pcap

PCAP ( p acket cap ture) is a free programming interface (API) for network traffic up capture. Unix-like operating systems implement pcap in the form of the libpcap library ; Windows PCs use the WinPcap adaptation for this functionality.

Network analysis programs that contain a sniffer function use these interfaces to pick up packets directly on the network interface. The library also supports a list of all available network interfaces and the option of saving "overheard" packets in a file. The data collected in this way can then be evaluated using appropriate tools. A file saved in this way can be interpreted by both libpcap and WinPcap programs.

The API is structured in such a way that it can be integrated directly by C and C ++ . Other programming languages like Java , .NET or scripting languages usually use a wrapper .

List of programs with libpcap / WinPcap

There are a number of commercial and open source products that use pcap functionality:

tcpdump , a tool to record network traffic on a Linux computer ( Windump for Windows).
ngrep , known as network grep , is a program to find certain strings in packets and display them legibly.
Wireshark (formerly Ethereal), a graphical network analysis tool.
Snort , a free implementation of IDS and IPS .
ssldump , a free SSLv3 / TLS analysis tool.
Tranalyzer, a free PCAP analysis and troubleshooting tool
Nmap , a very popular port scanner and finger printer expert.
Captcp , comprehensive tool for the analysis of TCP.
FRITZ! Powerline installation program from AVM

Web links

Official project page for Windows (WinPcap) (English)
Official project page for Linux (LibPcap and tcpdump) (English)

Individual evidence

↑ libpcap packet capture tutorial (English) - Implementation tutorial for C and C ++ by Martin Casado , at Stanford University

[1] libpcap packet capture tutorial (English) - Implementation tutorial for C and C ++ by Martin Casado , at Stanford University