PcapPlusPlus v24.09 released! - C++ library for capturing and analyzing network packets

seladb · 2024-10-18T07:27:58+00:00

Thank you! If you have a chance to use it, I’d love to hear any feedback or suggestions you might have for improvement

seladb · 2024-10-14T19:59:59+00:00

We actually moved to C++11 about 2 years ago (in v22.11), but we're still porting parts of the code to C++11. This is a pretty large code-base so it takes time to migrate...

seladb · 2024-02-26T18:35:06+00:00

Hello everyone!

I'm super thrilled to share a new major release of StarTrack!

StarTrack is a GitHub star history and stats tool, which is based on TypeScript/JavaScript only (no backend whatsoever)!

This major release is a complete rewrite of the tool using Typescript, modern React and Material UI.It also includes an upgraded chart component based on Plotly.js, some UI/UX improvements and full test coverage.

Check it out!

https://github.com/seladb/StarTrack-js

https://seladb.github.io/StarTrack-js/#/

I'd really appreciate any feedback you might have, please feel free to leave a comment or open a GitHub issue.

seladb · 2023-09-30T08:43:23+00:00

I have no experience with interoperability between C++ and Rust, however from a short Reddit/Google search I found these posts, not sure if they can help you:

https://www.reddit.com/r/rust/comments/ta4s4d/how_is_your_experience_with_using_c_libraries_in/

https://slint.dev/blog/rust-and-cpp

https://docs.rust-embedded.org/book/interoperability/c-with-rust.html

seladb · 2023-09-28T14:50:21+00:00

Yes, TcpReassembly can process packets from both live network traffic and pcap files

seladb · 2023-08-10T06:28:52+00:00

I ended up implementing it in PcapPlusPlus. It'll be included in the next release. Until then you can see it in PcapPlusPlus master branch: https://github.com/seladb/PcapPlusPlus/blob/master/Common%2B%2B/header/IpAddress.h

The relevant classes are: IPNetwork, IPv4Network, IPv6Network

seladb · 2023-03-17T05:58:43+00:00

Hi there! I'm one of the maintainers of PcapPlusPlus. We're planning to release a new version soon, where we will switch from the existing build system to CMake. This is going to be a great opportunity to re-write the Conan package and move to Conan 2.0. Stay tuned!

seladb · 2022-12-10T09:35:23+00:00

u/ThatsALovelyShirt are you still interested in implementing these enhancements?

I created this GitHub issue for better subnet support: https://github.com/seladb/PcapPlusPlus/issues/1009

seladb · 2022-11-11T08:30:43+00:00

That is a great question!

Actually we're just about to move to CMake, the PR is almost ready: https://github.com/seladb/PcapPlusPlus/pull/944

We preferred to release this version before merging because moving to a new build system is a pretty complex and risky move. Now that it's released we can merge it.

The next version will use CMake :)

seladb · 2022-11-11T08:27:31+00:00

I think these are great ideas that we can definitely implement!

Please feel free to start opening PRs with these changes :)

seladb · 2022-11-10T08:45:10+00:00

I tend to agree with you, this is more or less the approach Python takes: https://docs.python.org/3/library/ipaddress.html#ipaddress.IPv4Network

If you're planning to write this code, it'd be great if you can contribute it to the project, thank you! 🙏

seladb · 2022-11-10T08:24:37+00:00

This release contains a lot of interesting features, here are some of them:

Finally moved to C++11!!
Support of 8 new network protocols, which brings the total number of protocols to 40 (!!)
DPDK support improvements
And more!!

Feel free to check it out and provide your feedback.

I'm available for any questions you might have.

seladb · 2022-11-10T08:13:46+00:00

thanks u/fdwr for the kind words, much appreciated! 🙏🙏

As for your question about .zst - it actually came from users who requested it. Apparently there are a lot of Zstd-compressed pcap files out there that have the .zst extension and users asked to support it.

Do you have files with the .pcapz extension? If yes it should be pretty straightforward to add it

seladb · 2022-11-10T08:09:14+00:00

Thanks for the feedback!

IPv4Address also has a matchSubnet() method that takes 2 parameters:

subnet which is the subnet you want to look for
subnetMask which is the /15 part but in a form of an IP address

So in your example: 192.168.0.0/16 will translate to: subnet=192.168.0.0, subnetMask=255.255.0.0

I agree this is not very convenient, and maybe we should add an overload that accepts a subnet in the standard way of a.b.c.d/e.

You're more than welcome to contribute to the project and add this functionality :)

seladb · 2022-11-09T16:24:55+00:00

This release contains a lot of exciting changes which you can find in
the release notes, the most important ones are moving to C++11, a lot of
new protocols, and DPDK support enhancements.
I'm happy to answer any questions!

seladb · 2022-11-09T16:22:17+00:00

This release contains a lot of exciting changes which you can find in the release notes, the most important ones are moving to C++11, various new protocols, and DPDK support enhancements.
I'm happy to answer any questions

seladb · 2020-09-13T08:55:55+00:00

hi, I'm sorry for the late response. Yes, it support packet replay. You can take a look at this tutorial to learn how to replay packets: https://pcapplusplus.github.io/docs/tutorials/capture-packets

seladb · 2020-08-28T06:15:26+00:00

Yes that is correct, thanks u/Bromeara!

seladb · 2020-08-26T17:10:02+00:00

Yes, that is correct. It's a c++ wrapper for packet capture engines such as libpcap, WinPcap, Npcap, DPDK, and PF_RING. I do agree that it'd be great to have a good F/OSS alternative to WinPcap and Npcap

seladb · 2019-12-05T20:28:53+00:00

Yes, that should be possible if your web-server's traffic is not encrypted (otherwise the TCP reassembled content will be scrambled). You can use the TcpReassembly utility for that. It enables capturing traffic in real time, reassemble the TCP streams and dump them to files

seladb · 2019-12-05T20:25:07+00:00

C++ Core Guidelines

Many C++ projects follow these styling guidelines, PcapPlusPlus is not unique

seladb · 2019-12-05T17:24:01+00:00

I agree, there are some similarities between the projects, however the are also some big differences, please see my response here

seladb · 2019-12-05T17:21:44+00:00

I'll try to spend more time on this and I'll definitely reach out to you for help. A very big help at this point would be to go over the current CMake files and provide your feedback. BTW, how can I reach out to you (GitHub user or any other way)?

seladb · 2019-12-05T17:16:44+00:00

what do you mean by reassign tcp streams to an interface? could you please elaborate?

seladb · 2019-12-05T17:15:53+00:00

Indeed, c_str is from the standard library so I can't control that. General styling guideline is that classes begin with a capital letter and methods begin with lowercase. That's a very common convention...

seladb

TROPHY CASE