to extract data attributes from network packets, server logs, and from structured events in general, in order to make them available for analysis

MMT-DPI A software C library desinged to extract data attributes from network packets, server logs, and from structured events in general, in odrder t

Montimage 3 Apr 14, 2022
A special version of Packet Batch that utilizes AF_XDP Linux sockets (this should be faster than the standard version, but not as fast as the DPDK).

Packet Batch (AF_XDP) Description This is a special version of Packet Batch that utilizes AF_XDP sockets instead of AF_PACKETv3 (which is what the sta

Packet Batch 12 Sep 14, 2022
A special version of Packet Batch that utilizes the DPDK (this should be faster than the standard version).

Packet Batch (DPDK) Description This is a special version of Packet Batch that utilizes the DPDK, a kernel-bypass library. This does not use any form

Packet Batch 6 Sep 14, 2022
The standard Packet Batch application that uses standard Linux sockets (AF_PACKETv3) for packet generation.

Packet Batch (Standard) Description This is the standard Packet Batch application that utilizes AF_PACKETv3 Linux sockets. Due to AF_PACKETv3 Linux so

Packet Batch 5 Sep 1, 2022
pwru is an eBPF-based tool for tracing network packets in the Linux kernel with advanced filtering capabilities.

pwru (packet, where are you?) pwru is an eBPF-based tool for tracing network packets in the Linux kernel with advanced filtering capabilities. It allo

Cilium 909 Sep 24, 2022
🌱Light and powerful C++ web framework for highly scalable and resource-efficient web application. It's zero-dependency and easy-portable.

Oat++ News Hey, meet the new oatpp version 1.2.5! See the changelog for details. Check out the new oatpp ORM - read more here. Oat++ is a modern Web F

Oat++ 5.7k Sep 21, 2022
High-speed packet processing framework

PF_RING™ Introduction PF_RING™ is a Linux kernel module and user-space framework that allows you to process packets at high-rates while providing you

ntop 2.3k Sep 13, 2022
XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning.

XMap is reimplemented and improved thoroughly from ZMap and is fully compatible with ZMap, armed with the "5 minutes" probing speed and novel scanning techniques. XMap is capable of scanning the 32-bits address space in under 45 minutes.

idealeer 181 Sep 15, 2022
network packet indexing and querying

_______ _____.___. ________ _____ _____ \ \\__ | |/ _____/ / \ / _ \ / | \/ | / \ ___ / \ / \ / /_\

64k & stackless-goto 18 Dec 15, 2021
A Simple CLI Network Packet Sniffer

packt packt is a simple CL(command line) network packet sniffer which can run on any unix-like OS including termux (Android). packt works by first ope

null 6 Feb 7, 2022
An easy to use and powerful open source websocket library written in C.

libwebsock Easy to use C library for websockets This library allows for quick and easy development of applications that use the websocket protocol, wi

Jonathan Hall 46 May 4, 2022
A high-performance and easy-to-use C++ network library.

pine A high-performance and easy-to-use C++ network library. Now this is just a toy library for education purpose, do not use in production. example A

Baroquer 55 Aug 29, 2022
Level up your Beat Saber experience on Quest! AnyTweaks provides various tweaks to help boost your experience on Quest, such as Bloom, FPS Counter and more.

Need help/support? Ask in one of BSMG's support channels for Quest, or join my Discord server! AnyTweaks Level up your Beat Saber experience on Quest!

kaitlyn~ 16 Aug 29, 2022
This repository contains a set of InternalBlue patches for the BCM4375B1 Bluetooth controller, allowing to sniff and inject Zigbee, Mosart and Enhanced ShockBurst packets from a Samsung Galaxy S20 smartphone.

RadioSploit 1.0 - Patches This repository contains a set of InternalBlue patches for the BCM4375B1 Bluetooth controller, allowing to sniff and inject

Romain Cayre 11 Aug 29, 2021
Examples and test programs I made while learning the DPDK.

The DPDK Examples (WIP) Description A small repository I will be using to store my progress and test programs from the DPDK, a kernel bypass library v

Christian Deacon 17 Sep 22, 2022
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

Robert David Graham 19.6k Sep 17, 2022
XDP programs that increment stat counters for packets/bytes.

XDP Stats Description This is a program that calculates stats inside of an XDP program (support for both XDP_DROP and XDP_TX). As of right now, the st

Christian Deacon 8 Sep 14, 2022