Talk:Pcap
This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||
|
File format(s)?
[edit]This page is missing an overview of the actual file format. Listing programs that use it is useful, but a description of the format is also essential for a complete article. Also, I came here looking for info on incompatibilities between tools using pcap format (having just run into one). — Preceding unsigned comment added by StuartGathman (talk • contribs) 17:41, 10 December 2012 (UTC)
- The library can, as of libpcap 1.1.0 (unfortunately, there's no WinPcap-release based on that or a later release), read two formats - pcap and pcap-ng, although it currently writes only pcap format (except on OS X Mountain Lion, which has extensions to write pcap-ng). The page could link to pages describing those formats, which would probably suffice.
- As for incompatibilities, are you referring to incompatibilities in the processing of the low-level file format or incompatibilities in the processing of packet data, and, if it's the former (the latter are would be of scope for this page), what sort of incompatibilities have you seen, and have you reported them to the developers? Guy Harris (talk) 19:34, 10 December 2012 (UTC)
- And now the page cites the Internet Draft for the pcap file format as a reference, so people who want the details of the format can find it there. Guy Harris (talk) 19:27, 4 March 2024 (UTC)
Merges
[edit]Should this page absorb the libpcap and WinPcap pages, with libpcap and WinPcap redirecting to pcap? Guy Harris 21:36, 5 November 2005 (UTC)
- Done a while ago. Guy Harris (talk) 18:08, 12 May 2009 (UTC)
Pcap name
[edit]And what does PCAP mean? Packet Capturing Application Protocol????... anything ?
- Packet CAPture. It's not all caps, so they're not initials. Guy Harris 15:51, 3 October 2006 (UTC)
PCAP is not the name of the API
[edit]Re "While the name is an abbreviation of packet capture, that is not the API's proper name. " — Preceding unsigned comment added by 24.141.52.159 (talk) 15:04, 31 March 2020 (UTC)
Then give the name.
As far as I know, libpcap is the library for pcap and that is the API (application program interface) whereby programs call the functions of pcap. Basically, I think the statement is wrong but I don't see why the API was mentioned. PCAP is a program. libpcap is a library (API) called by the application program.
15:03, 31 March 2020 (UTC) — Preceding unsigned comment added by 24.141.52.159 (talk)
- "libpcap is the library for pcap" What is the "pcap" for which libpcap is the library?
- For better or worse, the WinPcap developers decided to call it "WinPcap" rather than just "libpcap for Windows", and the library files aren't libpcap.dll and libpcap.lib, they're wpcap.dll and wpcap.lib.
- Npcap continues that tradition.
- So not all of the libraries that implement the API are called "libpcap", even though the other two (WinPcap and Npcap) include libpcap code.
- "PCAP is a program." Where can I find this program called "PCAP"? Or do you mean "pcap is a program.", in which case where can I find this program called "pcap"? Three programs that come to mind that use the libpcap/WinPcap/Npcap libraries are:
- tcpdump, which isn't called anything with "pcap" in it;
- dumpcap (part of Wireshark), the name of which has "pcap" as a substring by accident - it's "dump" followed by "cap", not "dum" followed by "pcap" (I can speak authoritatively here as a Wireshark core developer);
- snort, which isn't called anything with "pcap" in it. Guy Harris (talk) 18:01, 31 March 2020 (UTC)
Licenses?
[edit]The "Free Software Portal" link is present in this page. But, there's no information about the licenses of any of the softwares described, and, the "Free Software" category isn't present. What's the story? 198.49.180.40 (talk) 17:49, 20 August 2009 (UTC)
- See the infoboxes I added to the article. (Short answer: BSD license.) Guy Harris (talk) 19:32, 31 October 2009 (UTC)
- There are no references for the BSDL. The code itself and the project page tell nothing about terms of use, licenses for use of the Pro version are sold. Where is that information from? --Trac3R (talk) 10:40, 21 June 2011 (UTC)
- The source code. See the copyright notices. Guy Harris (talk) 18:38, 21 June 2011 (UTC)
- And the "project page" is the project page for the now-dead WinPcap, not for either libpcap or Npcap. libpcap has no "pro version", it's just a BSD-licensed free software project, as noted. WinPcap is also BSD-licensed, but the installer isn't; the Pro version, as I remember, had a silent installer, so if you wanted to build a commercial application atop WinPcap, and wanted an unobtrusive installer, you'd have to pay the WinPcap folk to help them handle the support calls you were likely to throw in their direction. Npcap's non-libpcap components (driver, wrapper library round the driver, etc.) aren't licensed as free software, and they also require payment, for much the same reason as WinPcap. Guy Harris (talk) 21:21, 12 September 2024 (UTC)
- The source code. See the copyright notices. Guy Harris (talk) 18:38, 21 June 2011 (UTC)
- There are no references for the BSDL. The code itself and the project page tell nothing about terms of use, licenses for use of the Pro version are sold. Where is that information from? --Trac3R (talk) 10:40, 21 June 2011 (UTC)
Cookie
[edit]In programs that use pcap section, the cookie link links to the food. I can't seem to find the page for the application. —Preceding unsigned comment added by 61.94.132.204 (talk) 09:31, 31 December 2010 (UTC)
- That's because there isn't one. I got rid of the link. Guy Harris (talk) 13:21, 31 December 2010 (UTC)
Complexity
[edit]Why is it that I can never understand Wikipedia articles on (a) computing and (b) statistics? These articles are written in the most technical and obtuse language, clearly intended for someone in the field. I leave this article on pcap having even less of an idea about what it is than I had before I got here.... Sigh. 70.29.73.38 (talk) 04:41, 21 January 2012 (UTC)
- Because, for many subjects, there are details you have to understand before you even know what people are talking about. You're probably not going to get very far with the string theory article without at least some background in physics. It has links to articles about various concepts it mentions, but the same applies to those articles, e.g. AdS/CFT correspondence.
- Explaining concepts in a technical field to people outside the field is hard. There's a reason why science journalism exists as a profession (and why some are, well, better at that profession than others).
- The main thing that seems to be missing from the article is an explanation of one of the primary purposes of libpcap/WinPcap/Npcap - allowing the same API to be used on several operating systems with different mechanisms for capturing network traffic (or, in the case of Windows, providing such a mechanism). Other concepts, such as what an API is and what "capturing network traffic" is, are explained in the articles to which this article links, although those could perhaps use improvement as well. Guy Harris (talk) 21:35, 12 September 2024 (UTC)
PCAP is also a short term for Projected Capacitive
[edit]As Projected Capacitive becomes more and more applied in nowadays life (e.g. mobile phones, tablets, information directories, HMI), maybe we can make a difference here between Projected Capacitive in the Field of electronics and Package Capture in the field of computer networking. — Preceding unsigned comment added by 83.136.193.197 (talk) 07:50, 19 July 2012 (UTC)
- I've added an {{about}} item at the top to send people to projected capacitance if that's what they're interested in (and fixed the redirection for projected capacitance to go to the section of the touchscreen page about projected capacitance, rather than just to the page). Guy Harris (talk) 16:39, 19 July 2012 (UTC)
"Written like an advertisement"?
[edit]What part is "written like an advertisement"? The only part where I could possibly see that is the Npcap section. Guy Harris (talk) 00:51, 21 October 2017 (UTC)
- I fail to see that either. I took the liberty to remove that tag, as well as the more citations tag, which dates back to when the article had no inline refs at all. MichielN (talk) 19:02, 12 September 2024 (UTC)
PCAP = Prevention Of Cruelty To Animals And Plants
[edit]PCAP = Prevention Of Cruelty To Animals And Plants — Preceding unsigned comment added by Ananadamarga (talk • contribs) 17:22, 5 April 2018 (UTC)
- And projected capacitance and Parent-Child Assistance Program and, formerly, the Prestressed Concrete Association of Pennsylvania.
- As well as, of course, the Packet CAPture library and file format. Guy Harris (talk) 17:33, 5 April 2018 (UTC)
Proposal: Rename/refocus to "libpcap," remove idea of "pcap API"
[edit]Having done some research into its origins, I have found no evidence of any entity, API or program, called pcap that predates or stands apart from libpcap, which is the library created at LBNL for extending the BPF packet capture part of tcpdump to other programs. Therefore, I propose a rewrite of this page, which I can undertake myself, to refocus it on libpcap and its forks, ports, and extensions. The primary changes would be:
- Rename page to libpcap
- Include a section on the pcap file format, possibly including info on the pcap-ng file format.
- Expand the History section to include links to Berkeley Packet Filter.
- Create a section discussing the various backends which libpcap has been extended to support for different operating systems, such as DLPI, STREAMS, DAG, PF_PACKET, etc.
- Demote the pcap libraries for Windows section to a sub-section of the new backends section, stripping most of the jargon and sales-y statements.
Bonsaiwiking (talk) 21:02, 16 September 2021 (UTC)
- That'd work (even if the project of which I'm guessing you're the core developer isn't called "libpcap" :-)).
- The backends fall into two categories - local network adapter capture, which would include the BPF capture mechanism (an unfortunate name, as it requires distinguishing between the (c)BPF capture filter language and filters that implement it and the BPF packet capture mechanism) as well as DLPI, STREAMS NIT, NPF, and PF_PACKET sockets, and others, such as DAG, Linux USB of various sorts, NFLOG, etc.
- Which of the additional sections - programs that use it, wrappers, other stuff that reads pcap or pcapng files - would remain? Guy Harris (talk) 01:14, 8 October 2023 (UTC)
- Start-Class Computing articles
- Low-importance Computing articles
- Start-Class Computer networking articles
- Mid-importance Computer networking articles
- Start-Class Computer networking articles of Mid-importance
- All Computer networking articles
- Start-Class software articles
- Low-importance software articles
- Start-Class software articles of Low-importance
- All Software articles
- All Computing articles