{"id":50865833,"url":"https://github.com/tapman104/zig-nacap","last_synced_at":"2026-06-15T01:05:00.964Z","repository":{"id":351579449,"uuid":"1211075306","full_name":"tapman104/zig-nacap","owner":"tapman104","description":" Idiomatic Zig wrapper for Npcap — packet capture and protocol decoding on Windows","archived":false,"fork":false,"pushed_at":"2026-04-15T15:33:35.000Z","size":48,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-15T17:09:08.735Z","etag":null,"topics":["ncap","networking","packet-capture","windows","zig"],"latest_commit_sha":null,"homepage":"","language":"Zig","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tapman104.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"docs/roadmap.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-15T03:30:30.000Z","updated_at":"2026-04-15T15:33:40.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/tapman104/zig-nacap","commit_stats":null,"previous_names":["tapman104/zig-nacap"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/tapman104/zig-nacap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tapman104%2Fzig-nacap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tapman104%2Fzig-nacap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tapman104%2Fzig-nacap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tapman104%2Fzig-nacap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tapman104","download_url":"https://codeload.github.com/tapman104/zig-nacap/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tapman104%2Fzig-nacap/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34343318,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-14T02:00:07.365Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ncap","networking","packet-capture","windows","zig"],"created_at":"2026-06-15T01:05:00.053Z","updated_at":"2026-06-15T01:05:00.953Z","avatar_url":"https://github.com/tapman104.png","language":"Zig","funding_links":[],"categories":[],"sub_categories":[],"readme":"# npcap_zig\n\nIdiomatic Zig 0.16 wrapper for [Npcap](https://npcap.com/) on Windows.\n\nZero-allocation packet capture with pure-Zig protocol decoders.\nNo libc, no C++ headers, no global state leaking into userspace.\n\n---\n\n## Requirements\n\n| Requirement | Details |\n|---|---|\n| **OS** | Windows 10 / 11 (64-bit) |\n| **Npcap** | [npcap.com](https://npcap.com/#download) — must be installed before running |\n| **Npcap SDK** | [npcap-sdk-1.13.zip](https://npcap.com/dist/npcap-sdk-1.13.zip) extracted to `C:\\npcap-sdk` |\n| **Zig** | 0.16.0 |\n| **Privileges** | Run executables **as Administrator** |\n\n---\n\n## Adding as a Dependency\n\n1. In your project's `build.zig.zon`, add:\n\n```zig\n.dependencies = .{\n    .npcap_zig = .{\n        .url  = \"https://github.com/youruser/npcap_zig/archive/refs/tags/v0.1.0.tar.gz\",\n        .hash = \"\u003czig fetch output here\u003e\",\n    },\n},\n```\n\n2. In your `build.zig`, fetch and import the module:\n\n```zig\nconst npcap_dep = b.dependency(\"npcap_zig\", .{\n    .target   = target,\n    .optimize = optimize,\n});\nexe.root_module.addImport(\"npcap_zig\", npcap_dep.module(\"npcap_zig\"));\n```\n\n---\n\n## Quick-Start Usage\n\n```zig\nconst std       = @import(\"std\");\nconst npcap_zig = @import(\"npcap_zig\");\nconst capture   = npcap_zig.capture;\nconst proto     = npcap_zig.proto;\n\npub fn main() !void {\n    const allocator = std.heap.c_allocator;\n\n    // 1. List network interfaces\n    const devices = try capture.listDevices(allocator);\n    defer capture.freeDevices(allocator, devices);\n\n    // 2. Open the first non-loopback interface\n    var chosen: ?capture.Device = null;\n    for (devices) |dev| {\n        if (!dev.is_loopback) { chosen = dev; break; }\n    }\n    const dev = chosen orelse return;\n\n    const name_z = try allocator.dupeZ(u8, dev.name);\n    defer allocator.free(name_z);\n\n    var cap = try capture.openDevice(name_z, 65535, true, 1000);\n    defer cap.close();\n\n    // 3. Optional BPF filter\n    try cap.setFilter(\"tcp port 80\");\n\n    // 4. Capture loop\n    while (true) {\n        const pkt = cap.nextPacket() orelse continue;\n\n        // 5. Decode ETH → IPv4 → TCP\n        const eth = try proto.eth.parseEthernet(pkt.data);\n        if (eth.ether_type != .ipv4) continue;\n        \n        const ip = try proto.ipv4.parseIpv4(eth.payload);\n        if (ip.proto != .tcp) continue;\n        \n        const tcp = try proto.tcp.parseTcp(ip.payload);\n\n        var ib1: [15]u8 = undefined;\n        var ib2: [15]u8 = undefined;\n        std.debug.print(\"TCP  {s}:{d}  →  {s}:{d}  payload={d}b\\n\", .{\n            proto.ipv4.formatIp(ip.src, \u0026ib1), tcp.src_port,\n            proto.ipv4.formatIp(ip.dst, \u0026ib2), tcp.dst_port,\n            tcp.payload.len,\n        });\n    }\n}\n```\n\n---\n\n## Protocol Support\n\n| Layer | Protocol | Function | Return type |\n|---|---|---|---|\n| L2 | Ethernet | `proto.eth.parseEthernet` | `ParseError!EthernetFrame` |\n| L2 | ARP | `proto.arp.parseArp` | `ParseError!ArpPacket` |\n| L3 | IPv4 | `proto.ipv4.parseIpv4` | `ParseError!Ipv4Header` |\n| L3 | IPv6 | `proto.ipv6.parseIpv6` | `ParseError!Ipv6Header` |\n| L4 | ICMPv4 | `proto.icmpv4.parseIcmp` | `ParseError!IcmpMessage` |\n| L4 | ICMPv6 | `proto.icmpv6.parseIcmpv6` | `ParseError!Icmpv6Message` |\n| L4 | TCP | `proto.tcp.parseTcp` | `ParseError!TcpSegment` |\n| L4 | UDP | `proto.udp.parseUdp` | `ParseError!UdpDatagram` |\n| L7 | DNS | `proto.dns.parseDns` | `ParseError!DnsMessage` |\n| L7 | HTTP/1.x | `proto.http.detect` | `?HttpHint` |\n\nAll parsers are **pure functions**: no allocator, no I/O, no side effects.\nAll string/slice results point into the **original packet buffer** — zero-copy.\n\n---\n\n## TCP Flow Tracking\n\nThe library includes a stateful TCP flow tracker that handles normalization (client/server detection) and connection state transitions.\n\n```zig\nconst flow = npcap_zig.flow;\n// ... inside capture loop ...\nconst status = flow.processTcp(\u0026flow_table, pkt, ip.src, ip.dst, tcp, ip.payload.len);\n// status: \"flow=NEW\", \"flow=ESTABLISHED\", \"flow=FIN_WAIT\", etc.\n```\n\n---\n\n## Examples\n\n| File | Build step | Description |\n|---|---|---|\n| [`examples/basic_capture.zig`](examples/basic_capture.zig) | `zig build run` | Full multi-protocol sniffer with flow tracking |\n| [`examples/dns_monitor.zig`](examples/dns_monitor.zig) | `zig build dns_monitor` | BPF-filtered DNS query logger |\n\n### Building\n\n```powershell\n# Build + run the full sniffer (20 packets)\nzig build run\n\n# Build + run the DNS logger (runs until Ctrl+C)\nzig build dns_monitor\n\n# Build everything without running\nzig build\n```\n\n---\n\n## Module Layout\n\n```\nsrc/\n  root.zig            ← Public API re-exports\n  capture.zig         ← Npcap live/file capture engine\n  packet.zig          ← ParsedPacket and Layer3/4 unions\n  flow/\n    tracker.zig       ← TCP flow tracking state machine\n  proto/\n    errors.zig        ← Shared parsing error set\n    eth.zig           ← Ethernet II frame parser\n    ipv4.zig          ← IPv4 header parser\n    ipv6.zig          ← IPv6 header + extension headers\n    arp.zig           ← Address Resolution Protocol (ARP)\n    tcp.zig           ← TCP segment parser\n    udp.zig           ← UDP datagram parser\n    icmpv4.zig        ← ICMPv4 message parser\n    icmpv6.zig        ← ICMPv6 / NDP parser\n    dns.zig           ← DNS (RFC 1035) Question/Answer parser\n    http.zig          ← HTTP/1.1 method/host detector\n  backend/\n    npcap_raw.zig     ← Low-level pcap DLL wrapper\n```\n\n---\n\n## License\n\n[MIT](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftapman104%2Fzig-nacap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftapman104%2Fzig-nacap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftapman104%2Fzig-nacap/lists"}