pcap
PCAP ( p acket cap ture) is a free programming interface (API) for network traffic up capture. Unix-like operating systems implement pcap in the form of the libpcap library ; Windows PCs use the WinPcap adaptation for this functionality.
Network analysis programs that contain a sniffer function use these interfaces to pick up packets directly on the network interface. The library also supports a list of all available network interfaces and the option of saving "overheard" packets in a file. The data collected in this way can then be evaluated using appropriate tools. A file saved in this way can be interpreted by both libpcap and WinPcap programs.
The API is structured in such a way that it can be integrated directly by C and C ++ . Other programming languages like Java , .NET or scripting languages usually use a wrapper .
List of programs with libpcap / WinPcap
There are a number of commercial and open source products that use pcap functionality:
- tcpdump , a tool to record network traffic on a Linux computer ( Windump for Windows).
- ngrep , known as network grep , is a program to find certain strings in packets and display them legibly.
- Wireshark (formerly Ethereal), a graphical network analysis tool.
- Snort , a free implementation of IDS and IPS .
- ssldump , a free SSLv3 / TLS analysis tool.
- Tranalyzer, a free PCAP analysis and troubleshooting tool
- Nmap , a very popular port scanner and finger printer expert.
- Captcp , comprehensive tool for the analysis of TCP.
- FRITZ! Powerline installation program from AVM
Web links
- Official project page for Windows (WinPcap) (English)
- Official project page for Linux (LibPcap and tcpdump) (English)
Individual evidence
- ↑ libpcap packet capture tutorial (English) - Implementation tutorial for C and C ++ by Martin Casado , at Stanford University