Skip to content
Mike edited this page Jan 7, 2024 · 32 revisions

This wiki tracks known implementations of pcapng.

Applications

Application Language Read Write Default Comment
Wireshark C Yes Yes Yes (since 1.8) Also includes tshark, mergecap, reordercap, editcap, capinfos
NetworkMiner .NET Yes ? ? --
Tracewrangler Delphi Yes Yes Yes File size for reading files is limited to 2GB at the moment
CommView and CommView for WiFi ? Yes Yes No --
CloudShark -- Yes Yes Yes Exports as pcapng
pcapfix C Yes Yes Yes writes pcapng when input file is pcapng; otherwise pcapng can be forced with a parameter
Corelatus GTH C, Erlang No Yes Yes --
NetworkMiner Unknown Yes Unknown Unknown --
CapLoader MS .NET Yes Yes Unknown --
pcapng.com N/A Yes N/A Yes A web page to convert pcapng to pcap
thongs C No Yes Yes --
tcpdump C Yes No No Uses libpcap to read pcapng, so support depends on libpcap support; currently, the libpcap API doesn't include explicit pcapng support, so only pcapng files in which all interfaces have the same link-layer type and snapshot length can be read, and all information that doesn't fit in a pcap file is discarded
Apple's tcpdump C Yes Yes No Apple's variant of tcpdump, using their variant of libpcap, which includes APSL-licensed code, and provides (undocumented and unsupported) pcapng APIs, which tcpdump uses, so it's more capable than standard tcpdump with standard libpcap
tcpreplay C Yes No No Uses libpcap to read pcapng, so support depends on libpcap support
pktdump Perl Yes No --
scapy Python3 Yes No Yes --
OmniPeek Unknown Yes Yes Unknown --
hcxdumptool C Yes Yes Yes (since 4.2.0) penetration testing tool
hcxpcapngtool C Yes No Yes (since 6.0.0) conversion to formats hashcat and JtR understand

Libraries

Library Language License Read Write Comment
libpcap C BSD Yes (Partial) No (Work in Progress) Programs such as tcpdump using libpcap can thus read pcapng
Apple's libpcap C BSD/APSL Yes Yes Apple's variant of libpcap; their changes are under the APSL license
ntar C BSD Yes Yes --
python-pcapng Python Apache Yes Yes (since 96ff792) --
awalsh128 C# BSD Yes No --
kornholi Rust MIT Yes No --
richo Rust MIT Yes No --
akinaru Java MIT Yes No --
ryrychj C# MIT Yes Yes --
PcapPlusPlus C++ Unlicense Yes Yes --
LightPcapNg C MIT Yes Yes --
java-pcap Java Apache 2.0 Yes Yes Silicon Labs pcap and pcapng java library for their Network Analyzer.
PackageSwiftPcapng Swift MIT Yes No Swift library to parse PCAP and PCAPNG files
Clone this wiki locally