Talk:Pcap

Latest comment: 2 months ago by Guy Harris in topic Complexity

File format(s)?

edit

This page is missing an overview of the actual file format. Listing programs that use it is useful, but a description of the format is also essential for a complete article. Also, I came here looking for info on incompatibilities between tools using pcap format (having just run into one). — Preceding unsigned comment added by StuartGathman (talkcontribs) 17:41, 10 December 2012 (UTC)Reply

The library can, as of libpcap 1.1.0 (unfortunately, there's no WinPcap-release based on that or a later release), read two formats - pcap and pcap-ng, although it currently writes only pcap format (except on OS X Mountain Lion, which has extensions to write pcap-ng). The page could link to pages describing those formats, which would probably suffice.
As for incompatibilities, are you referring to incompatibilities in the processing of the low-level file format or incompatibilities in the processing of packet data, and, if it's the former (the latter are would be of scope for this page), what sort of incompatibilities have you seen, and have you reported them to the developers? Guy Harris (talk) 19:34, 10 December 2012 (UTC)Reply
And now the page cites the Internet Draft for the pcap file format as a reference, so people who want the details of the format can find it there. Guy Harris (talk) 19:27, 4 March 2024 (UTC)Reply

Merges

edit

Should this page absorb the libpcap and WinPcap pages, with libpcap and WinPcap redirecting to pcap? Guy Harris 21:36, 5 November 2005 (UTC)Reply

Done a while ago. Guy Harris (talk) 18:08, 12 May 2009 (UTC)Reply

Pcap name

edit

And what does PCAP mean? Packet Capturing Application Protocol????... anything ?

Packet CAPture. It's not all caps, so they're not initials. Guy Harris 15:51, 3 October 2006 (UTC)Reply

PCAP is not the name of the API

edit

Re "While the name is an abbreviation of packet capture, that is not the API's proper name. " — Preceding unsigned comment added by 24.141.52.159 (talk) 15:04, 31 March 2020 (UTC)Reply

Then give the name.

As far as I know, libpcap is the library for pcap and that is the API (application program interface) whereby programs call the functions of pcap. Basically, I think the statement is wrong but I don't see why the API was mentioned. PCAP is a program. libpcap is a library (API) called by the application program.

15:03, 31 March 2020 (UTC) — Preceding unsigned comment added by 24.141.52.159 (talk)

"libpcap is the library for pcap" What is the "pcap" for which libpcap is the library?
For better or worse, the WinPcap developers decided to call it "WinPcap" rather than just "libpcap for Windows", and the library files aren't libpcap.dll and libpcap.lib, they're wpcap.dll and wpcap.lib.
Npcap continues that tradition.
So not all of the libraries that implement the API are called "libpcap", even though the other two (WinPcap and Npcap) include libpcap code.
"PCAP is a program." Where can I find this program called "PCAP"? Or do you mean "pcap is a program.", in which case where can I find this program called "pcap"? Three programs that come to mind that use the libpcap/WinPcap/Npcap libraries are:
  • tcpdump, which isn't called anything with "pcap" in it;
  • dumpcap (part of Wireshark), the name of which has "pcap" as a substring by accident - it's "dump" followed by "cap", not "dum" followed by "pcap" (I can speak authoritatively here as a Wireshark core developer);
  • snort, which isn't called anything with "pcap" in it. Guy Harris (talk) 18:01, 31 March 2020 (UTC)Reply

Licenses?

edit

The "Free Software Portal" link is present in this page. But, there's no information about the licenses of any of the softwares described, and, the "Free Software" category isn't present. What's the story? 198.49.180.40 (talk) 17:49, 20 August 2009 (UTC)Reply

See the infoboxes I added to the article. (Short answer: BSD license.) Guy Harris (talk) 19:32, 31 October 2009 (UTC)Reply
There are no references for the BSDL. The code itself and the project page tell nothing about terms of use, licenses for use of the Pro version are sold. Where is that information from? --Trac3R (talk) 10:40, 21 June 2011 (UTC)Reply
The source code. See the copyright notices. Guy Harris (talk) 18:38, 21 June 2011 (UTC)Reply
And the "project page" is the project page for the now-dead WinPcap, not for either libpcap or Npcap. libpcap has no "pro version", it's just a BSD-licensed free software project, as noted. WinPcap is also BSD-licensed, but the installer isn't; the Pro version, as I remember, had a silent installer, so if you wanted to build a commercial application atop WinPcap, and wanted an unobtrusive installer, you'd have to pay the WinPcap folk to help them handle the support calls you were likely to throw in their direction. Npcap's non-libpcap components (driver, wrapper library round the driver, etc.) aren't licensed as free software, and they also require payment, for much the same reason as WinPcap. Guy Harris (talk) 21:21, 12 September 2024 (UTC)Reply
edit

In programs that use pcap section, the cookie link links to the food. I can't seem to find the page for the application. —Preceding unsigned comment added by 61.94.132.204 (talk) 09:31, 31 December 2010 (UTC)Reply

That's because there isn't one. I got rid of the link. Guy Harris (talk) 13:21, 31 December 2010 (UTC)Reply

Complexity

edit

Why is it that I can never understand Wikipedia articles on (a) computing and (b) statistics? These articles are written in the most technical and obtuse language, clearly intended for someone in the field. I leave this article on pcap having even less of an idea about what it is than I had before I got here.... Sigh. 70.29.73.38 (talk) 04:41, 21 January 2012 (UTC)Reply

Because, for many subjects, there are details you have to understand before you even know what people are talking about. You're probably not going to get very far with the string theory article without at least some background in physics. It has links to articles about various concepts it mentions, but the same applies to those articles, e.g. AdS/CFT correspondence.
Explaining concepts in a technical field to people outside the field is hard. There's a reason why science journalism exists as a profession (and why some are, well, better at that profession than others).
The main thing that seems to be missing from the article is an explanation of one of the primary purposes of libpcap/WinPcap/Npcap - allowing the same API to be used on several operating systems with different mechanisms for capturing network traffic (or, in the case of Windows, providing such a mechanism). Other concepts, such as what an API is and what "capturing network traffic" is, are explained in the articles to which this article links, although those could perhaps use improvement as well. Guy Harris (talk) 21:35, 12 September 2024 (UTC)Reply

PCAP is also a short term for Projected Capacitive

edit

As Projected Capacitive becomes more and more applied in nowadays life (e.g. mobile phones, tablets, information directories, HMI), maybe we can make a difference here between Projected Capacitive in the Field of electronics and Package Capture in the field of computer networking. — Preceding unsigned comment added by 83.136.193.197 (talk) 07:50, 19 July 2012 (UTC)Reply

I've added an {{about}} item at the top to send people to projected capacitance if that's what they're interested in (and fixed the redirection for projected capacitance to go to the section of the touchscreen page about projected capacitance, rather than just to the page). Guy Harris (talk) 16:39, 19 July 2012 (UTC)Reply

"Written like an advertisement"?

edit

What part is "written like an advertisement"? The only part where I could possibly see that is the Npcap section. Guy Harris (talk) 00:51, 21 October 2017 (UTC)Reply

I fail to see that either. I took the liberty to remove that tag, as well as the more citations tag, which dates back to when the article had no inline refs at all. MichielN (talk) 19:02, 12 September 2024 (UTC)Reply

PCAP = Prevention Of Cruelty To Animals And Plants

edit

PCAP = Prevention Of Cruelty To Animals And Plants — Preceding unsigned comment added by Ananadamarga (talkcontribs) 17:22, 5 April 2018 (UTC)Reply

And projected capacitance and Parent-Child Assistance Program and, formerly, the Prestressed Concrete Association of Pennsylvania.
As well as, of course, the Packet CAPture library and file format. Guy Harris (talk) 17:33, 5 April 2018 (UTC)Reply

Proposal: Rename/refocus to "libpcap," remove idea of "pcap API"

edit

Having done some research into its origins, I have found no evidence of any entity, API or program, called pcap that predates or stands apart from libpcap, which is the library created at LBNL for extending the BPF packet capture part of tcpdump to other programs. Therefore, I propose a rewrite of this page, which I can undertake myself, to refocus it on libpcap and its forks, ports, and extensions. The primary changes would be:

  • Rename page to libpcap
  • Include a section on the pcap file format, possibly including info on the pcap-ng file format.
  • Expand the History section to include links to Berkeley Packet Filter.
  • Create a section discussing the various backends which libpcap has been extended to support for different operating systems, such as DLPI, STREAMS, DAG, PF_PACKET, etc.
  • Demote the pcap libraries for Windows section to a sub-section of the new backends section, stripping most of the jargon and sales-y statements.

Bonsaiwiking (talk) 21:02, 16 September 2021 (UTC)Reply

That'd work (even if the project of which I'm guessing you're the core developer isn't called "libpcap" :-)).
The backends fall into two categories - local network adapter capture, which would include the BPF capture mechanism (an unfortunate name, as it requires distinguishing between the (c)BPF capture filter language and filters that implement it and the BPF packet capture mechanism) as well as DLPI, STREAMS NIT, NPF, and PF_PACKET sockets, and others, such as DAG, Linux USB of various sorts, NFLOG, etc.
Which of the additional sections - programs that use it, wrappers, other stuff that reads pcap or pcapng files - would remain? Guy Harris (talk) 01:14, 8 October 2023 (UTC)Reply