Talk:Pcap

File format(s)?

This page is missing an overview of the actual file format. Listing programs that use it is useful, but a description of the format is also essential for a complete article. Also, I came here looking for info on incompatibilities between tools using pcap format (having just run into one). — Preceding unsigned comment added by StuartGathman (talk • contribs) 17:41, 10 December 2012 (UTC)

The library can, as of libpcap 1.1.0 (unfortunately, there's no WinPcap-release based on that or a later release), read two formats - pcap and pcap-ng, although it currently writes only pcap format (except on OS X Mountain Lion, which has extensions to write pcap-ng). The page could link to pages describing those formats, which would probably suffice.

As for incompatibilities, are you referring to incompatibilities in the processing of the low-level file format or incompatibilities in the processing of packet data, and, if it's the former (the latter are would be of scope for this page), what sort of incompatibilities have you seen, and have you reported them to the developers? Guy Harris (talk) 19:34, 10 December 2012 (UTC)

And now the page cites the Internet Draft for the pcap file format as a reference, so people who want the details of the format can find it there. Guy Harris (talk) 19:27, 4 March 2024 (UTC)

Merges

Should this page absorb the libpcap and WinPcap pages, with libpcap and WinPcap redirecting to pcap? Guy Harris 21:36, 5 November 2005 (UTC)

Done a while ago. Guy Harris (talk) 18:08, 12 May 2009 (UTC)

Pcap name

And what does PCAP mean? Packet Capturing Application Protocol????... anything ?

Packet CAPture. It's not all caps, so they're not initials. Guy Harris 15:51, 3 October 2006 (UTC)

PCAP is not the name of the API

Re "While the name is an abbreviation of packet capture, that is not the API's proper name. " — Preceding unsigned comment added by 24.141.52.159 (talk) 15:04, 31 March 2020 (UTC)

Then give the name.

As far as I know, libpcap is the library for pcap and that is the API (application program interface) whereby programs call the functions of pcap. Basically, I think the statement is wrong but I don't see why the API was mentioned. PCAP is a program. libpcap is a library (API) called by the application program.

15:03, 31 March 2020 (UTC) — Preceding unsigned comment added by 24.141.52.159 (talk)

"libpcap is the library for pcap" What is the "pcap" for which libpcap is the library?

For better or worse, the WinPcap developers decided to call it "WinPcap" rather than just "libpcap for Windows", and the library files aren't libpcap.dll and libpcap.lib, they're wpcap.dll and wpcap.lib.

Npcap continues that tradition.

So not all of the libraries that implement the API are called "libpcap", even though the other two (WinPcap and Npcap) include libpcap code.

"PCAP is a program." Where can I find this program called "PCAP"? Or do you mean "pcap is a program.", in which case where can I find this program called "pcap"? Three programs that come to mind that use the libpcap/WinPcap/Npcap libraries are:

• tcpdump, which isn't called anything with "pcap" in it;
• dumpcap (part of Wireshark), the name of which has "pcap" as a substring by accident - it's "dump" followed by "cap", not "dum" followed by "pcap" (I can speak authoritatively here as a Wireshark core developer);
• snort, which isn't called anything with "pcap" in it. Guy Harris (talk) 18:01, 31 March 2020 (UTC)

Licenses?

The "Free Software Portal" link is present in this page. But, there's no information about the licenses of any of the softwares described, and, the "Free Software" category isn't present. What's the story? 198.49.180.40 (talk) 17:49, 20 August 2009 (UTC)

See the infoboxes I added to the article. (Short answer: BSD license.) Guy Harris (talk) 19:32, 31 October 2009 (UTC)

There are no references for the BSDL. The code itself and the project page tell nothing about terms of use, licenses for use of the Pro version are sold. Where is that information from? --Trac3R (talk) 10:40, 21 June 2011 (UTC)

The source code. See the copyright notices. Guy Harris (talk) 18:38, 21 June 2011 (UTC)

Cookie

In programs that use pcap section, the cookie link links to the food. I can't seem to find the page for the application. —Preceding unsigned comment added by 61.94.132.204 (talk) 09:31, 31 December 2010 (UTC)

That's because there isn't one. I got rid of the link. Guy Harris (talk) 13:21, 31 December 2010 (UTC)

Complexity

Why is it that I can never understand Wikipedia articles on (a) computing and (b) statistics? These articles are written in the most technical and obtuse language, clearly intended for someone in the field. I leave this article on pcap having even less of an idea about what it is than I had before I got here.... Sigh. 70.29.73.38 (talk) 04:41, 21 January 2012 (UTC)

PCAP is also a short term for Projected Capacitive

As Projected Capacitive becomes more and more applied in nowadays life (e.g. mobile phones, tablets, information directories, HMI), maybe we can make a difference here between Projected Capacitive in the Field of electronics and Package Capture in the field of computer networking. — Preceding unsigned comment added by 83.136.193.197 (talk) 07:50, 19 July 2012 (UTC)

I've added an {{about}} item at the top to send people to projected capacitance if that's what they're interested in (and fixed the redirection for projected capacitance to go to the section of the touchscreen page about projected capacitance, rather than just to the page). Guy Harris (talk) 16:39, 19 July 2012 (UTC)

"Written like an advertisement"?

What part is "written like an advertisement"? The only part where I could possibly see that is the Npcap section. Guy Harris (talk) 00:51, 21 October 2017 (UTC)

PCAP = Prevention Of Cruelty To Animals And Plants

PCAP = Prevention Of Cruelty To Animals And Plants — Preceding unsigned comment added by Ananadamarga (talk • contribs) 17:22, 5 April 2018 (UTC)

And projected capacitance and Parent-Child Assistance Program and, formerly, the Prestressed Concrete Association of Pennsylvania.

As well as, of course, the Packet CAPture library and file format. Guy Harris (talk) 17:33, 5 April 2018 (UTC)

Proposal: Rename/refocus to "libpcap," remove idea of "pcap API"

Having done some research into its origins, I have found no evidence of any entity, API or program, called pcap that predates or stands apart from libpcap, which is the library created at LBNL for extending the BPF packet capture part of tcpdump to other programs. Therefore, I propose a rewrite of this page, which I can undertake myself, to refocus it on libpcap and its forks, ports, and extensions. The primary changes would be:

• Rename page to libpcap
• Include a section on the pcap file format, possibly including info on the pcap-ng file format.
• Expand the History section to include links to Berkeley Packet Filter.
• Create a section discussing the various backends which libpcap has been extended to support for different operating systems, such as DLPI, STREAMS, DAG, PF_PACKET, etc.
• Demote the pcap libraries for Windows section to a sub-section of the new backends section, stripping most of the jargon and sales-y statements.

Bonsaiwiking (talk) 21:02, 16 September 2021 (UTC)

That'd work (even if the project of which I'm guessing you're the core developer isn't called "libpcap" :-)).

The backends fall into two categories - local network adapter capture, which would include the BPF capture mechanism (an unfortunate name, as it requires distinguishing between the (c)BPF capture filter language and filters that implement it and the BPF packet capture mechanism) as well as DLPI, STREAMS NIT, NPF, and PF_PACKET sockets, and others, such as DAG, Linux USB of various sorts, NFLOG, etc.

Which of the additional sections - programs that use it, wrappers, other stuff that reads pcap or pcapng files - would remain? Guy Harris (talk) 01:14, 8 October 2023 (UTC)