Application Packet Capture: A better way to PCAP.
What is it?
AppPacCap is a packet capture framework designed to provide granular capture capabilities with a fully extensible front-end.
AppPacCap service provide a RESTful API that allows for control of the packet capture process as well as the visualization of the data.
AppPacCap provides a powerful back-end functionality that can be leveraged to create useful and functional front-ends that meet specific needs.
How is it different than Wireshark?
There are a few key differences between
AppPacCap and Wireshark. First, Wireshark only provides full system packet capture. There is no easy way to identify and filter the packets based on the application sending them. Microsoft's Network Monitor provides that level of capture but is discontinued while the follow-on replacement, Microsoft's Message Analayzer, has limitations that can lead to incorrect packet association.
AppPacCap solves this issue and allows granular targeting of applications down to the thread so you only capture what you want.
The second difference is what can be done with the data after it is captured. All of the tools listed above have some extensibility but nothing to the level that
AppPacCap provides. With data captured through those tools, generally a PCAP file is exported and then imported into some other tool to provide enrichment. With
AppPacCap, enrichment can occur organically and then displayed in the format you desire thanks to the fully extensible front-end.
Why Use AppPacCap?
There are numerous use cases for
AppPacCap. Like other packet capture tools, network debugging and malware analysis can be performed with
AppPacCap but now with more precision by targeting the specific processes of interest. Better network forensics can be performed with process information associated with the captures.
AppPacCap runs as a service and exposes a RESTful API which means that data can be queried remotely. This allows for every system running
- Full packet capture at the system, process or thread level
- Web server interface with RESTful API
- Customizable enrichment capabilities
- Complete front-end control
AppPacCap is currently in beta.
v9.2018.103.6641 (x64) - Released 15 April 2018