libpcap
This is a handy little library which provides a packet filtering mechanism based on the BSD packet filter (BPF). Most notably, tcpdump needs this to work, and there is also a perl module (still in beta) which can use this as well. In plain english, if you want to write your own network traffic analyzer, this is the place to start.
| Tags | Software Development Libraries |
|---|---|
| Licenses | BSD Original |
| Operating Systems | POSIX |
| Implementation | C |
Recent releases
- 28 Oct 2008 17:56
Changes: Support was added for IPMB, LAPD, AX25, JUNIPER_ST, 802.15.4, variable length 802.11 headers, X2E data type, Linux tpacket frame headers, and the SITA ACN interface. Support was added for zerocopy BPF on platforms that support it. VLAN support on Linux was improved. Dynamic library support on Mac OS X was fixed. Assorted other enhancements and bugfixes were made.
- 28 Nov 2007 04:20
Changes: Assorted minor bugfixes and code cleanups were done.
- 09 Aug 2007 11:17
Changes: Basic BPF filtering, Bluetooth, USB capturing on Linux, FreeBSD BIOCSDIRECTION ioctl, additional filter operations for 802.11 frame types, and support for filtering on MTP2 frame types were all added, and numerous other minor enhancements and bugfixes were made.
- 20 Mar 2007 15:24
Changes: Support has been added for LAPD frames with vISDN, ERF on channelized T1/E1 cards via DAG API, DLT_JUNIPER_VP, DLT_IEEE802_11, and DLT_IEEE802_11_RADIO. Fixes for MPLS packet generation (link layer). DLT/LINKTYPE has been added for carrying FRF.16 Multi-link Frame Relay. A new DLT and LINKTYPE value have been added for ARINC 653 Interpartition Communcation Messages, A429, and for CAN v2.0B frames. DLT_CAN20B and LINKTYPE_CAN20B have been redefined. Support has been added for DLLs on Cygnus and MingW32. There are minor bugfixes.
- 31 Dec 2004 02:42
Changes: This release includes fixes for AIX, Win32, OpenBSD, FreeBSD, and 64-bit platforms. There were API , documentation, and gencode updates. There are also some new datalink types, and some ATM support changes.
- All comments
Recent commentspcap implementations?
I'm working on EtherDump (http://freshmeat.net/projects/etherdump) and i'm considering writing a teeny-weeny implementation of the pcap format for my tool. Are there any other small/embedded implementations or really simple examples of how to structure it? I saw the pcap draft doc in CVS so I could always go on that, but an already written example is just so much quicker to follow, and plus if somebody's already got something made I can use I could just use that.
libpcap active development
Michael Richardson at tcpdump.org (http://tcpdump.org/) has
recently been working on libpcap. And tcpdump, obviously.