libtins is a high-level, multiplatform C++ network packet sniffing and crafting library.

Its main purpose is to provide the C++ developer an easy, efficient, platform and endianness-independent way to create tools which need to send, receive and manipulate network packets.

It uses a BSD-2 license and it's hosted at github.

It's easy to use!

The library is very simple to use. As a short example, this is how it could be used to print the source and destination addresses and ports of every TCP packet captured in the eth0 interface:

#include <iostream>
#include <tins/tins.h>

using namespace Tins;
using namespace std;

bool callback(const PDU &pdu) {
    // Find the IP layer
    const IP &ip = pdu.rfind_pdu<IP>(); 
    // Find the TCP layer
    const TCP &tcp = pdu.rfind_pdu<TCP>(); 
    cout << ip.src_addr() << ':' << << " -> " 
         << ip.dst_addr() << ':' << tcp.dport() << endl;
    return true;

int main() {

High level != inefficient

libtins was designed keeping efficiency in mind at all times. In fact, it is one of the fastest packet sniffing and interpretation libraries available. The benchmark section contains some actual measurements of how fast it works.

It's been thoroughly tested

Almost as much time was invested testing the library than developing it. At the moment of writing, there are 624 unit tests, which check that everything in libtins does what's expected.


Making your applications portable is very important. That is why a lot of work has been done so that libtins works on Windows, OSX and both little and big endian GNU/Linux and FreeBSD operating systems. This means you can develop some sniffing application, cross-compile it and execute it directly on your ARM or MIPS routers, or any other device that has sniffing capabilities, provided it has enough RAM. (libtins is ~10MB)


libtins supports several protocols and features:

  • Network packet crafting.
  • Packet sniffing and automatic packet interpretation.
  • Reading and writing PCAP files.
  • Following and reassembling TCP streams on the fly.
  • Decrypting WEP and WPA2(TKIP and CCMP) encrypted 802.11 data frames on the fly and interpreting the decrypted content.
  • Works properly on at least the following architectures: x86, x64, ARM and MIPS (probably more).
  • Supported protocols:
    • IEEE 802.11
    • IEEE 802.3
    • IEEE 802.1q
    • Ethernet
    • ARP
    • IP
    • IPv6
    • ICMP
    • ICMPv6
    • TCP
    • UDP
    • DHCP
    • DHCPv6
    • DNS
    • RadioTap
    • MPLS
    • EAPOL
    • PPPoE
    • STP
    • LLC
    • LLC+SNAP
    • Linux Cooked Capture
    • PPI
    • PKTAP
    • NULL/Loopback