PcapPlusPlus
pcpp::WinPcapLiveDevice Class Reference

#include <WinPcapLiveDevice.h>

Inheritance diagram for pcpp::WinPcapLiveDevice:
pcpp::PcapLiveDevice pcpp::IPcapDevice

Public Member Functions

virtual LiveDeviceType getDeviceType ()
 
bool startCapture (OnPacketArrivesCallback onPacketArrives, void *onPacketArrivesUserCookie, int intervalInSecondsToUpdateStats, OnStatsUpdateCallback onStatsUpdate, void *onStatsUpdateUsrrCookie)
 
bool startCapture (int intervalInSecondsToUpdateStats, OnStatsUpdateCallback onStatsUpdate, void *onStatsUpdateUserCookie)
 
bool startCapture (RawPacketVector &capturedPacketsVector)
 
virtual int sendPackets (RawPacket *rawPacketsArr, int arrLength)
 
bool setMinAmountOfDataToCopyFromKernelToApplication (int size)
 
int getMinAmountOfDataToCopyFromKernelToApplication ()
 
- Public Member Functions inherited from pcpp::PcapLiveDevice
virtual ~PcapLiveDevice ()
 
const char * getName ()
 
const char * getDesc ()
 
bool getLoopback ()
 
virtual uint16_t getMtu ()
 
std::vector< pcap_addr_t > & getAddresses ()
 
virtual MacAddress getMacAddress ()
 
IPv4Address getIPv4Address ()
 
IPv4Address getDefaultGateway ()
 
std::vector< IPv4Address > & getDnsServers ()
 
virtual bool startCapture (OnPacketArrivesCallback onPacketArrives, void *onPacketArrivesUserCookie)
 
virtual int startCaptureBlockingMode (OnPacketArrivesStopBlocking onPacketArrives, void *userCookie, int timeout)
 
void stopCapture ()
 
bool sendPacket (RawPacket const &rawPacket)
 
bool sendPacket (const uint8_t *packetData, int packetDataLength)
 
bool sendPacket (Packet *packet)
 
virtual int sendPackets (Packet **packetsArr, int arrLength)
 
virtual int sendPackets (const RawPacketVector &rawPackets)
 
bool open ()
 
void close ()
 
virtual void getStatistics (pcap_stat &stats)
 
bool open (DeviceMode mode)
 
- Public Member Functions inherited from pcpp::IPcapDevice
bool isOpened ()
 
bool setFilter (GeneralFilter &filter)
 
virtual bool setFilter (std::string filterAsString)
 
void clearFilter ()
 

Additional Inherited Members

- Public Types inherited from pcpp::PcapLiveDevice
enum  LiveDeviceType { LibPcapDevice, WinPcapDevice, RemoteDevice }
 
enum  DeviceMode { Normal = 0, Promiscuous = 1 }
 
- Static Public Member Functions inherited from pcpp::IPcapDevice
static bool verifyFilter (std::string filterAsString)
 
static bool matchPakcetWithFilter (std::string filterAsString, RawPacket *rawPacket)
 

Detailed Description

A class that wraps a Windows network interface (each of the interfaces listed in ipconfig). This class is almost similar in its capabilities to PcapLiveDevice (its parent class) with some small changes that mainly result from differences between libpcap and WinPcap. Please see the reference for PcapLiveDevice for more details

Member Function Documentation

virtual LiveDeviceType pcpp::WinPcapLiveDevice::getDeviceType ( )
inlinevirtual
Returns
The type of the device (libPcap, WinPcap or a remote device)

Reimplemented from pcpp::PcapLiveDevice.

int pcpp::WinPcapLiveDevice::getMinAmountOfDataToCopyFromKernelToApplication ( )
inline
Returns
The current amount of data in the kernel buffer that causes a read from the application to return (see also setMinAmountOfDataToCopyFromKernelToApplication())
virtual int pcpp::WinPcapLiveDevice::sendPackets ( RawPacket rawPacketsArr,
int  arrLength 
)
virtual

Send an array of RawPacket objects to the network

Parameters
[in]rawPacketsArrThe array of RawPacket objects to send. This method treats all packets as read-only, it doesn't change anything in them
[in]arrLengthThe length of the array
Returns
The number of packets sent successfully. Sending a packet can fail if:
  • Device is not opened. In this case no packets will be sent, return value will be 0
  • Packet length is 0
  • Packet length is larger than device MTU
  • Packet could not be sent due to some error in libpcap/WinPcap

Reimplemented from pcpp::PcapLiveDevice.

bool pcpp::WinPcapLiveDevice::setMinAmountOfDataToCopyFromKernelToApplication ( int  size)

WinPcap has an ability (that doesn't exist in libpcap) to change the minimum amount of data in the kernel buffer that causes a read from the application to return (unless the timeout expires). Please see documentation for pcap_setmintocopy for more info. This method enables the user to change this size. Note the device must be open for this method to work

Parameters
[in]sizeThe size to set in bytes
Returns
True if set succeeded, false if the device is closed or if pcap_setmintocopy failed
bool pcpp::WinPcapLiveDevice::startCapture ( OnPacketArrivesCallback  onPacketArrives,
void *  onPacketArrivesUserCookie,
int  intervalInSecondsToUpdateStats,
OnStatsUpdateCallback  onStatsUpdate,
void *  onStatsUpdateUserCookie 
)
virtual

Start capturing packets on this network interface (device) with periodic stats collection. Each time a packet is captured the onPacketArrives callback is called. In addition, each intervalInSecondsToUpdateStats seconds stats are collected from the device and the onStatsUpdate callback is called. Both the capture and periodic stats collection are done on new threads created by this method, each on a different thread, meaning all callback calls are done in threads other than the caller thread. Capture process and stats collection will stop and threads will be terminated when calling stopCapture(). This method must be called after the device is opened (i.e the open() method was called), otherwise an error will be returned.

Parameters
[in]onPacketArrivesA callback that is called each time a packet is captured
[in]onPacketArrivesUserCookieA pointer to a user provided object. This object will be transferred to the onPacketArrives callback each time it is called. This cookie is very useful for transferring objects that give context to the capture callback, for example: objects that counts packets, manages flow state or manages the application state according to the packet that was captured
[in]intervalInSecondsToUpdateStatsThe interval in seconds to activate periodic stats collection
[in]onStatsUpdateA callback that will be called each time intervalInSecondsToUpdateStats expires and stats are collected. This callback will contain the collected stats
[in]onStatsUpdateUserCookieA pointer to a user provided object. This object will be transferred to the onStatsUpdate callback each time it is called
Returns
True if capture started successfully, false if (relevant log error is printed in any case):
  • Capture is already running
  • Device is not opened
  • Capture thread could not be created
  • Stats collection thread could not be created

Reimplemented from pcpp::PcapLiveDevice.

bool pcpp::WinPcapLiveDevice::startCapture ( int  intervalInSecondsToUpdateStats,
OnStatsUpdateCallback  onStatsUpdate,
void *  onStatsUpdateUserCookie 
)
virtual

Start capturing packets on this network interface (device) with periodic stats collection only. This means that packets arriving to the network interface aren't delivered to the user but only counted. Each intervalInSecondsToUpdateStats seconds stats are collected from the device and the onStatsUpdate callback is called with the updated counters. The periodic stats collection is done on a new thread created by this method, meaning all callback calls are done in threads other than the caller thread. Stats collection will stop and threads will be terminated when calling stopCapture(). This method must be called after the device is opened (i.e the open() method was called), otherwise an error will be returned.

Parameters
[in]intervalInSecondsToUpdateStatsThe interval in seconds to activate periodic stats collection
[in]onStatsUpdateA callback that will be called each time intervalInSecondsToUpdateStats expires and stats are collected. This callback will contain the collected stats
[in]onStatsUpdateUserCookieA pointer to a user provided object. This object will be transferred to the onStatsUpdate callback each time it is called
Returns
True if capture started successfully, false if (relevant log error is printed in any case):
  • Capture is already running
  • Device is not opened
  • Stats collection thread could not be created

Reimplemented from pcpp::PcapLiveDevice.

bool pcpp::WinPcapLiveDevice::startCapture ( RawPacketVector capturedPacketsVector)
inlinevirtual

Start capturing packets on this network interface (device). All captured packets are added to capturedPacketsVector, so at the end of the capture (when calling stopCapture()) this vector contains pointers to all captured packets in the form of RawPacket. The capture is done on a new thread created by this method, meaning capturedPacketsVector is updated from another thread other than the caller thread (so user should avoid changing or iterating this vector while capture is on). Capture process will stop and this capture thread will be terminated when calling stopCapture(). This method must be called after the device is opened (i.e the open() method was called), otherwise an error will be returned.

Parameters
[in]capturedPacketsVectorA reference to a RawPacketVector, meaning a vector of pointer to RawPacket objects
Returns
True if capture started successfully, false if (relevant log error is printed in any case):
  • Capture is already running
  • Device is not opened
  • Capture thread could not be created

Reimplemented from pcpp::PcapLiveDevice.