seladb/PcapPlusPlus - Githubissues

[![PcapPlusPlus Logo](https://pcapplusplus.github.io/img/logo/logo_color.png)](https://pcapplusplus.github.io) [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/seladb/PcapPlusPlus/build_and_test.yml?branch=master&label=Actions&logo=github&style=flat)](https://github.com/seladb/PcapPlusPlus/actions?query=workflow%3A%22Build+and+test%22) [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/seladb/PcapPlusPlus/codeql.yml?branch=master&label=CodeQL&logo=github&style=flat)](https://github.com/seladb/PcapPlusPlus/actions?query=workflow%3A%22CodeQL%22) [![Codecov](https://img.shields.io/codecov/c/github/seladb/PcapPlusPlus?logo=codecov&logoColor=white)](https://app.codecov.io/github/seladb/PcapPlusPlus) [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/seladb/PcapPlusPlus/badge)](https://scorecard.dev/viewer/?uri=github.com/seladb/PcapPlusPlus) [![GitHub contributors](https://img.shields.io/github/contributors/seladb/PcapPlusPlus?style=flat&label=Contributors&logo=github)](https://github.com/seladb/PcapPlusPlus/graphs/contributors) [![Twitter Follow](https://img.shields.io/badge/follow-%40seladb-1DA1F2?logo=x&style=social)](https://x.com/intent/follow?screen_name=seladb) [![GitHub Repo stars](https://img.shields.io/github/stars/seladb/PcapPlusPlus?style=social)]()

PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use.

PcapPlusPlus enables decoding and forging capabilities for a large variety of network protocols. It also provides easy to use C++ wrappers for the most popular packet processing engines such as libpcap, WinPcap, Npcap, DPDK, eBPF AF_XDP and PF_RING.

Table Of Contents
Download
Feature Overview
Getting Started
API Documentation
Multi Platform Support
Supported Network Protocols
DPDK And PF_RING Support
Benchmarks
Provide Feedback
Contributing
License

Download

You can choose between downloading from GitHub release page, use a package manager or build PcapPlusPlus yourself. For more details please visit the Download page in PcapPlusPlus web-site.

GitHub Release Page

https://github.com/seladb/PcapPlusPlus/releases/latest

Homebrew

brew install pcapplusplus

Homebrew formulae: https://formulae.brew.sh/formula/pcapplusplus

Vcpkg

Windows:

.\vcpkg install pcapplusplus

MacOS/Linux:

vcpkg install pcapplusplus

Vcpkg port: https://github.com/microsoft/vcpkg/tree/master/ports/pcapplusplus

Conan

conan install "pcapplusplus/[>0]@" -u

The package in ConanCenter: https://conan.io/center/pcapplusplus

Build It Yourself

Clone the git repository:

git clone https://github.com/seladb/PcapPlusPlus.git

Follow the build instructions according to your platform in the Build From Source page in PcapPlusPlus web-site.

Feature Overview

Packet capture through an easy to use C++ wrapper for popular packet capture engines such as libpcap, WinPcap, Npcap, Intel DPDK, eBPF AF_XDP, ntop’s PF_RING and raw sockets [Learn more]
Packet parsing and crafting including detailed analysis of protocols and layers, packet generation and packet edit for a large variety of network protocols [Learn more]
Read and write packets from/to files in both PCAP and PCAPNG formats [Learn more]
Packet processing in line rate through an efficient and easy to use C++ wrapper for DPDK, eBPF AF_XDP and PF_RING [Learn more]
Multiplatform support - PcapPlusPlus is fully supported on Linux, MacOS, Windows, Android and FreeBSD
Packet reassembly - unique implementation of TCP Reassembly which includes TCP retransmission, out-of-order TCP packets and missing TCP data, and IP Fragmentation and Defragmentation to create and reassemble IPv4 and IPv6 fragments [Learn more]
Packet filtering that makes libpcap's BPF filters a lot more user-friendly [Learn more]
TLS Fingerprinting - a C++ implementation of JA3 and JA3S TLS fingerprinting [Learn more]

Getting Started

Writing applications with PcapPlusPlus is very easy and intuitive. Here is a simple application that shows how to read a packet from a PCAP file and parse it:

#include <iostream>
#include "IPv4Layer.h"
#include "Packet.h"
#include "PcapFileDevice.h"

int main(int argc, char* argv[])
{
    // open a pcap file for reading
    pcpp::PcapFileReaderDevice reader("1_packet.pcap");
    if (!reader.open())
    {
        std::cerr << "Error opening the pcap file" << std::endl;
        return 1;
    }

    // read the first (and only) packet from the file
    pcpp::RawPacket rawPacket;
    if (!reader.getNextPacket(rawPacket))
    {
        std::cerr << "Couldn't read the first packet in the file" << std::endl;
        return 1;
    }

    // parse the raw packet into a parsed packet
    pcpp::Packet parsedPacket(&rawPacket);

    // verify the packet is IPv4
    if (parsedPacket.isPacketOfType(pcpp::IPv4))
    {
        // extract source and dest IPs
        pcpp::IPv4Address srcIP = parsedPacket.getLayerOfType<pcpp::IPv4Layer>()->getSrcIPv4Address();
        pcpp::IPv4Address destIP = parsedPacket.getLayerOfType<pcpp::IPv4Layer>()->getDstIPv4Address();

        // print source and dest IPs
        std::cout << "Source IP is '" << srcIP << "'; Dest IP is '" << destIP << "'" << std::endl;
    }

    // close the file
    reader.close();

    return 0;
}

You can find much more information in the Getting Started page in PcapPlusPlus web-site. This page will walk you through few easy steps to have an app up and running.

API Documentation

PcapPlusPlus consists of 3 libraries:

Packet++ - a library for parsing, creating and editing network packets
Pcap++ - a library for intercepting and sending packets, providing network and NIC info, stats, etc. It is actually a C++ wrapper for packet capturing engines such as libpcap, WinPcap, Npcap, DPDK and PF_RING
Common++ - a library with some common code utilities used by both Packet++ and Pcap++

You can find an extensive API documentation in the API documentation section in PcapPlusPlus web-site. If you see any missing data please contact us.

Multi Platform Support

PcapPlusPlus is currently supported on Windows

, __Linux__

, __MacOS__

, __Android__

and __FreeBSD__

. Please visit PcapPlusPlus web-site to see all of the [supported platforms](https://pcapplusplus.github.io/docs/platforms) and refer to the [Download](#download) section to start using PcapPlusPlus on your platform. ## Supported Network Protocols PcapPlusPlus currently supports parsing, editing and creation of packets of the following protocols: ### Data Link Layer (L2) 1. Ethernet II 2. IEEE 802.3 Ethernet 3. LLC (Only BPDU supported) 4. Null/Loopback 5. Packet trailer (a.k.a footer or padding) 6. PPPoE 7. SLL (Linux cooked capture) 8. SLL2 (Linux cooked capture v2) 9. STP 10. VLAN 11. VXLAN 12. Wake on LAN (WoL) 13. NFLOG (Linux Netfilter NFLOG) - parsing only (no editing capabilities) ### Network Layer (L3) 14. ARP 15. GRE 16. ICMP 17. ICMPv6 18. IGMP (IGMPv1, IGMPv2 and IGMPv3 are supported) 19. IPv4 20. IPv6 21. MPLS 22. NDP 23. Raw IP (IPv4 & IPv6) 24. VRRP (IPv4 & IPv6) ### Transport Layer (L4) 25. COTP 26. GTP (v1) 27. IPSec AH & ESP - parsing only (no editing capabilities) 28. TCP 29. TPKT 30. UDP ### Session Layer (L5) 31. SDP 32. SIP ### Presentation Layer (L6) 33. SSL/TLS - parsing only (no editing capabilities) ### Application Layer (L7) 34. ASN.1 decoder and encoder 35. BGP (v4) 36. DHCP 37. DHCPv6 38. DNS 39. FTP 40. HTTP headers (request & response) 41. LDAP 42. NTP (v3, v4) 43. Radius 44. S7 Communication (S7comm) 45. SMTP 46. SOME/IP 47. SSH - parsing only (no editing capabilities) 48. Telnet - parsing only (no editing capabilities) 49. Generic payload ## DPDK And PF_RING Support [The Data Plane Development Kit (DPDK)](https://www.dpdk.org/) is a set of data plane libraries and network interface controller drivers for fast packet processing. [PF_RING™](https://www.ntop.org/products/packet-capture/pf_ring/) is a new type of network socket that dramatically improves the packet capture speed. Both frameworks provide very fast packets processing (up to line speed) and are used in many network applications such as routers, firewalls, load balancers, etc. PcapPlusPLus provides a C++ abstraction layer over DPDK & PF_RING. This abstraction layer provides an easy to use interface that removes a lot of the boilerplate involved in using these frameworks. You can learn more by visiting the [DPDK](https://pcapplusplus.github.io/docs/dpdk) & [PF_RING](https://pcapplusplus.github.io/docs/features#pf_ring-support) support pages in PcapPlusPlus web-site. ## Benchmarks We used Matias Fontanini's [packet-capture-benchmarks](https://github.com/mfontanini/packet-capture-benchmarks) project to compare the performance of PcapPlusPlus with other similar C++ libraries (such as `libtins` and `libcrafter`). You can see the results in the [Benchmarks](https://pcapplusplus.github.io/docs/benchmark) page in PcapPlusPlus web-site. ## Provide Feedback We'd be more than happy to get feedback, please feel free to reach out to us in any of the following ways: - Open a GitHub ticket - Post a message in PcapPlusPlus Google group: - Ask a question on Stack Overflow: - Send an email to: - Follow us on Twitter: If you like this project please __Star us on GitHub — it helps!__ :star: :star: Please visit the [PcapPlusPlus web-site](https://pcapplusplus.github.io/community) to learn more. ## Contributing We would very much appreciate any contribution to this project. If you're interested in contributing please visit the [contribution page](https://pcapplusplus.github.io/community#contribute) in PcapPlusPlus web-site. ## License PcapPlusPlus is released under the [Unlicense license](https://choosealicense.com/licenses/unlicense/). [![GitHub](https://img.shields.io/github/license/seladb/PcapPlusPlus?style=flat&color=blue&logo=unlicense)](https://choosealicense.com/licenses/unlicense/)