In the field of computer network administration , pcap is an application programming interface (API) for capturing network traffic . While the name is an abbreviation of packet capture , that is not the API's proper name. Unix-like systems implement pcap in the libpcap library; for Windows , there is a port of libpcap named WinPcap that is no longer supported or developed, and a port named Npcap for Windows 7 and later that is still supported.
44-414: Monitoring software may use libpcap, WinPcap, or Npcap to capture network packets traveling over a computer network and, in newer versions, to transmit packets on a network at the link layer , and to get a list of network interfaces for possible use with libpcap, WinPcap, or Npcap. The pcap API is written in C , so other languages such as Java , .NET languages, and scripting languages generally use
88-501: A TCP segment is carried in one or more IP packets , which are each carried in one or more Ethernet frames . The basis of the packet concept is the postal letter: the header is like the envelope, the payload is the entire content inside the envelope, and the footer would be your signature at the bottom. Network design can achieve two major results by using packets: error detection and multiple host addressing . Communications protocols use various conventions for distinguishing
132-517: A byte level. A packet may contain any of the following components: IP packets are composed of a header and payload. The header consists of fixed and optional fields. The payload appears immediately after the header. An IP packet has no trailer. However, an IP packet is often carried as the payload inside an Ethernet frame, which has its own header and trailer. Per the end-to-end principle , IP networks do not provide guarantees of delivery, non-duplication, or in-order delivery of packets. However, it
176-553: A subcarrier alongside the sound carrier. This means that the FM or AM regular mono sound carrier is left alone for reception by monaural receivers. The NICAM packet (except for the header) is scrambled with a nine-bit pseudo-random bit-generator before transmission. Making the NICAM bitstream look more like white noise is important because this reduces signal patterning on adjacent TV channels. Porting In software engineering , porting
220-486: A wrapper ; no such wrappers are provided by libpcap or WinPcap itself. C++ programs may link directly to the C API or make use of an object-oriented wrapper. libpcap, WinPcap, and Npcap provide the packet-capture and filtering engines of many open-source and commercial network tools, including protocol analyzers ( packet sniffers ), network monitors , network intrusion detection systems , traffic-generators and network-testers. Most current Unix-like systems provide
264-456: A PC without the need for actual porting (instead relying on the common porting of individual component libraries ). Porting arcade games to home systems with inferior hardware was difficult. The ported version of Pac-Man for the Atari 2600 omitted many of the visual features of the original game to compensate for the lack of ROM space and the hardware struggled when multiple ghosts appeared on
308-405: A cheaper solution). The number of significantly different CPUs and operating systems used on the desktop today is much smaller than in the past. The dominance of the x86 architecture means that most desktop software is never ported to a different CPU. In that same market, the choice of operating systems has effectively been reduced to three: Microsoft Windows , macOS , and Linux . However, in
352-399: A home console with the same specifications. This allowed arcade perfect games to be played at home. A "console port" is a game that was originally made for a console before an identical version is created which can be played on a personal computer . This term has been widely used by the gaming community. The process of porting a game from a console to a PC is often regarded negatively due to
396-447: A machine independent intermediate code in order to enhance portability of the compiler and minimize design efforts. The intermediate language defines a virtual machine that can execute all programs written in the intermediate language (a machine is defined by its language and vice versa). The intermediate code instructions are translated into equivalent machine code sequences by a code generator to create executable code . It
440-403: A mechanism by which a program can capture network traffic to and from the machine running the program and, in some cases, other traffic to which that machine is attached. However, these mechanisms are significantly different from one another; the libpcap library provides a common API to access these mechanisms, allowing programs to be written to capture network traffic without having to worry about
484-439: A policy was not always feasible; Bunten stated that "M.U.L.E. can't be done for an Apple", and that the non-Atari versions of The Seven Cities of Gold were inferior. Compute!'s Gazette wrote in 1986 that when porting from Atari to Commodore the original was usually superior. The latter's games' quality improved when developers began creating new software for it in late 1983, the magazine stated. In porting arcade games ,
SECTION 10
#1733085939954528-465: A spacecraft instrument is transmitted using one or more packets. Packetized elementary stream (PES) is a specification associated with the MPEG-2 standard that allows an elementary stream to be divided into packets. The elementary stream is packetized by encapsulating sequential data bytes from the elementary stream between PES packet headers. A typical method of transmitting elementary stream data from
572-453: A video or audio encoder is to first create PES packets from the elementary stream data and then to encapsulate these PES packets inside an MPEG transport stream (TS) packets or an MPEG program stream (PS). The TS packets can then be transmitted using broadcasting techniques, such as those used in an ATSC and DVB . In order to provide mono compatibility , the NICAM signal is transmitted on
616-447: Is portable when the cost of porting it to a new platform is significantly less than the cost of writing it from scratch. The lower the cost of porting software relative to its implementation cost, the more portable it is said to be. The term "port" is derived from the Latin portāre , meaning "to carry". When code is not compatible with a particular operating system or architecture ,
660-493: Is also based on the NDIS 6 driver model and works stably with Windows 10 . The project, however, has been inactive since 2016. Network packet In telecommunications and computer networking , a network packet is a formatted unit of data carried by a packet-switched network . A packet consists of control information and user data; the latter is also known as the payload . Control information provides data for delivering
704-443: Is also possible to skip the generation of machine code by actually implementing an interpreter or JIT for the virtual machine. The use of intermediate code enhances portability of the compiler, because only the machine dependent code (the interpreter or the code generator) of the compiler itself needs to be ported to the target machine. The remainder of the compiler can be imported as intermediate code and then further processed by
748-406: Is common practice to layer a reliable transport protocol such as Transmission Control Protocol on top of the packet service to provide such protection. The Consultative Committee for Space Data Systems ( CCSDS ) packet telemetry standard defines the protocol used for the transmission of spacecraft instrument data over the deep-space channel. Under this standard, an image or other data sent from
792-606: Is described by Internet-Draft draft-ietf-opsawg-pcap; the current editors' version of the draft is also available. The MIME type for the file format created and read by libpcap, WinPcap, and Npcap is application/vnd.tcpdump.pcap. The typical file extension is .pcap, although .cap and .dmp are also in common use. libpcap was originally developed by the tcpdump developers in the Network Research Group at Lawrence Berkeley Laboratory . The low-level packet capture, capture file reading, and capture file writing code of tcpdump
836-403: Is less complex and therefore easier to port than a code generator, because it is not able to do code optimizations due to its limited view of the program code (it only sees one instruction at a time, and users need a sequence to do optimization). Some interpreters are extremely easy to port, because they only make minimal assumptions about the instruction set of the underlying hardware. As a result,
880-410: Is the process of adapting software for the purpose of achieving some form of execution in a computing environment that is different from the one that a given program (meant for such execution) was originally designed for (e.g., different CPU , operating system, or third party library ). The term is also used when software/hardware is changed to make them usable in different environments. Software
924-405: Is typically transmitted as a continuous bit stream . In the seven-layer OSI model of computer networking , packet strictly refers to a protocol data unit at layer 3, the network layer . A data unit at layer 2, the data link layer , is a frame . In layer 4, the transport layer , the data units are segments and datagrams . Thus, in the example of TCP/IP communication over Ethernet ,
SECTION 20
#1733085939954968-511: The Atari VCS became the console's killer app despite its differences, while the later Pac-Man port was notorious for its deviations from the arcade version. Arcade-accurate games became more prevalent starting in the 1990s as home consoles caught up to the power of arcade systems. Notably, the Neo Geo system from SNK , which was introduced as a multi-game arcade system, would also be offered as
1012-745: The GNU Compiler Collection , which provides consistent programming languages on different platforms, and Autotools , which automates the detection of minor variations in the environment and adapts the software accordingly before compilation. The compilers for some high-level programming languages (e.g. Eiffel , Esterel ) gain portability by outputting source code in another high level intermediate language (such as C ) for which compilers for many platforms are generally available. Two activities related to (but distinct from) porting are emulating and cross-compiling . Instead of translating directly into machine code , modern compilers translate to
1056-801: The Politecnico di Torino wrote the original code. As of 2008, CACE Technologies, a company set up by some of the WinPcap developers, developed and maintained the product. CACE was acquired by Riverbed Technology on October 21, 2010. Because WinPcap uses the older NDIS 5.x APIs, it does not work on some builds of Windows 10, which have deprecated or removed those APIs in favor of the newer NDIS 6.x APIs. It also forces some limitations such as being unable to capture 802.1Q VLAN tags in Ethernet headers. The WinPcap project has ceased development and WinPcap and WinDump are no longer maintained. The last official WinPcap release
1100-496: The embedded systems and mobile markets, portability remains a significant issue, with the ARM being a widely used alternative. International standards, such as those promulgated by the ISO , greatly facilitate porting by specifying details of the computing environment in a way that helps reduce differences between different standards-conforming platforms . Writing software that stays within
1144-502: The Apple rewrites?" the audience shouted "No!" Garriott responded, "[otherwise] the Apple version will never get done. From a publisher's point of view that's not money wise". Others worked differently. Ozark Softscape , for example, wrote M.U.L.E. for the Atari first because it preferred to develop for the most advanced computers, removing or altering features as necessary during porting. Such
1188-535: The Internet before execution can start on the target's Java virtual machine (JVM). Porting is also the term used when a video game designed to run on one platform, be it an arcade , video game console , or personal computer , is converted to run on a different platform, perhaps with some minor differences. From the beginning of video games through to the 1990s, "ports", at the time often known as "conversions", were often not true ports, but rather reworked versions of
1232-602: The bounds specified by these standards represents a practical although nontrivial effort. Porting such a program between two standards-compliant platforms (such as POSIX.1 ) can be just a matter of loading the source code and recompiling it on the new platform, but practitioners often find that various minor corrections are required, due to subtle platform differences. Most standards suffer from "gray areas" where differences in interpretation of standards lead to small variations from platform to platform. There also exists an ever-increasing number of tools to facilitate porting, such as
1276-405: The code must be "carried" to the new system. The term is not generally applied to the process of adapting software to run with less memory on the same CPU and operating system. Software developers often claim that the software they write is portable , meaning that little effort is needed to adapt it to a new environment. The amount of effort actually needed depends on several factors, including
1320-579: The details of all those mechanisms. libpcap, WinPcap, and Npcap also support saving captured packets to a file, and reading files containing saved packets; applications can be written, using libpcap, WinPcap, or Npcap, to be able to capture network traffic and analyze it, or to read a saved capture and analyze it, using the same analysis code. A capture file saved in the format that libpcap, WinPcap, and Npcap use can be read by applications that understand that format, such as tcpdump , Wireshark , CA NetMaster, or Microsoft Network Monitor 3.x. The file format
1364-464: The elements of a packet and for formatting the user data. For example, in Point-to-Point Protocol , the packet is formatted in 8-bit bytes, and special characters are used to delimit elements. Other protocols, like Ethernet, establish the start of the header and data elements by their location relative to the start of the packet. Some protocols format the information at a bit level instead of
pcap - Misplaced Pages Continue
1408-411: The extent to which the original environment (the source platform ) differs from the new environment (the target platform ), the experience of the original authors in knowing which programming language constructs and third party library calls are unlikely to be portable, and the amount of effort invested by the original authors in only using portable constructs (platform specific constructs often provide
1452-452: The games due to the limitations of different systems. For example, the 1982 game The Hobbit , a text adventure augmented with graphic images, has significantly different graphic styles across the range of personal computers that its ports were developed for. However, many 21st century video games are developed using software (often in C++ ) that can output code for one or more consoles as well as for
1496-406: The higher levels of performance that computers generally have being underutilized, partially due to console hardware being fixed throughout their run (with games being developed for console specs), while PCs become more powerful as hardware evolves, but also due to ported games sometimes being poorly optimized for PCs, or lazily ported. While broadly similar, architectural differences may exist such as
1540-519: The latest available, allowing software authors to use the newer API features that Linux software had already supported. Most software that used WinPcap can be easily ported to use Npcap with minimal changes. Npcap introduced several innovations that were not available in WinPcap: Unlike Nmap , Npcap is proprietary software and requires a special license for use and redistribution except for some limited internal uses. Win10Pcap implementation
1584-408: The latter machines' sprites and other sophisticated features made porting from them to Apple "far more difficult, perhaps even impossible". Reviews complained of ports that suffered from "Apple conversionitis", retaining the Apple's "lousy sound and black-white-green-purple graphics"; after Garriott's statement, when Dan Bunten asked "Atari and Commodore people in the audience, are you happy with
1628-424: The payload (e.g., source and destination network addresses , error detection codes, or sequencing information). Typically, control information is found in packet headers and trailers . In packet switching , the bandwidth of the transmission medium is shared between multiple communication sessions, in contrast to circuit switching , in which circuits are preallocated for the duration of one session and data
1672-404: The ported code generator or interpreter, thus producing the compiler software or directly executing the intermediate code on the interpreter. The machine independent part can be developed and tested on another machine (the host machine ). This greatly reduces design efforts, because the machine independent part needs to be developed only once to create portable intermediate code. An interpreter
1716-563: The screen creating a flickering effect. The poor performance of the Atari 2600 Pac-Man is cited by some scholars as a cause of the video game crash of 1983 . Many early ports suffered significant gameplay quality issues because computers greatly differed. Richard Garriott stated in 1984 at Origins Game Fair that Origin Systems developed video games for the Apple II first then ported them to Commodore 64 and Atari 8-bit computers , because
1760-573: The target. According to the designers of the BCPL language, interpreted code (in the BCPL case) is more compact than machine code, typically by a factor of two to one. Interpreted code however runs about ten times slower than compiled code on the same machine. The designers of the Java programming language try to take advantage of the compactness of interpreted code, because a Java program may need to be transmitted over
1804-405: The terms "arcade perfect" or "arcade accurate" were often used to describe how closely the gameplay, graphics, and other assets on the ported version matched the arcade version. Many arcade ports in the early 1980s were far from arcade perfect as home consoles and computers lacked the sophisticated hardware in arcade games, but games could still approximate the gameplay. Notably, Space Invaders on
pcap - Misplaced Pages Continue
1848-402: The virtual machine is even simpler than the target CPU. Writing the compiler sources entirely in the programming language the compiler is supposed to translate, makes the following approach, better known as compiler bootstrapping , feasible on the target machine: The difficult part of coding the optimization routines is done using the high-level language instead of the assembly language of
1892-580: Was 4.1.3 released March 8, 2013. Npcap is the Nmap Project's packet sniffing library for Windows. It is based on WinPcap, but written to make use of Windows networking improvements in NDIS version 6. Its authors rewrote the WinPcap NDIS 5 Protocol Driver as a Light-Weight Filter (LWF) driver, a change that reduces processing overhead. Npcap maintenance releases updated the version of the included libpcap library to
1936-461: Was extracted and made into a library, with which tcpdump was linked. It is now developed by the same tcpdump.org group that develops tcpdump. While libpcap was originally developed for Unix-like operating systems, a successful port for Windows was made, called WinPcap. It has been unmaintained since 2013, and several competing forks have been released with new features and support for newer versions of Windows. WinPcap consists of: Programmers at
#953046