-
Notifications
You must be signed in to change notification settings - Fork 65
Implementations
fxlb edited this page Jan 13, 2025
·
33 revisions
This wiki tracks known implementations of pcapng.
| Application | Language | Read | Write | Default | Comment |
|---|---|---|---|---|---|
| Wireshark | C | Yes | Yes | Yes (since 1.8) | Also includes tshark, mergecap, reordercap, editcap, capinfos |
| NetworkMiner | .NET | Yes | ? | ? | -- |
| Tracewrangler | Delphi | Yes | Yes | Yes | File size for reading files is limited to 2GB at the moment |
| CommView and CommView for WiFi | ? | Yes | Yes | No | -- |
| CloudShark | -- | Yes | Yes | Yes | Exports as pcapng |
| pcapfix | C | Yes | Yes | Yes | writes pcapng when input file is pcapng; otherwise pcapng can be forced with a parameter |
| Corelatus GTH | C, Erlang | No | Yes | Yes | -- |
| NetworkMiner | Unknown | Yes | Unknown | Unknown | -- |
| CapLoader | MS .NET | Yes | Yes | Unknown | -- |
| pcapng.com | N/A | Yes | N/A | Yes | A web page to convert pcapng to pcap (no more since Nov 2022) |
| thongs | C | No | Yes | Yes | -- |
| tcpdump | C | Yes | No | No | Uses libpcap to read pcapng, so support depends on libpcap support; currently, the libpcap API doesn't include explicit pcapng support, so only pcapng files in which all interfaces have the same link-layer type and snapshot length can be read, and all information that doesn't fit in a pcap file is discarded |
| Apple's tcpdump | C | Yes | Yes | No | Apple's variant of tcpdump, using their variant of libpcap, which includes APSL-licensed code, and provides (undocumented and unsupported) pcapng APIs, which tcpdump uses, so it's more capable than standard tcpdump with standard libpcap |
| tcpreplay | C | Yes | No | No | Uses libpcap to read pcapng, so support depends on libpcap support |
| pktdump | Perl | Yes | No | -- | |
| scapy | Python3 | Yes | No | Yes | -- |
| OmniPeek | Unknown | Yes | Yes | Unknown | -- |
| hcxdumptool | C | No | Yes | Yes (since 4.2.0) | penetration testing tool |
| hcxpcapngtool | C | Yes | No | Yes (since 6.0.0) | conversion to formats hashcat and JtR understand |
| Library | Language | License | Read | Write | Comment |
|---|---|---|---|---|---|
| libpcap | C | BSD | Yes (Partial) | No (Work in Progress) | Programs such as tcpdump using libpcap can thus read pcapng |
| Apple's libpcap | C | BSD/APSL | Yes | Yes | Apple's variant of libpcap; their changes are under the APSL license |
| ntar | C | BSD | Yes | Yes | -- |
| python-pcapng | Python | Apache | Yes | Yes (since 96ff792) | -- |
| awalsh128 | C# | BSD | Yes | No | -- |
| kornholi | Rust | MIT | Yes | No | -- |
| richo | Rust | MIT | Yes | No | -- |
| akinaru | Java | MIT | Yes | No | -- |
| ryrychj | C# | MIT | Yes | Yes | -- |
| PcapPlusPlus | C++ | Unlicense | Yes | Yes | -- |
| LightPcapNg | C | MIT | Yes | Yes | -- |
| java-pcap | Java | Apache 2.0 | Yes | Yes | Silicon Labs pcap and pcapng java library for their Network Analyzer. |
| PackageSwiftPcapng | Swift | MIT | Yes | No | Swift library to parse PCAP and PCAPNG files |