-
Notifications
You must be signed in to change notification settings - Fork 62
Implementations
Guy Harris edited this page Mar 21, 2020
·
32 revisions
This wiki tracks known implementations of pcapng.
Application | Language | Read | Write | Default | Comment |
---|---|---|---|---|---|
Wireshark | C | Yes | Yes | Yes (since 1.8) | Also includes tshark, mergecap, reordercap, editcap, capinfos |
NetworkMiner | .NET | Yes | ? | ? | -- |
Tracewrangler | Delphi | Yes | Yes | Yes | File size for reading files is limited to 2GB at the moment |
CommView and CommView for WiFi | ? | Yes | Yes | No | -- |
CloudShark | -- | Yes | Yes | Yes | Exports as pcapng |
pcapfix | C | Yes | Yes | Yes | writes pcapng when input file is pcapng; otherwise pcapng can be forced with a parameter |
Corelatus GTH | C, Erlang | No | Yes | Yes | -- |
NetworkMiner | Unknown | Yes | Unknown | Unknown | -- |
CapLoader | MS .NET | Yes | Yes | Unknown | -- |
pcapng.com | N/A | Yes | N/A | Yes | A web page to convert pcapng to pcap |
thongs | C | No | Yes | Yes | -- |
tcpdump | C | Yes | No | No | Uses libpcap to read pcapng, so support depends on libpcap support; currently, the libpcap API doesn't include explicit pcapng support, so only pcapng files in which all interfaces have the same link-layer type and snapshot length can be read, and all information that doesn't fit in a pcap file is discarded |
Apple's tcpdump | C | Yes | Yes | No | Apple's variant of tcpdump, using their variant of libpcap, which includes APSL-licensed code, and provides (undocumented and unsupported) pcapng APIs, which tcpdump uses, so it's more capable than standard tcpdump with standard libpcap |
tcpreplay | C | Yes | No | No | Uses libpcap to read pcapng, so support depends on libpcap support |
pktdump | Perl | Yes | No | -- | |
scapy | Python3 | Yes | No | Yes | This is a fork of scapy, and only this fork handles pcapng |
OmniPeek | Unknown | Yes | Yes | Unknown | -- |
Library | Language | License | Read | Write | Comment |
---|---|---|---|---|---|
libpcap | C | BSD | Yes | No (Work in Progress) | Programs such as tcpdump using libpcap can thus read pcapng |
Apple's libpcap | C | BSD/APSL | Yes | Yes | Apple's variant of libpcap; their changes are under the APSL license |
ntar | C | BSD | Yes | Yes | -- |
rshk | Python | Apache | Yes | No | -- |
awalsh128 | C# | BSD | Yes | No | -- |
kornholi | Rust | MIT | Yes | No | -- |
richo | Rust | MIT | Yes | No | -- |
akinaru | Java | MIT | Yes | No | -- |
ryrychj | C# | MIT | Yes | Yes | -- |
PcapPlusPlus | C++ | Unlicense | Yes | Yes | -- |
LightPcapNg | C | MIT | Yes | Yes | -- |
java-pcap | Java | Apache 2.0 | Yes | Yes | Silicon Labs pcap and pcapng java library for their Network Analyzer. |
PackageSwiftPcapng | Swift | MIT | Yes | No | Swift library to parse PCAP and PCAPNG files |