index.html

---
title: C++ packet sniffing and crafting library
layout: default
section: home
---
<div id="index-header-separator">
</div>
<h3>Introduction</h3>
<p>
    <i>libtins</i> is a high-level, multiplatform <i>C++</i> network 
    packet sniffing and crafting library.
</p>
<p>
    Its main purpose is to provide the <i>C++</i> developer an easy,
    efficient, platform and endianness-independent way to create tools 
    which need to send, receive and manipulate network packets.
</p>
<p>
    It uses a BSD-2 license and it's hosted at 
    <a href="https://github.com/mfontanini/libtins">github</a>.
</p>
<h3>It's easy to use!</h3>
<p>
    The library is very simple to use. As a short example, this is 
    how it could be used to print the source and destination addresses 
    and ports of every <i>TCP</i> packet captured in the <i>eth0</i> 
    interface:
</p>

{% highlight cpp %}
#include <iostream>
#include <tins/tins.h>

using namespace Tins;
using namespace std;

bool callback(const PDU &pdu) {
    // Find the IP layer
    const IP &ip = pdu.rfind_pdu<IP>(); 
    // Find the TCP layer
    const TCP &tcp = pdu.rfind_pdu<TCP>(); 
    cout << ip.src_addr() << ':' << tcp.sport() << " -> " 
         << ip.dst_addr() << ':' << tcp.dport() << endl;
    return true;
}

int main() {
    Sniffer("eth0").sniff_loop(callback);
}
{% endhighlight %}

<h3>High level != inefficient</h3>
<p>
    <i>libtins</i> was designed keeping efficiency in mind at all times.
    In fact, it is one of the fastest packet sniffing and interpretation 
    libraries available. The <a href="/benchmark/">benchmark</a> section 
    contains some actual measurements of how fast it works.
</p>
<h3>It's been thoroughly tested</h3>
<p>
    Almost as much time was invested testing the library than 
    developing it. At the moment of writing, there are 624 unit tests, 
    which check that everything in <i>libtins</i> does what's
    expected. 
</p>
<h3>Portability</h3>
<p>
Making your applications portable is very important. That is why a lot 
of work has been done so that <i>libtins</i> works on <i>Windows</i>, 
<i>OSX</i> and both little and big endian <i>GNU/Linux</i> and 
<i>FreeBSD</i> operating systems. This means you can develop some 
sniffing application, cross-compile it and execute it directly on your 
<i>ARM</i> or <i>MIPS</i> routers, or any other device that has sniffing 
capabilities, provided it has enough RAM. (libtins is ~10MB)
</p>
<h3>Features</h3>
<p>
<i>libtins</i> supports several protocols and features:
</p>
<ul>
    <li>Network packet crafting.</li>
    <li>Packet sniffing and automatic packet interpretation.</li>
    <li>Reading and writing <i>PCAP</i> files.</li>
    <li>Following and reassembling <i>TCP</i> streams on the fly.</li>
    <li>Decrypting <i>WEP</i> and <i>WPA2</i>(<i>TKIP</i> and <i>CCMP</i>)
        encrypted 802.11 data frames on the fly and interpreting the 
        decrypted content.</li>
    <li>Works properly on at least the following architectures: 
        x86, x64, ARM and MIPS (probably more).</li>
    <li>
        Supported protocols:
        <ul>
            <li>IEEE 802.11</li>
            <li>IEEE 802.3</li>
            <li>IEEE 802.1q</li>
            <li>Ethernet</li>
            <li>ARP</li>
            <li>IP</li>
            <li>IPv6</li>
            <li>ICMP</li>
            <li>ICMPv6</li>
            <li>TCP</li>
            <li>UDP</li>
            <li>DHCP</li>
            <li>DHCPv6</li>
            <li>DNS</li>
            <li>RadioTap</li>
            <li>MPLS</li>
            <li>EAPOL</li>
            <li>PPPoE</li>
            <li>STP</li>
            <li>LLC</li>
            <li>LLC+SNAP</li>
            <li>Linux Cooked Capture</li>
            <li>PPI</li>
            <li>PKTAP</li>
            <li>NULL/Loopback</li>
        </ul>
    </li>
</ul>