qcap is a library for network traffic analysis. It provides mechanisms for an application to:

  • access libpcap data sources (files and network devices),
  • defragment IP packets,
  • reconstruct TCP streams,
  • parse TCP streams,
  • decode encrypted/obfuscated portions of TCP streams.

It is designed to provide applications with easy access to the content of TCP streams. The parsing facilities identify portions of layer-7 streams, and hand them off to application-level callbacks. If the stream is encoded with credentials available to qcap, qcap will decode that portion of the stream.