XUtils

PcapPlusPlus

a multiplatform C++ network sniffing and packet parsing and crafting framework. [Unlicense]

C/C++
https://github.com/seladb/PcapPlusPlus

Download

You can choose between downloading from GitHub release page, use a package manager or build PcapPlusPlus yourself. For more details please visit the Download page in PcapPlusPlus web-site.

GitHub all releases

GitHub Release Page

https://github.com/seladb/PcapPlusPlus/releases/latest

Homebrew

brew install pcapplusplus

Homebrew formulae: https://formulae.brew.sh/formula/pcapplusplus

Vcpkg

Windows:

.\vcpkg install pcapplusplus

MacOS/Linux:

vcpkg install pcapplusplus

Vcpkg port: https://github.com/microsoft/vcpkg/tree/master/ports/pcapplusplus

Conan

conan install "pcapplusplus/[>0]@" -u

The package in ConanCenter: https://conan.io/center/pcapplusplus

Build It Yourself

Clone the git repository:

git clone https://github.com/seladb/PcapPlusPlus.git

Follow the build instructions according to your platform in the Build From Source page in PcapPlusPlus web-site.

Getting Started

Writing applications with PcapPlusPlus is very easy and intuitive. Here is a simple application that shows how to read a packet from a PCAP file and parse it:

#include <iostream>
#include "IPv4Layer.h"
#include "Packet.h"
#include "PcapFileDevice.h"

int main(int argc, char* argv[])
{
    // open a pcap file for reading
    pcpp::PcapFileReaderDevice reader("1_packet.pcap");
    if (!reader.open())
    {
        std::cerr << "Error opening the pcap file" << std::endl;
        return 1;
    }

    // read the first (and only) packet from the file
    pcpp::RawPacket rawPacket;
    if (!reader.getNextPacket(rawPacket))
    {
        std::cerr << "Couldn't read the first packet in the file" << std::endl;
        return 1;
    }

    // parse the raw packet into a parsed packet
    pcpp::Packet parsedPacket(&rawPacket);

    // verify the packet is IPv4
    if (parsedPacket.isPacketOfType(pcpp::IPv4))
    {
        // extract source and dest IPs
        pcpp::IPv4Address srcIP = parsedPacket.getLayerOfType<pcpp::IPv4Layer>()->getSrcIPv4Address();
        pcpp::IPv4Address destIP = parsedPacket.getLayerOfType<pcpp::IPv4Layer>()->getDstIPv4Address();

        // print source and dest IPs
        std::cout << "Source IP is '" << srcIP << "'; Dest IP is '" << destIP << "'" << std::endl;
    }

    // close the file
    reader.close();

    return 0;
}

You can find much more information in the Getting Started page in PcapPlusPlus web-site. This page will walk you through few easy steps to have an app up and running.

Transport Layer (L4)

  1. COTP
  2. GTP (v1)
  3. IPSec AH & ESP - parsing only (no editing capabilities)
  4. TCP
  5. TPKT
  6. UDP

Session Layer (L5)

  1. SDP
  2. SIP

Presentation Layer (L6)

  1. SSL/TLS - parsing only (no editing capabilities)

Application Layer (L7)

  1. ASN.1 decoder and encoder
  2. BGP (v4)
  3. DHCP
  4. DHCPv6
  5. DNS
  6. FTP
  7. HTTP headers (request & response)
  8. LDAP
  9. NTP (v3, v4)
  10. Radius
  11. S7 Communication (S7comm)
  12. SMTP
  13. SOME/IP
  14. SSH - parsing only (no editing capabilities)
  15. Telnet - parsing only (no editing capabilities)
  16. Generic payload

Benchmarks

We used Matias Fontanini’s packet-capture-benchmarks project to compare the performance of PcapPlusPlus with other similar C++ libraries (such as libtins and libcrafter).

You can see the results in the Benchmarks page in PcapPlusPlus web-site.

Articles

  • coming soon...