Welcome To PcapPlusPlus Web-site

PcapPlusPlus is a multiplatform C++ network sniffing and packet parsing and crafting framework. It's meant to be lightweight, efficient and easy to use

What makes PcapPlusPlus different from similar C++ wrappers for libpcap/WinPcap?

  • Designed to be lightweight and efficient (see benchmark results)
  • Support for DPDK fast packet processing engine which enables packet capturing and transmition in line rate using kernel bypass
  • Support for ntop's PF_RING packet capturing engine that dramatically improves the packet capture speed
  • Support for parsing and editing of many protocols, including L7 protocols like HTTP and SSL/TLS
  • Unique implementation of TCP reassembly logic which includes support of TCP retransmission, out-of-order TCP packets and missing TCP data
  • Support for Remote Capture capabilities on Windows (using RPCAP protocol supported in WinPcap)
  • Support for reading and writing PCAPNG files (a lot more more than currently supported in WinPcap/libpcap)
  • Vast object-oriented filtering mechanism that makes libpcap filters a lot more user-friendly (no need to know the exact filter string to use)

PcapPlusPlus is multi-platform!

PcapPlusPlus is currently supported on Windows, Linux and Mac OS X. It was tested on the follwoing platforms:

Windows
  • Microsoft Visual Studio 2015 - x86 (32-bit) & x64 (64-bit) configurations
  • MinGW32 - x86 (32-bit) configuration only
  • MinGW-w64 - x86 (32-bit) configuration only
Linux
  • Ubuntu (12.04 LTS, 14.04 LTS, 16.04 LTS)
  • Fedora 26
  • CentOS 7
  • It should work on other Linux distributions as well
Mac OS X
  • Yosemite (10.10)
  • El Capitan (10.11)
  • Sierra (10.12)

Supported packet capture engines

PcapPlusPlus currently works with the following packet capture engines:

  • libpcap live capture (on Linux and Mac OS X)
  • WinPcap live capture (on Windows)
  • ntop's Vanilla PF_RING engine (on Linux)
  • Intel DPDK engine (on Linux)
  • WinPcap Remote live capture (on Windows)
  • PCAP and PCAPNG file devices (reading and writing)

Supported protocols

The Packet++ library currently supports parsing, editing and creation of packets of the following protocols:

  • Ethernet
  • SLL (Linux cooked capture)
  • Null/Loopback
  • Raw IP (IPv4 & IPv6)
  • IPv4
  • IPv6
  • ARP
  • VLAN
  • VXLAN
  • MPLS
  • PPPoE
  • GRE
  • TCP
  • UDP
  • ICMP
  • IGMP (IGMPv1, IGMPv2 and IGMPv3 are supported)
  • SIP
  • SDP
  • DNS
  • DHCP
  • HTTP headers (request & response)
  • SSL/TLS - parsing only (no editing capabilities)
  • Packet trailer (a.k.a footer or padding)
  • Generic payload

Packet And Network Utilities

  • TCP reassembly logic
  • IPv4 reassembly logic (a.k.a IPv4 de-fragmentation)
  • Packet hash key creation (by 5-tuple and 2-tuple)
  • Retrieve remote machine MAC address using ARP protocol
  • Retrieve host IPv4 address by using DNS protocol
  • Checksum calculation