This article is about the packet sniffing API. For the projected capacitance technology for touchscreens, see projected capacitance.
In the field of computer network administration, pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap knownas WinPcap.
Monitoring software may use libpcap and/or WinPcap to capture packets travelling over a network and, in newer versions, to transmit packets on a network at the link layer, as well as to get a list of network interfaces for possible use with libpcap or WinPcap.
The pcap API is written in C, so other languages such as Java, .NET languages, and scripting languages generally use awrapper; no such wrappers are provided by libpcap or WinPcap itself. C++ programs may link directly to the C API or use an object-oriented wrapper.
| [hide] |
|1 Features |
|3 WinPcap |
|4 Programs that use libpcap/WinPcap |
|5 References |
|6 External links |
libpcap and WinPcap provide thepacket-capture and filtering engines of many open source and commercial network tools, including protocol analyzers (packet sniffers), network monitors, network intrusion detection systems, traffic-generators and network-testers.
libpcap and WinPcap also support saving captured packets to a file, and reading files containing saved packets; applications can be written, using libpcap or WinPcap, to be able tocapture network traffic and analyze it, or to read a saved capture and analyze it, using the same analysis code. A capture file saved in the format that libpcap and WinPcap use can be read by applications that understand that format, such as tcpdump, Wireshark, CA NetMaster, or Microsoft Network Monitor 3.x.
The MIME type for the file format created and read by libpcap and WinPcap isapplication/vnd.tcpdump.pcap. The typical file extension is .pcap, although .cap and .dmp are also in common use.
libpcap was originally developed by the tcpdump developers in the Network Research Group at Lawrence Berkeley Laboratory. The low-level packet capture, capture file reading, and capture file writing code of tcpdump was extracted and made into a library, with which tcpdump waslinked. It is now developed by the same tcpdump.org group that develops tcpdump.
WinPcap consists of:
• x86 and x86-64 drivers for the Windows NT family (Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, etc.), which use NDIS to read packets directly from a network adapter;
• implementations of a lower-level library for the listedoperating systems, to communicate with those drivers;
• a port of libpcap that uses the API offered by the low-level library implementations.
Programmers at the Politecnico di Torino wrote the original code; as of 2008 CACE Technologies, a company set up by some of the WinPcap developers, develops and maintains the product. CACE Technologies was acquired by Riverbed Technology on October 21,2010
NetWitness is a Reston, Virginia-based network security company that provides real-time network forensics and automated threat analysis solutions. It markets its flagship product NetWitness NextGen.
| [hide] |
|1 History |
|2 See also |
Ler documento completo
Por favor, assinar para o acesso.