PCAP(packet capture)
In the field of computer network administration, pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as WinPcap. Monitoring software may use libpcap and/or WinPcap to capture packets travelling over a network and, in newer versions, to transmit packets on a network at the link layer, as well as to get a list of network interfaces for possible use with libpcap or WinPcap. The pcap API is written in C, so other languages such as Java, .NET languages, and scripting languages generally use a wrapper; no such wrappers are provided by libpcap or WinPcap itself. C++ programs may link directly to the C API or use an object-oriented wrapper.
- PCAP 是一组抓取网络流量的接口组合
- 在类unix的系统上PCAP接口的实现是libpcap,在windows系统上是WinPcap
- PCAP API都是用C写的.所以其他语言如java,net.或者脚本语言,如果要使用的话,都是对这些类库的调用
libpcap最初由美国劳伦斯伯克力国家实验室网络研究小组的tcpdump开发人员开发。它是tcpdump的低级数据包捕获,捕获文件读取和捕获文件分析的类库,tcpdump基于libpcap实现。
主要作用:
捕获各种数据包,例如:网络流量统计 过滤网络数据包,例如:过滤掉本地上的一些数据,类似防火墙 分析网络数据包,例如:分析网络协议,数据的采集 存储网络数据包,例如:保存捕获的数据以为将来进行分析
libpcap的抓包框架
利用libpcap函数库开发应用程序的步骤
打开网络设备 设置过滤规则 捕获数据 关闭网络设备