From AutomationWiki
Jump to: navigation, search

Pcap i.e. packet capture consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library whereas Windows uses a port of libpcap known as WinPcap. WinPcap is the packet capture and filtering engine of many open source and commercial network tools, including protocol analyzers, network monitors, network intrusion detection systems, sniffers, traffic generators and network testers. Popularly known tools include Wireshark, Nmap, Snort, ntop etc. WinPcap contains a driver that extends the operating system to provide low-level network access, and a library that is used to easily access the low-level network layers.