PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, WinPcap, DPDK and PF_RING.

Related tags

Networking and Internet windows linux c-plus-plus pcap networking cpp dpdk network-forensics pf-ring packet-parsing mac-osx network-tools winpcap pcap-files packet-processing libpcap multiplatform packet-crafting tcp-reassembly pcapplusplus
Overview

PcapPlusPlus Logo

GitHub Actions Build Status Build Status Build status Language grade: C/C++ Follow PcapPlusPlus

PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use.

PcapPlusPlus enables decoding and forging capabilities for a large variety of network protocols. It also provides easy to use C++ wrappers for the most popular packet processing engines such as libpcap, WinPcap, Npcap, DPDK and PF_RING.

Table Of Contents

Download

You can choose between downloading pre-compiled binaries and build PcapPlusPlus yourself. For more details please visit the Download page in PcapPlusPlus web-site.

Pre Compiled Binaries

From Homebrew:

brew install pcapplusplus

From Conan:

conan remote add public-conan https://api.bintray.com/conan/bincrafters/public-conan
conan install pcapplusplus/20.08@bincrafters/stable -r public-conan

From GitHub release page:

https://github.com/seladb/PcapPlusPlus/releases/latest

Build It Yourself

Clone the git repository:

git clone https://github.com/seladb/PcapPlusPlus.git

Follow the build instructions according to your platform in the Build From Source page in PcapPlusPlus web-site.

Feature Overview

  • Packet capture through an easy to use C++ wrapper for popular packet capture engines such as libpcap, WinPcap, Npcap, Intel DPDK, ntop’s PF_RING and raw sockets [Learn more]
  • Packet parsing and crafting including detailed analysis of protocols and layers, packet generation and packet edit for a large variety of network protocols [Learn more]
  • Read and write packets from/to files in both PCAP and PCAPNG formats [Learn more]
  • Packet processing in line rate through an efficient and easy to use C++ wrapper for DPDK and PF_RING [Learn more]
  • Multiplatform support - PcapPlusPlus is fully supported on Linux, MacOS, Windows and FreeBSD
  • Packet reassembly - unique implementation of TCP Reassembly which includes TCP retransmission, out-of-order TCP packets and missing TCP data, and IP Fragmentation and Defragmentation to create and reassemble IPv4 and IPv6 fragments [Learn more]
  • Packet filtering that makes libpcap's BPF filters a lot more user-friendly [Learn more]
  • TLS Fingerprinting - a C++ implementation of JA3 and JA3S TLS fingerprinting [Learn more]

Getting Started

Writing applications with PcapPlusPlus is very easy and intuitive. Here is a simple application that shows how to read a packet from a PCAP file and parse it:

#include "IPv4Layer.h"
#include "Packet.h"
#include "PcapFileDevice.h"

int main(int argc, char* argv[])
{
    // open a pcap file for reading
    pcpp::PcapFileReaderDevice reader("1_packet.pcap");
    if (!reader.open())
    {
        printf("Error opening the pcap file\n");
        return 1;
    }

    // read the first (and only) packet from the file
    pcpp::RawPacket rawPacket;
    if (!reader.getNextPacket(rawPacket))
    {
        printf("Couldn't read the first packet in the file\n");
        return 1;
    }

    // parse the raw packet into a parsed packet
    pcpp::Packet parsedPacket(&rawPacket);

    // verify the packet is IPv4
    if (parsedPacket.isPacketOfType(pcpp::IPv4))
    {
        // extract source and dest IPs
        pcpp::IPv4Address srcIP = parsedPacket.getLayerOfType<pcpp::IPv4Layer>()->getSrcIPv4Address();
        pcpp::IPv4Address destIP = parsedPacket.getLayerOfType<pcpp::IPv4Layer>()->getDstIPv4Address();

        // print source and dest IPs
        printf("Source IP is '%s'; Dest IP is '%s'\n", srcIP.toString().c_str(), destIP.toString().c_str());
    }

    // close the file
    reader.close();

    return 0;
}

You can find much more information in the Getting Started page in PcapPlusPlus web-site. This page will walk you through few easy steps to have an app up and running.

API Documentation

PcapPlusPlus consists of 3 libraries:

  1. Packet++ - a library for parsing, creating and editing network packets
  2. Pcap++ - a library for intercepting and sending packets, providing network and NIC info, stats, etc. It is actually a C++ wrapper for packet capturing engines such as libpcap, WinPcap, Npcap, DPDK and PF_RING
  3. Common++ - a library with some common code utilities used by both Packet++ and Pcap++

You can find an extensive API documentation in the API documentation section in PcapPlusPlus web-site. If you see any missing data please contact us.

Multi Platform Support

PcapPlusPlus is currently supported on Windows, Linux, MacOS and FreeBSD. Please visit PcapPlusPlus web-site to see all of the supported platforms and refer to the Download section to start using PcapPlusPlus on your platform.

Supported Network Protocols

PcapPlusPlus currently supports parsing, editing and creation of packets of the following protocols:

  1. Ethernet II
  2. IEEE 802.3 Ethernet
  3. SLL (Linux cooked capture)
  4. Null/Loopback
  5. Raw IP (IPv4 & IPv6)
  6. IPv4
  7. IPv6
  8. ARP
  9. VLAN
  10. VXLAN
  11. MPLS
  12. PPPoE
  13. GRE
  14. TCP
  15. UDP
  16. GTP (v1)
  17. ICMP
  18. IGMP (IGMPv1, IGMPv2 and IGMPv3 are supported)
  19. IPSec AH & ESP - parsing only (no editing capabilities)
  20. SIP
  21. SDP
  22. Radius
  23. DNS
  24. DHCP
  25. BGP (v4)
  26. SSH - parsing only (no editing capabilities)
  27. HTTP headers (request & response)
  28. SSL/TLS - parsing only (no editing capabilities)
  29. Packet trailer (a.k.a footer or padding)
  30. Generic payload

DPDK And PF_RING Support

The Data Plane Development Kit (DPDK) is a set of data plane libraries and network interface controller drivers for fast packet processing.

PF_RING™ is a new type of network socket that dramatically improves the packet capture speed.

Both frameworks provide very fast packets processing (up to line speed) and are used in many network applications such as routers, firewalls, load balancers, etc. PcapPlusPLus provides a C++ abstraction layer over DPDK & PF_RING. This abstraction layer provides an easy to use interface that removes a lot of the boilerplate involved in using these frameworks. You can learn more by visiting the DPDK & PF_RING support pages in PcapPlusPlus web-site.

Benchmarks

We used Matias Fontanini's packet-capture-benchmarks project to compare the performance of PcapPlusPlus with other similar C++ libraries (such as libtins and libcrafter).

You can see the results in the Benchmarks page in PcapPlusPlus web-site.

Provide Feedback

We'd be more than happy to get feedback, please feel free to reach out to us in any of the following ways:

If you like this project please Star us on GitHub — it helps!

Please visit the PcapPlusPlus web-site to learn more.

Contributing

We would very much appreciate any contribution to this project. If you're interested in contributing please visit the contribution page in PcapPlusPlus web-site.

License

PcapPlusPlus is released under the Unlicense license.

Comments
  • CMake support?

    CMake support?

    Hello, and thanks for your work!

    I am using PcapPlusPlus in a project, and we use cmake for our build system. I have written some simple, modern cmake files which allow your work to be easily included in existing source trees that use cmake; for example as a github sub-module.

    Would you have any interest in a PR to add support for it upstream? Currently, I've only tested it on Linux, but I don't think it would be difficult to deal with Windows/macOS as well.

    enhancement help wanted 
    opened by eteran 48
  • introduce CMake build system

    introduce CMake build system

    Hi,

    I have updated the cmake branch, and compilation of libs examples and tests are okay on my linux.

    Unfortunately I don't know much about github-ci, so I din't backport travis jobs.

    opened by clementperon 36
  • Add TcpSorter to support sorting TCP segments.

    Add TcpSorter to support sorting TCP segments.

    I have performed online capturing test and offline pcap file test. The result looks good.

    Also, I ran valgrind to check memory leak for hours. The shared pointer makes my life easier. I did find pcap library itself has memory leak when lists NIC. I didn't look deeper into the issue since I can't fix libpcap here.

    Regarding to the TCP sorter logic, the TCP packet is flushed to the user once another side sends ACK. You can find more technical detail in the Doxygen header.

    opened by rickyzhang82 34
  • Bug in IDnsResource::decodeName.

    Bug in IDnsResource::decodeName.

    If non-dns packet gets into DnsLayer, then we will get SIGSEGV, because function size_t IDnsResource::decodeName not checking going beyond the limits of the packet.

    bug 
    opened by max197616 32
  • 22.05 build fails on dpdk

    22.05 build fails on dpdk

    Using openSUSE Tumbleweed on x86_64, after the 22.05 update I'm seeing this error:

    ==== Building target: Pcap++ ====
Building file: src/DpdkDevice.cpp
src/DpdkDevice.cpp: In member function 'bool pcpp::DpdkDevice::configurePort(uint8_t, uint8_t)':
src/DpdkDevice.cpp:44:57: error: 'ETH_RSS' was not declared in this scope; did you mean 'ETH_RSS_AH'?
   44 | #define DPDK_CONFIG_MQ_MODE                             ETH_RSS
      |                                                         ^~~~~~~
src/DpdkDevice.cpp:249:35: note: in expansion of macro 'DPDK_CONFIG_MQ_MODE'
  249 |         portConf.rxmode.mq_mode = DPDK_CONFIG_MQ_MODE;
      |                                   ^~~~~~~~~~~~~~~~~~~
src/DpdkDevice.cpp: In member function 'bool pcpp::DpdkDevice::startCaptureSingleThread(pcpp::OnDpdkPacketsArriveCallback, void*)':
src/DpdkDevice.cpp:566:36: error: 'rte_get_master_lcore' was not declared in this scope; did you mean 'rte_get_main_lcore'?
  566 |                 if (coreId == (int)rte_get_master_lcore() || !rte_lcore_is_enabled(coreId))
      |                                    ^~~~~~~~~~~~~~~~~~~~
      |                                    rte_get_main_lcore

    Using dpdk 21.11.1.

    packaging 
    opened by lgbaldoni 27
  • intel XL710 i40e driver got PMD 'net_i40e' doesn't support the request RSS hash functions 0x41

    intel XL710 i40e driver got PMD 'net_i40e' doesn't support the request RSS hash functions 0x41

    Just as title, I got issue of intel XL710 NIC

    Envirorment dpdk 20.11 LTS PcapPlusPlus 21.11 Ubuntu 20.04

    setup command ./setup_dpdk.py setup -g 2048 -i enp11s0f0

    execute command

    ./PcapPlusPlus-21.11/Dist/DpdkExample-FilterTraffic -d 0

    envirorment

    driver: i40e
version: 2.14.13
firmware-version: 8.60 0x8000bd7c 1.3140.0
expansion-rom-version: 
bus-info: 0000:0b:00.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: yes

    How can i fix it?

    bug enhancement 
    opened by laskdjlaskdj12 27
  • Modifying code cause undefined behavior

    Modifying code cause undefined behavior

    @seladb

    This issue more or less likely reproducible. But I don't know what's the root cause of this.

    Anyway, I modified PcapPlusPlus's SSL as follows,

    On SSLHandshake.cpp I replaced the following code

    SSLCipherSuite* SSLClientHelloMessage::getCipherSuite(int index) const
{
	if (index < 0 || index >= getCipherSuiteCount())
		return NULL;

	size_t cipherSuiteStartOffset = sizeof(ssl_tls_client_server_hello) + sizeof(uint8_t) + getSessionIDLength() + sizeof(uint16_t);
	if (cipherSuiteStartOffset + sizeof(uint16_t) > m_DataLen)
		return NULL;

	uint16_t* cipherSuiteStartPos = (uint16_t*)(m_Data + cipherSuiteStartOffset);
	return SSLCipherSuite::getCipherSuiteByID(be16toh(*(cipherSuiteStartPos+index)));
}

    with

    uint16_t SSLClientHelloMessage::getCipherSuiteHexValue(int index) const
{
	if (index < 0 || index >= getCipherSuiteCount())
		return 0;

	size_t cipherSuiteStartOffset = sizeof(ssl_tls_client_server_hello) + sizeof(uint8_t) + getSessionIDLength() + sizeof(uint16_t);
	if (cipherSuiteStartOffset + sizeof(uint16_t) > m_DataLen)
		return 0;

	uint16_t* cipherSuiteStartPos = (uint16_t*)(m_Data + cipherSuiteStartOffset);
	return be16toh(*(cipherSuiteStartPos+index));
}

    Then added following header declaration on SSLHandshake.h

    	/**
	 * Get hex value of a cipher-suite by index.
	 * @param[in] index The index of the cipher-suite to return
	 * @return The hex value of the cipher-suite or NULL if index is out of bounds
	 */

	uint16_t getCipherSuiteHexValue(int index) const;

    Then I just removed tests related to SSL and compiled the lib as usual

    At first Iterations when I run my program, it works fine but after couple of days I noticing it outputs weird cipher suite counts like 1200 and 1500, 9000 and so on when calling the getCipherSuiteCount() method on lib.

    The exact CipherSuiteCount for Chrome is 16 and for Firefox is 18

    The program outputs 16 and 18 at first days but somehow magically it get broken after days even after re-compiled it output same wired numbers.

    I greatly appreciate your opinion on this matter!

    question 
    opened by gerald-dotcom 27
  • Pcap++ test issue related to the RSS hash function 0x41

    Pcap++ test issue related to the RSS hash function 0x41

    Here is the snippet of when we are trying to run the Bin/Pcap++ test.EAL: Detected 24 lcore(s) EAL: Probing VFIO support... EAL: PCI device 0000:01:00.0 on NUMA socket -1 EAL: probe driver: 8086:10d3 net_e1000_em EAL: PCI device 0000:04:00.0 on NUMA socket -1 EAL: probe driver: 8086:1583 net_i40e EAL: PCI device 0000:04:00.1 on NUMA socket -1 EAL: probe driver: 8086:1583 net_i40e PMD: eth_i40e_dev_init(): FW 6.0 API 1.7 NVM 06.00.01 eetrack 800035da [src/DpdkDeviceList.cpp : initDpdkDevices : line:164 ] Found 1 DPDK ports. Constructing DpdkDevice for each one [src/DpdkDevice.cpp : initMemPool : line:623 ] Successfully initialized packets pool of size [16383] for device [DPDK_0] [src/DpdkDevice.cpp : setDeviceInfo : line:722 ] Device [DPDK_0] has 320 RX queues [src/DpdkDevice.cpp : setDeviceInfo : line:723 ] Device [DPDK_0] has 320 TX queues [src/DpdkDeviceList.cpp : initDpdkDevices : line:175 ] DpdkDevice #0: Name='DPDK_0', PCI-slot='0000:04:00.1', PMD='net_i40e', MAC Addr='3c:fd:fe:c3:38:d9' PMD 'net_i40e' doesn't support the request RSS hash functions 0x41 TestDpdkDevice : FAILED. assertion failed: Cannot open DPDK device PMD 'net_i40e' doesn't support the request RSS hash functions 0x41 TestDpdkMultiThread : FAILED. assertion failed: Cannot open DPDK device 'DPDK_0' with 16 RX queues [src/DpdkDevice.cpp : close : line:455 ] Trying to close device [DPDK_0] but device is already closed PMD 'net_i40e' doesn't support the request RSS hash functions 0x41 TestDpdkDeviceSendPackets : FAILED. assertion failed: Cannot open DPDK device 'DPDK_0' with 320 TX queues [src/DpdkDevice.cpp : close : line:455 ] Trying to close device [DPDK_0] but device is already closed PMD 'net_i40e' doesn't support the request RSS hash functions 0x41 TestDpdkMbufRawPacket : FAILED. assertion failed: Cannot open DPDK device TestDpdkDeviceWorkerThreads : FAILED. assertion failed: Couldn't open DPDK device

    Also, about the setup script, I did the setup complete. Here is the current status: root@ubuntu:~/PcapPlusPlus# ./setup-dpdk.sh -s

    PcapPlusPlus setup DPDK script

    Network devices using DPDK-compatible driver

    0000:04:00.1 'Ethernet Controller XL710 for 40GbE QSFP+' drv=igb_uio unused=uio_pci_generic

    Network devices using kernel driver

    0000:01:00.0 '82574L Gigabit Network Connection' if=eth0 drv=e1000e unused=igb_uio,uio_pci_generic Active

    Other network devices

    0000:04:00.0 'Ethernet Controller XL710 for 40GbE QSFP+' unused=igb_uio,uio_pci_generic

    Crypto devices using DPDK-compatible driver

    Crypto devices using kernel driver

    Other crypto devices

    And we are planning to use one port for now, and we are getting this error:

    PMD 'net_i40e' doesn't support the request RSS hash functions 0x41 TestDpdkDevice : FAILED. assertion failed: Cannot open DPDK device PMD 'net_i40e' doesn't support the request RSS hash functions 0x41 TestDpdkMultiThread : FAILED. assertion failed: Cannot open DPDK device 'DPDK_0' with 16 RX queues [src/DpdkDevice.cpp : close : line:455 ] Trying to close device [DPDK_0] but device is already closed PMD 'net_i40e' doesn't support the request RSS hash functions 0x41 TestDpdkDeviceSendPackets : FAILED. assertion failed: Cannot open DPDK device 'DPDK_0' with 320 TX queues [src/DpdkDevice.cpp : close : line:455 ] Trying to close device [DPDK_0] but device is already closed PMD 'net_i40e' doesn't support the request RSS hash functions 0x41 TestDpdkMbufRawPacket : FAILED. assertion failed: Cannot open DPDK device TestDpdkDeviceWorkerThreads : FAILED. assertion failed: Couldn't open DPDK device

    I have few queries:

    • I can see the traffic moving from one side to another, I am trying to test with the following command: root@ubuntu:~/PcapPlusPlus/Tests/Pcap++Test# Bin/Pcap++Test -i x.x.x.x -r x.x.x.x -k p1p2 -d
    • May I know why this is happening, why the TestDpdkWorkerThreads test is failing?
    • About the RSS hash 0x41, are there any such hardware constraint which can or cannot support the function?
    • We have classic DPDK huge pages of 1 GB and 16 of them, and while setup I put -p as 16 only.

    Need ur help in this scenario.

    opened by sabhishepalc 24
  • The new classes IPv4Address, IPv6Address and IPAddress (discussion)

    The new classes IPv4Address, IPv6Address and IPAddress (discussion)

    I have developed the new lightweight classes for manipulating the IP addresses. These are very fast and use less memory.

    I have made the tests for the most common use case: creation the address out of byte array (for example: IP/TCP reassembly logic). The tests ran under Core i7 9700K, Win10(x64):

    === Current ===
Sizeof IPv4 = 68
Sizeof IPv6 = 80
IPv4 (uint): duration(ms) = 1803, iterations = 10.000.000, calls per sec = 5.546.000
IPv6: duration(ms) = 4411, iterations = 10.000.000, calls per sec = 2.267.000

=== New ===
Sizeof IPv4 = 4
Sizeof IPv6 = 16
Sizeof IP = 24
IPv4 (uint): duration(ms) = 12, iterations = 10.000.000, calls per sec = 833.333.000
IPv6: duration(ms) = 32, iterations = 10.000.000, calls per sec = 312.500.000

    Replacing the old classes to the new ones will take some time so I placed the new classes into namespace experimental. First of all I am planning to change the IPReassembly and TCPReassembly.

    Is any chance that this PR will be merged?

    opened by gx740 23
  • TcpReassembly (question)

    TcpReassembly (question)

    I have found that the methods closeConnectionInternal and closeAllConnections have different behavior in relation to m_ConnectionInfo vector. The closeAllConnections clears this vector while closeConnectionInternal does not remove the data from it.

    Should closeConnectionInternal remove data from vector or not?

    bug 
    opened by gx740 23
  • Npcap read + write wastes memory

    Npcap read + write wastes memory

    SKIP THIS POST AND GO TO BOTTOM - I was wrong here!

    Just FYI I am using NPCAP as my capture library behind the scenes and working in Windows 10.

    In the example live capture code a simple example is given to capture live packets with a callback

    // start capture in async mode. Give a callback function to call to whenever a packet is captured and the stats object as the cookie
dev->startCapture(onPacketArrives, &stats);

/**
 * A callback function for the async capture which is called each time a packet is captured
 */
static void onPacketArrives(pcpp::RawPacket* packet, pcpp::PcapLiveDevice* dev, void* cookie)
{
	// extract the stats object form the cookie
	PacketStats* stats = (PacketStats*)cookie;

	// parsed the raw packet
	pcpp::Packet parsedPacket(packet);

	// collect stats from packet
	stats->consumePacket(parsedPacket);
}

    When i run this in windows the memory usage seems to be growing unbounded. Granted I have only run it for up to one minute (initial testing and dev) but memory usage is steadily ticking up. I would expect it to more or less reach a steady state and plateau (I am capturing from a sensor device that provides a more or less steady stream).

    Looking at the live PcapLiveDevice code that runs our callback function it creates a RawPacket with the flag NOT to release the packet memory. Why?

    void PcapLiveDevice::onPacketArrives(uint8_t *user, const struct pcap_pkthdr *pkthdr, const uint8_t *packet)
{
	PcapLiveDevice* pThis = (PcapLiveDevice*)user;
	if (pThis == NULL)
	{
		LOG_ERROR("Unable to extract PcapLiveDevice instance");
		return;
	}

	RawPacket rawPacket(packet, pkthdr->caplen, pkthdr->ts, false, pThis->getLinkType());

	if (pThis->m_cbOnPacketArrives != NULL)
		pThis->m_cbOnPacketArrives(&rawPacket, pThis, pThis->m_cbOnPacketArrivesUserCookie);
}

    Are we expected to release the raw packet pointer in our callback? That isn't in the example code. Or is there something in the libraries behind the scene the it keeps a cache of captures and eventually cleans that up it self?

    If I recompile the code with the flag swapped to true my memory plateaus at a few MB and stays steady (which is what I originally expected).

    Anyways please let me know how the memory is expected to be managed here.

    enhancement 
    opened by Dysl3xik 23
  • Padding question

    Padding question

    Hello, I seem to have issue with the location of packet trailer layer in payload. When I get UDPLayer, the actual data in payload that goes after header is offset by the number of bytes that is always equal to the length of packet trailer layer that is present in both datagram types (there are 2 types of PDUs and both have the same offset). The question is, is it a bug or is it a consistent behavior that is supposed to happen? I thought that padding should go after the data, not between payload and header. I am using IPv4 reassembly in this case. I have no issue with short PDU where no reassembly is needed. Thank you!

    bug 
    opened by ogozman 8
  • Better support for subnets

    Better support for subnets

    As discussed here: https://www.reddit.com/r/cpp/comments/yqngc1/comment/ivrmm9u/?utm_source=share&utm_medium=web2x&context=3

    We can improve our support for subnets by creating an IPv4Network and IPv6Network classes that will represent subnets like 192.168.0.0/16 or 2001:db00::0/ffff:ff00:: and then use them to match subnets in IPv4Address and IPv6Address. This is somewhat similar to the Python approach: https://docs.python.org/3/library/ipaddress.html#ipaddress.IPv4Network

    enhancement good first issue 
    opened by seladb 0
Releases(v22.11)
Owner
null
GitHub https://pcapplusplus.github.io/
the LIBpcap interface to various kernel packet capture mechanism

LIBPCAP 1.x.y by The Tcpdump Group To report a security issue please send an e-mail to [email protected]. To report bugs and other problems, contri

The Tcpdump Group 2.1k Dec 29, 2022
DPDK / Packet processing experimentation project

flow-orchestrator About This is currently just a platform for me to learn more about DPDK and to have a foundation for some experiments. Building Buil

stefan 4 May 6, 2022
A software C library designed to extract data attributes from network packets, server logs, and from structured events in general, in order to make them available for analysis

MMT-DPI A software C library desinged to extract data attributes from network packets, server logs, and from structured events in general, in odrder t

Montimage 3 Nov 9, 2022
A special version of Packet Batch that utilizes AF_XDP Linux sockets (this should be faster than the standard version, but not as fast as the DPDK).

Packet Batch (AF_XDP) Description This is a special version of Packet Batch that utilizes AF_XDP sockets instead of AF_PACKETv3 (which is what the sta

Packet Batch 17 Nov 9, 2022
A special version of Packet Batch that utilizes the DPDK (this should be faster than the standard version).

Packet Batch (DPDK) Description This is a special version of Packet Batch that utilizes the DPDK, a kernel-bypass library. This does not use any form

Packet Batch 10 Oct 30, 2022
The standard Packet Batch application that uses standard Linux sockets (AF_PACKETv3) for packet generation.

Packet Batch (Standard) Description This is the standard Packet Batch application that utilizes AF_PACKETv3 Linux sockets. Due to AF_PACKETv3 Linux so

Packet Batch 7 Oct 28, 2022
🌱Light and powerful C++ web framework for highly scalable and resource-efficient web application. It's zero-dependency and easy-portable.

Oat++ News Hey, meet the new oatpp version 1.2.5! See the changelog for details. Check out the new oatpp ORM - read more here. Oat++ is a modern Web F

Oat++ 6k Jan 4, 2023
pwru is an eBPF-based tool for tracing network packets in the Linux kernel with advanced filtering capabilities.

pwru (packet, where are you?) pwru is an eBPF-based tool for tracing network packets in the Linux kernel with advanced filtering capabilities. It allo

Cilium 1.1k Dec 28, 2022
High-speed packet processing framework

PF_RING™ Introduction PF_RING™ is a Linux kernel module and user-space framework that allows you to process packets at high-rates while providing you

ntop 2.3k Dec 27, 2022
XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning.

XMap is reimplemented and improved thoroughly from ZMap and is fully compatible with ZMap, armed with the "5 minutes" probing speed and novel scanning techniques. XMap is capable of scanning the 32-bits address space in under 45 minutes.

idealeer 190 Dec 24, 2022
An easy to use and powerful open source websocket library written in C.

libwebsock Easy to use C library for websockets This library allows for quick and easy development of applications that use the websocket protocol, wi

Jonathan Hall 47 Nov 13, 2022
network packet indexing and querying

_______ _____.___. ________ _____ _____ \ \\__ | |/ _____/ / \ / _ \ / | \/ | / \ ___ / \ / \ / /_\

64k & stackless-goto 18 Dec 15, 2021
A Simple CLI Network Packet Sniffer

packt packt is a simple CL(command line) network packet sniffer which can run on any unix-like OS including termux (Android). packt works by first ope

null 6 Oct 19, 2022
Level up your Beat Saber experience on Quest! AnyTweaks provides various tweaks to help boost your experience on Quest, such as Bloom, FPS Counter and more.

Need help/support? Ask in one of BSMG's support channels for Quest, or join my Discord server! AnyTweaks Level up your Beat Saber experience on Quest!

kaitlyn~ 19 Nov 20, 2022
A high-performance and easy-to-use C++ network library.

pine A high-performance and easy-to-use C++ network library. Now this is just a toy library for education purpose, do not use in production. example A

Baroquer 80 Dec 30, 2022
This repository contains a set of InternalBlue patches for the BCM4375B1 Bluetooth controller, allowing to sniff and inject Zigbee, Mosart and Enhanced ShockBurst packets from a Samsung Galaxy S20 smartphone.

RadioSploit 1.0 - Patches This repository contains a set of InternalBlue patches for the BCM4375B1 Bluetooth controller, allowing to sniff and inject

Romain Cayre 12 Nov 1, 2022
Examples and test programs I made while learning the DPDK.

The DPDK Examples (WIP) Description A small repository I will be using to store my progress and test programs from the DPDK, a kernel bypass library v

Christian Deacon 24 Dec 19, 2022
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

Robert David Graham 20.4k Jan 4, 2023
XDP programs that increment stat counters for packets/bytes.

XDP Stats Description This is a program that calculates stats inside of an XDP program (support for both XDP_DROP and XDP_TX). As of right now, the st

Christian Deacon 10 Oct 30, 2022