Download
You can choose between downloading from GitHub release page, use a package manager or build PcapPlusPlus yourself. For more details please visit the Download page in PcapPlusPlus web-site.
GitHub Release Page
https://github.com/seladb/PcapPlusPlus/releases/latest
Homebrew
brew install pcapplusplus
Homebrew formulae: https://formulae.brew.sh/formula/pcapplusplus
Vcpkg
Windows:
.\vcpkg install pcapplusplus
MacOS/Linux:
vcpkg install pcapplusplus
Vcpkg port: https://github.com/microsoft/vcpkg/tree/master/ports/pcapplusplus
Conan
conan install "pcapplusplus/[>0]@" -u
The package in ConanCenter: https://conan.io/center/pcapplusplus
Build It Yourself
Clone the git repository:
git clone https://github.com/seladb/PcapPlusPlus.git
Follow the build instructions according to your platform in the Build From Source page in PcapPlusPlus web-site.
Getting Started
Writing applications with PcapPlusPlus is very easy and intuitive. Here is a simple application that shows how to read a packet from a PCAP file and parse it:
#include <iostream>
#include "IPv4Layer.h"
#include "Packet.h"
#include "PcapFileDevice.h"
int main(int argc, char* argv[])
{
// open a pcap file for reading
pcpp::PcapFileReaderDevice reader("1_packet.pcap");
if (!reader.open())
{
std::cerr << "Error opening the pcap file" << std::endl;
return 1;
}
// read the first (and only) packet from the file
pcpp::RawPacket rawPacket;
if (!reader.getNextPacket(rawPacket))
{
std::cerr << "Couldn't read the first packet in the file" << std::endl;
return 1;
}
// parse the raw packet into a parsed packet
pcpp::Packet parsedPacket(&rawPacket);
// verify the packet is IPv4
if (parsedPacket.isPacketOfType(pcpp::IPv4))
{
// extract source and dest IPs
pcpp::IPv4Address srcIP = parsedPacket.getLayerOfType<pcpp::IPv4Layer>()->getSrcIPv4Address();
pcpp::IPv4Address destIP = parsedPacket.getLayerOfType<pcpp::IPv4Layer>()->getDstIPv4Address();
// print source and dest IPs
std::cout << "Source IP is '" << srcIP << "'; Dest IP is '" << destIP << "'" << std::endl;
}
// close the file
reader.close();
return 0;
}
You can find much more information in the Getting Started page in PcapPlusPlus web-site. This page will walk you through few easy steps to have an app up and running.
Transport Layer (L4)
- COTP
- GTP (v1)
- IPSec AH & ESP - parsing only (no editing capabilities)
- TCP
- TPKT
- UDP
Session Layer (L5)
- SDP
- SIP
Presentation Layer (L6)
- SSL/TLS - parsing only (no editing capabilities)
Application Layer (L7)
- ASN.1 decoder and encoder
- BGP (v4)
- DHCP
- DHCPv6
- DNS
- FTP
- HTTP headers (request & response)
- LDAP
- NTP (v3, v4)
- Radius
- S7 Communication (S7comm)
- SMTP
- SOME/IP
- SSH - parsing only (no editing capabilities)
- Telnet - parsing only (no editing capabilities)
- Generic payload
Benchmarks
We used Matias Fontanini’s packet-capture-benchmarks project to compare the performance of PcapPlusPlus with other similar C++ libraries (such as libtins
and libcrafter
).
You can see the results in the Benchmarks page in PcapPlusPlus web-site.