Module com.slytechs.jnet.jnetpcap
Package com.slytechs.jnet.jnetpcap

Class NetPcap

java.lang.Object
org.jnetpcap.Pcap
org.jnetpcap.Pcap0_4
org.jnetpcap.Pcap0_5
org.jnetpcap.Pcap0_6
org.jnetpcap.Pcap0_7
org.jnetpcap.Pcap0_8
org.jnetpcap.Pcap0_9
org.jnetpcap.Pcap1_0
org.jnetpcap.Pcap1_2
org.jnetpcap.Pcap1_5
org.jnetpcap.Pcap1_9
org.jnetpcap.Pcap1_10
org.jnetpcap.internal.NonSealedPcap
com.slytechs.jnet.jnetpcap.NetPcap
All Implemented Interfaces:
CaptureStatistics, AutoCloseable
public final class NetPcap extends org.jnetpcap.internal.NonSealedPcap implements CaptureStatistics
Pcap packet capture with high level packet and protocol support.

IPF Modes

The pro pcap API provides support for IP fragment reassembly and tracking. When enabled, the user packet handler will receive fully reassembled IP datagrams instead of individual fragments along with any other type of packets selected by the packet filter applied.

To enable IPF mode, use the fluent method enableIpf(boolean) before the pcap handle is activated. Once enabled, numerous defaults are used and can be changed by the use of the pcap handle. By default, IPF tracking and reassembly are both enabled. Further more, IPF reassembly can be configured to attach IPF reassembled buffer to the last IP fragment and/or inserted as a new IP data-gram into the dispatcher's packet stream. This way the user packet handler will receive fully reassembled IP datagrams as packets. The default is to not forward individual IP fragments, but deliver the fully reassembled IP data-gram as a new packet, containing all of the IP fragment data combined.

Author:
Sly Technologies Inc, repos@slytechs.com

  • Method Details

    • create

      public static NetPcap create(org.jnetpcap.PcapIf device) throws org.jnetpcap.PcapException
      Create a live capture handle. create is used to create a packet capture handle to look at packets on the network. source is a string that specifies the network device to open; on Linux systems with 2.2 or later kernels, a source argument of "any" or NULL can be used to capture packets from all interfaces. The returned handle must be activated with pcap_activate() before pack' ets can be captured with it; options for the capture, such as promiscu' ous mode, can be set on the handle before activating it.
      Parameters:
      device - pcap network interface that specifies the network device to open.
      Returns:
      a new pcap object that needs to be activated using activate() call
      Throws:
      org.jnetpcap.PcapException - the pcap exception
      Since:
      libpcap 1.0

    • create

      public static NetPcap create(String device) throws org.jnetpcap.PcapException
      Create a live capture handle. create is used to create a packet capture handle to look at packets on the network. source is a string that specifies the network device to open; on Linux systems with 2.2 or later kernels, a source argument of "any" or NULL can be used to capture packets from all interfaces. The returned handle must be activated with pcap_activate() before pack' ets can be captured with it; options for the capture, such as promiscu' ous mode, can be set on the handle before activating it.
      Parameters:
      device - a string that specifies the network device to open; on Linux systems with 2.2 or later kernels, a source argument of "any" or NULL can be used to capture packets from all interfaces.
      Returns:
      a new pcap object that needs to be activated using activate() call
      Throws:
      org.jnetpcap.PcapException - the pcap exception
      Since:
      libpcap 1.0

    • openDead

      public static NetPcap openDead(org.jnetpcap.constant.PcapDlt linktype, int snaplen) throws org.jnetpcap.PcapException
      Open a fake pcap_t for compiling filters or opening a capture for output.

      openDead(org.jnetpcap.constant.PcapDlt, int) and pcap_open_dead_with_tstamp_precision() are used for creating a pcap_t structure to use when calling the other functions in libpcap. It is typically used when just using libpcap for compiling BPF full; it can also be used if using pcap_dump_open(3PCAP), pcap_dump(3PCAP), and pcap_dump_close(3PCAP) to write a savefile if there is no pcap_t that supplies the packets to be written.

      When pcap_open_dead_with_tstamp_precision(), is used to create a pcap_t for use with pcap_dump_open(), precision specifies the time stamp precision for packets; PCAP_TSTAMP_PRECISION_MICRO should be specified if the packets to be written have time stamps in seconds and microseconds, and PCAP_TSTAMP_PRECISION_NANO should be specified if the packets to be written have time stamps in seconds and nanoseconds. Its value does not affect pcap_compile(3PCAP).

      Parameters:
      linktype - specifies the link-layer type for the pcap handle
      snaplen - specifies the snapshot length for the pcap handle
      Returns:
      A dead pcap handle
      Throws:
      org.jnetpcap.PcapException - any errors
      Since:
      libpcap 0.6

    • openDeadWithTstampPrecision

      public static NetPcap openDeadWithTstampPrecision(org.jnetpcap.constant.PcapDlt linktype, int snaplen, org.jnetpcap.constant.PcapTStampPrecision precision) throws org.jnetpcap.PcapException
      Open a fake pcap_t for compiling filters or opening a capture for output.

      openDead(PcapDlt, int) and openDeadWithTstampPrecision(PcapDlt, int, PcapTStampPrecision) are used for creating a pcap_t structure to use when calling the other functions in libpcap. It is typically used when just using libpcap for compiling BPF full; it can also be used if using #dumpOpen(String), PcapDumper.dump(MemorySegment, MemorySegment), and PcapDumper.close() to write a savefile if there is no pcap_t that supplies the packets to be written.

      When openDeadWithTstampPrecision(PcapDlt, int, PcapTStampPrecision), is used to create a Pcap handle for use with Pcap0_4.dumpOpen(String), precision specifies the time stamp precision for packets; PCAP_TSTAMP_PRECISION_MICRO should be specified if the packets to be written have time stamps in seconds and microseconds, and PCAP_TSTAMP_PRECISION_NANO should be specified if the packets to be written have time stamps in seconds and nanoseconds. Its value does not affect pcap_compile(3PCAP).

      Parameters:
      linktype - specifies the link-layer type for the pcap handle
      snaplen - specifies the snapshot length for the pcap handle
      precision - the requested timestamp precision
      Returns:
      A dead pcap handle
      Throws:
      org.jnetpcap.PcapException - any errors
      Since:
      libpcap 1.5.1

    • openLive

      public static NetPcap openLive(org.jnetpcap.PcapIf device, int snaplen, boolean promisc, long timeout, TimeUnit unit) throws org.jnetpcap.PcapException
      Open a device for capturing.

      openLive is used to obtain a packet capture handle to look at packets on the network. device is a string that specifies the network device to open; on Linux systems with 2.2 or later kernels, a device argument of "any" or NULL can be used to capture packets from all interfaces.

      Parameters:
      device - the device name
      snaplen - specifies the snapshot length to be set on the handle
      promisc - specifies whether the interface is to be put into promiscuous mode. If promisc is non-zero, promiscuous mode will be set, otherwise it will not be set
      timeout - the packet buffer timeout, as a non-negative value, in units
      unit - time timeout unit
      Returns:
      the pcap handle
      Throws:
      org.jnetpcap.PcapException - any errors
      Since:
      libpcap 0.4

    • openLive

      public static NetPcap openLive(String device, int snaplen, boolean promisc, long timeout, TimeUnit unit) throws org.jnetpcap.PcapException
      Open a device for capturing.

      openLive is used to obtain a packet capture handle to look at packets on the network. device is a string that specifies the network device to open; on Linux systems with 2.2 or later kernels, a device argument of "any" or NULL can be used to capture packets from all interfaces.

      Parameters:
      device - the device name
      snaplen - specifies the snapshot length to be set on the handle
      promisc - specifies whether the interface is to be put into promiscuous mode. If promisc is non-zero, promiscuous mode will be set, otherwise it will not be set
      timeout - the packet buffer timeout, as a non-negative value, in units
      unit - time timeout unit
      Returns:
      the pcap handle
      Throws:
      org.jnetpcap.PcapException - any errors
      Since:
      libpcap 0.4

    • openOffline

      public static NetPcap openOffline(File file) throws org.jnetpcap.PcapException
      Open a saved capture file for reading.

      pcap_open_offline() and pcap_open_offline_with_tstamp_precision() are called to open a ``savefile'' for reading.

      Parameters:
      file - the offline capture file
      Returns:
      the pcap handle
      Throws:
      org.jnetpcap.PcapException - any errors
      Since:
      libpcap 0.4

    • openOffline

      public static NetPcap openOffline(String fname) throws org.jnetpcap.PcapException
      Open a saved capture file for reading.

      pcap_open_offline() and pcap_open_offline_with_tstamp_precision() are called to open a ``savefile'' for reading.

      Parameters:
      fname - specifies the name of the file to open. The file can have the pcap file format as described in pcap-savefile(5), which is the file format used by, among other programs, tcpdump(1) and tcpslice(1), or can have the pcapng file format, although not all pcapng files can be read
      Returns:
      the pcap handle
      Throws:
      org.jnetpcap.PcapException - any errors
      Since:
      libpcap 0.4

    • activate

      public void activate() throws org.jnetpcap.PcapActivatedException, org.jnetpcap.PcapException
      Activate the pcap-pro handle and all its resources. If the underlying basic pcap handle also requires activation, it will also be activated. The pcap-pro activation will allocated any required related resources such as packet processors, allocate requested memory buffers and configure pro filters and packet buffer dissectors.

      It is always required to call this activate() method on a pcap-pro handle, even if the underlying pcap handle does not require it such as for dead or offline handles.

      Overrides:
      activate in class org.jnetpcap.Pcap1_0
      Throws:
      org.jnetpcap.PcapActivatedException - thrown if pcap-pro handle has already been activated, however underlying base pcap handle even for dead, openLive or already otherwise uneccessary activations, are not thrown, as per this pcap-pro extension of this method
      org.jnetpcap.PcapException - any pcap exceptions during activation process
      See Also:
      • Pcap1_0.activate()

    • close

      public void close()
      Close.
      Specified by:
      close in interface AutoCloseable
      Overrides:
      close in class org.jnetpcap.Pcap0_4
      See Also:
      • Pcap0_4.close()

    • dispatch

      public int dispatch(int count, PcapProHandler.OfPacketConsumer packetConsumer)
      Dispatch which uses a simple packet consumer.
      Parameters:
      count - A value of -1 or 0 for count is equivalent to infinity, so that packets are processed until another ending condition occurs
      packetConsumer - the packet consumer
      Returns:
      returns 0 if count is exhausted or if, when reading from a ``savefile'', no more packets are available. It returns PCAP_ERROR_BREAK if the loop terminated due to a call to pcap_breakloop() before any packets were processed

    • dispatch

      public <U> int dispatch(int count, PcapProHandler.OfPacket<U> handler, U user)
      Process packets from a live capture or savefile.

      pcap_loop() processes packets from a live capture or ``savefile'' until cnt packets are processed, the end of the ``savefile'' is reached when reading from a ``savefile'', pcap_breakloop(3PCAP) is called, or an error occurs. It does not return when live packet buffer timeouts occur. A value of -1 or 0 for cnt is equivalent to infinity, so that packets are processed until another ending condition occurs.

      Note that, when doing a live capture on some platforms, if the read timeout expires when there are no packets available, pcap_dispatch() will return 0, even when not in non-blocking mode, as there are no packets to process. Applications should be prepared for this to happen, but must not rely on it happening.

      callback specifies a pcap_handler routine to be called with three arguments: a u_char pointer which is passed in the user argument to pcap_loop() or pcap_dispatch(), a const struct pcap_pkthdr pointer pointing to the packet time stamp and lengths, and a const u_char pointer to the first caplen (as given in the struct pcap_pkthdr a pointer to which is passed to the callback routine) bytes of data from the packet. The struct pcap_pkthdr and the packet data are not to be freed by the callback routine, and are not guaranteed to be valid after the callback routine returns; if the full needs them to be valid after the callback, it must make a copy of them.

      The bytes of data from the packet begin with a link-layer header. The format of the link-layer header is indicated by the return value of the pcap_datalink(3PCAP) routine when handed the pcap_t value also passed to pcap_loop() or pcap_dispatch(). https://www.tcpdump.org/linktypes.html lists the values pcap_datalink() can return and describes the packet formats that correspond to those values. The value it returns will be valid for all packets received unless and until pcap_set_datalink(3PCAP) is called; after a successful call to pcap_set_datalink(), all subsequent packets will have a link-layer header of the type specified by the link-layer header type value passed to pcap_set_datalink().

      Do NOT assume that the packets for a given capture or ``savefile`` will have any given link-layer header type, such as DLT_EN10MB for Ethernet. For example, the "any" device on Linux will have a link-layer header type of DLT_LINUX_SLL or DLT_LINUX_SLL2 even if all devices on the system at the time the "any" device is opened have some other data link type, such as DLT_EN10MB for Ethernet.

      Type Parameters:
      U - the generic type
      Parameters:
      count - A value of -1 or 0 for count is equivalent to infinity, so that packets are processed until another ending condition occurs
      handler - array handler which will receive packets
      user - the user
      Returns:
      returns 0 if count is exhausted or if, when reading from a ``savefile'', no more packets are available. It returns PCAP_ERROR_BREAK if the loop terminated due to a call to pcap_breakloop() before any packets were processed
      Since:
      libpcap 0.4

    • dispatch

      public int dispatch(PcapProHandler.OfPacketConsumer packetConsumer)
      Dispatch which uses a simple packet consumer.
      Parameters:
      packetConsumer - the packet consumer
      Returns:
      returns 0 if count is exhausted or if, when reading from a ``savefile'', no more packets are available. It returns PCAP_ERROR_BREAK if the loop terminated due to a call to pcap_breakloop() before any packets were processed

    • enableIpf

      public <T extends PcapProConfigurator.PostRxProcessor> NetPcap enableIpf(boolean b)
      Install factory.
      Type Parameters:
      T - the generic type
      Parameters:
      b - the b
      Returns:
      the t

    • enableIpfIf

      public <T extends PcapProConfigurator.PostRxProcessor> NetPcap enableIpfIf(BooleanSupplier b)
      Enable ipf if.
      Type Parameters:
      T - the generic type
      Parameters:
      b - the b
      Returns:
      the pcap pro

    • enablePacketFormatter

      public NetPcap enablePacketFormatter(boolean b)
      Enable "pretty print" packet formatter.
      Parameters:
      b - if true enable formatting, otherwise disable formatting and default to builtin "terse" packet format
      Returns:
      this pcap pro instance

    • getContext

      public NetPcap.PcapProContext getContext()
      Gets the context.
      Returns:
      the context

    • getDroppedCaplenCount

      public long getDroppedCaplenCount()
      Gets the dropped caplen count.
      Specified by:
      getDroppedCaplenCount in interface CaptureStatistics
      Returns:
      the dropped caplen count
      See Also:

    • getDroppedPacketCount

      public long getDroppedPacketCount()
      Gets the dropped packet count.
      Specified by:
      getDroppedPacketCount in interface CaptureStatistics
      Returns:
      the dropped packet count
      See Also:

    • getDroppedWirelenCount

      public long getDroppedWirelenCount()
      Gets the dropped wirelen count.
      Specified by:
      getDroppedWirelenCount in interface CaptureStatistics
      Returns:
      the dropped wirelen count
      See Also:

    • getPcapType

      public PcapType getPcapType()
      Gets the pcap type.
      Returns:
      the pcapType

    • getReceivedCaplenCount

      public long getReceivedCaplenCount()
      Gets the received caplen count.
      Specified by:
      getReceivedCaplenCount in interface CaptureStatistics
      Returns:
      the received caplen count
      See Also:

    • getReceivedPacketCount

      public long getReceivedPacketCount()
      Gets the received packet count.
      Specified by:
      getReceivedPacketCount in interface CaptureStatistics
      Returns:
      the received packet count
      See Also:

    • getReceivedWirelenCount

      public long getReceivedWirelenCount()
      Gets the received wirelen count.
      Specified by:
      getReceivedWirelenCount in interface CaptureStatistics
      Returns:
      the received wirelen count
      See Also:

    • getUncaughtException

      public Optional<Throwable> getUncaughtException()
      Gets any uncaught exceptions.
      Returns:
      the uncaught exception

    • installPost

      public <T extends PcapProConfigurator.PostRxProcessor> T installPost(PcapProConfigurator.PostRxProcessorFactory<T> postProcessorSupplier)
      Install factory.
      Type Parameters:
      T - the generic type
      Parameters:
      postProcessorSupplier - the post processor supplier
      Returns:
      the t

    • installPre

      public <T extends PcapProConfigurator.PreRxProcessor> T installPre(PcapProConfigurator.PreRxProcessorFactory<T> preProcessorSupplier)
      Install factory.
      Type Parameters:
      T - the generic type
      Parameters:
      preProcessorSupplier - the pre processor supplier
      Returns:
      the t

    • install

      public <T extends PcapProConfigurator.PostRxProcessor> T install(T postProcessor)
      Install.
      Type Parameters:
      T - the generic type
      Parameters:
      postProcessor - the post processor
      Returns:
      the t

    • install

      public <T extends PcapProConfigurator.PreRxProcessor> T install(T preProcessor)
      Install.
      Type Parameters:
      T - the generic type
      Parameters:
      preProcessor - the pre processor
      Returns:
      the t

    • loop

      public int loop(int count, PcapProHandler.OfPacketConsumer packetConsumer)
      Process packets from a live capture or savefile.
      Parameters:
      count - A value of -1 or 0 for count is equivalent to infinity, so that packets are processed until another ending condition occurs
      packetConsumer - the packet consumer
      Returns:
      returns 0 if count is exhausted or if, when reading from a ``savefile'', no more packets are available. It returns PCAP_ERROR_BREAK if the loop terminated due to a call to pcap_breakloop() before any packets were processed

    • loop

      public <U> int loop(int count, PcapProHandler.OfPacket<U> handler, U user)
      Process packets from a live capture or savefile.

      pcap_loop() processes packets from a live capture or ``savefile'' until cnt packets are processed, the end of the ``savefile'' is reached when reading from a ``savefile'', pcap_breakloop(3PCAP) is called, or an error occurs. It does not return when live packet buffer timeouts occur. A value of -1 or 0 for cnt is equivalent to infinity, so that packets are processed until another ending condition occurs.

      Note that, when doing a live capture on some platforms, if the read timeout expires when there are no packets available, pcap_dispatch() will return 0, even when not in non-blocking mode, as there are no packets to process. Applications should be prepared for this to happen, but must not rely on it happening.

      callback specifies a pcap_handler routine to be called with three arguments: a u_char pointer which is passed in the user argument to pcap_loop() or pcap_dispatch(), a const struct pcap_pkthdr pointer pointing to the packet time stamp and lengths, and a const u_char pointer to the first caplen (as given in the struct pcap_pkthdr a pointer to which is passed to the callback routine) bytes of data from the packet. The struct pcap_pkthdr and the packet data are not to be freed by the callback routine, and are not guaranteed to be valid after the callback routine returns; if the full needs them to be valid after the callback, it must make a copy of them.

      The bytes of data from the packet begin with a link-layer header. The format of the link-layer header is indicated by the return value of the pcap_datalink(3PCAP) routine when handed the pcap_t value also passed to pcap_loop() or pcap_dispatch(). https://www.tcpdump.org/linktypes.html lists the values pcap_datalink() can return and describes the packet formats that correspond to those values. The value it returns will be valid for all packets received unless and until pcap_set_datalink(3PCAP) is called; after a successful call to pcap_set_datalink(), all subsequent packets will have a link-layer header of the type specified by the link-layer header type value passed to pcap_set_datalink().

      Do NOT assume that the packets for a given capture or ``savefile`` will have any given link-layer header type, such as DLT_EN10MB for Ethernet. For example, the "any" device on Linux will have a link-layer header type of DLT_LINUX_SLL or DLT_LINUX_SLL2 even if all devices on the system at the time the "any" device is opened have some other data link type, such as DLT_EN10MB for Ethernet.

      Type Parameters:
      U - the generic type
      Parameters:
      count - A value of -1 or 0 for count is equivalent to infinity, so that packets are processed until another ending condition occurs
      handler - array handler which will receive packets
      user - the user
      Returns:
      returns 0 if count is exhausted or if, when reading from a ``savefile'', no more packets are available. It returns PCAP_ERROR_BREAK if the loop terminated due to a call to pcap_breakloop() before any packets were processed
      Since:
      libpcap 0.4

    • loop

      public int loop(PcapProHandler.OfPacketConsumer packetConsumer)
      Process packets from a live capture or savefile.
      Parameters:
      packetConsumer - the packet consumer
      Returns:
      returns 0 if count is exhausted or if, when reading from a ``savefile'', no more packets are available. It returns PCAP_ERROR_BREAK if the loop terminated due to a call to pcap_breakloop() before any packets were processed

    • next

      public org.jnetpcap.util.PcapPacketRefPREVIEW next() throws org.jnetpcap.PcapException
      Next.
      Overrides:
      next in class org.jnetpcap.Pcap0_4
      Returns:
      the pcap packet ref
      Throws:
      org.jnetpcap.PcapException - the pcap exception
      See Also:
      • Pcap0_4.next()

    • nextEx

      public org.jnetpcap.util.PcapPacketRefPREVIEW nextEx() throws org.jnetpcap.PcapException, TimeoutException
      Next ex.
      Overrides:
      nextEx in class org.jnetpcap.Pcap0_8
      Returns:
      the pcap packet ref
      Throws:
      org.jnetpcap.PcapException - the pcap exception
      TimeoutException - the timeout exception
      See Also:
      • Pcap0_8.nextEx()

    • nextExPacket

      public com.slytechs.jnet.protocol.Packet nextExPacket() throws org.jnetpcap.PcapException, TimeoutException
      Read the next packet from a pcap handle.

      reads the next packet and returns a success/failure indication. If the packet was read without problems, the pointer pointed to by the pktHeader argument is set to point to the pcap_pkthdr struct for the packet, and the pointer pointed to by the pktData argument is set to point to the data in the packet. The struct pcap_pkthdr and the packet data are not to be freed by the caller, and are not guaranteed to be valid after the next call to nextEx(), next(), loop(int, com.slytechs.jnet.jnetpcap.PcapProHandler.OfPacketConsumer), or dispatch(int, com.slytechs.jnet.jnetpcap.PcapProHandler.OfPacketConsumer); if the full needs them to remain valid, it must make a copy of them. *

      The bytes of data from the packet begin with a link-layer header. The format of the link-layer header is indicated by the return value of the datalink routine when handed the pcap_t value also passed to loop or dispatch. https://www.tcpdump.org/linktypes.html lists the values datalink can return and describes the packet formats that correspond to those values. The value it returns will be valid for all packets received unless and until setDatalink is called; after a successful call to setDatalink, all subsequent packets will have a link-layer header of the type specified by the link-layer header type value passed to setDatalink.

      Do NOT assume that the packets for a given capture or ``savefile`` will have any given link-layer header type, such as DLT_EN10MB for Ethernet. For example, the "any" device on Linux will have a link-layer header type of DLT_LINUX_SLL or DLT_LINUX_SLL2 even if all devices on the system at the time the "any" device is opened have some other data link type, such as DLT_EN10MB for Ethernet.

      Returns:
      a native pcap packet reference or null if packets are being read from a ``savefile'' and there are no more packets to read from the savefile.
      Throws:
      org.jnetpcap.PcapException - any pcap errors such as not activated, etc.
      TimeoutException - if packets are being read from a live capture and the packet buffer timeout expired
      Since:
      Pcap 0.8

    • nextPacket

      public com.slytechs.jnet.protocol.Packet nextPacket() throws org.jnetpcap.PcapException
      read the next packet from a handle.

      reads the next packet (by calling dispatch with a cnt of 1) and returns a u_char pointer to the data in that packet. The packet data is not to be freed by the caller, and is not guaranteed to be valid after the next call to nextEx, next, loop, or dispatch; if the full needs it to remain valid, it must make a copy of it. The pcap_pkthdr structure pointed to by h is filled in with the appropriate values for the packet.

      The bytes of data from the packet begin with a link-layer header. The format of the link-layer header is indicated by the return value of the datalink routine when handed the pcap_t value also passed to loop or dispatch. https://www.tcpdump.org/linktypes.html lists the values datalink can return and describes the packet formats that correspond to those values. The value it returns will be valid for all packets received unless and until setDatalink is called; after a successful call to setDatalink, all subsequent packets will have a link-layer header of the type specified by the link-layer header type value passed to setDatalink.

      Do NOT assume that the packets for a given capture or ``savefile`` will have any given link-layer header type, such as DLT_EN10MB for Ethernet. For example, the "any" device on Linux will have a link-layer header type of DLT_LINUX_SLL or DLT_LINUX_SLL2 even if all devices on the system at the time the "any" device is opened have some other data link type, such as DLT_EN10MB for Ethernet.

      Returns:
      a pointer to the packet data on success, and returns NULL if no packets were read from a live capture (if, for example, they were discarded because they didn't pass the packet filter, or if, on platforms that support a packet buffer timeout that starts before any packets arrive, the timeout expires before any packets arrive, or if the file descriptor for the capture device is in non-blocking mode and no packets were available to be read), or if no more packets are available in a ``savefile.'' Unfortunately, there is no way to determine whether an error occurred or not.
      Throws:
      org.jnetpcap.PcapException - Unfortunately, there is no way to determine whether an error occurred or not so exception may be due to no packets being captured and not an actual error.
      Since:
      libpcap 0.4

    • onClose

      public com.slytechs.jnet.protocol.Registration onClose(Runnable closeAction)
      On close.
      Parameters:
      closeAction - the close action
      Returns:
      the registration

    • setDescriptorType

      public NetPcap setDescriptorType(com.slytechs.jnet.protocol.core.constants.PacketDescriptorType type)
      Sets the descriptor type.
      Parameters:
      type - the type
      Returns:
      the pcap pro

    • setFrameNumber

      public NetPcap setFrameNumber(com.slytechs.jnet.protocol.Frame.FrameNumber frameNumberAssigner)
      Sets the frame number.
      Parameters:
      frameNumberAssigner - the frame number assigner
      Returns:
      the pcap pro

    • setFrameStartingNumber

      public NetPcap setFrameStartingNumber(long startingNo)
      Sets the frame starting number.
      Parameters:
      startingNo - the starting no
      Returns:
      the pcap pro

    • setPacketFormatter

      public NetPcap setPacketFormatter(com.slytechs.jnet.protocol.meta.PacketFormat formatter)
      Sets the packet formatter.
      Parameters:
      formatter - the formatter
      Returns:
      the pcap pro

    • setPortNumber

      public NetPcap setPortNumber(int portNo)
      Sets the port number.
      Parameters:
      portNo - the port no
      Returns:
      the pcap pro

    • setTimestampUnit

      public NetPcap setTimestampUnit(com.slytechs.jnet.jnetruntime.time.TimestampUnit unit)
      Sets the timestamp unit which specifies the timestamp used by this pcap handle.
      Parameters:
      unit - the new timestamp unit
      Returns:
      this pcap

    • setUncaughtExceptionHandler

      public final NetPcap setUncaughtExceptionHandler(Consumer<? super Throwable> exceptionHandler)
      Sets the uncaught exception handler.
      Overrides:
      setUncaughtExceptionHandler in class org.jnetpcap.Pcap
      Parameters:
      exceptionHandler - the exception handler
      Returns:
      the pcap

    • setUncaughtExceptionHandler

      public final NetPcap setUncaughtExceptionHandler(Thread.UncaughtExceptionHandler exceptionHandler)
      Sets the uncaught exception handler.
      Overrides:
      setUncaughtExceptionHandler in class org.jnetpcap.Pcap0_4
      Parameters:
      exceptionHandler - the exception handler
      Returns:
      the pcap pro
      See Also:
      • Pcap.setUncaughtExceptionHandler(java.lang.Thread.UncaughtExceptionHandler)

    • uninstall

      public <T extends PcapProConfigurator<?>> NetPcap uninstall(Class<T> processorClass)
      Uninstall a specific processor (either pre or post) by its type.
      Type Parameters:
      T - the generic type
      Parameters:
      processorClass - the processor class
      Returns:
      this pcap pro handle

    • uninstall

      public <T extends PcapProConfigurator<T>> NetPcap uninstall(PcapProConfigurator<T> processor)
      Uninstall a specific processor instance (either pre or post), if installed.
      Type Parameters:
      T - the generic type
      Parameters:
      processor - the processor instance
      Returns:
      this pcap pro handle

    • uninstAll

      public NetPcap uninstAll(boolean preProcessors, boolean postProcessors)
      Uninstall selectively all pre or post packet processors. The processors are removed from the install queues and will not be installed at the time of activation.
      Parameters:
      preProcessors - the pre processors
      postProcessors - the post processors
      Returns:
      the pcap pro

    • uninstallAll

      public NetPcap uninstallAll()
      Uninstall all pre and post packet processors. The processors are removed from the installation queues and will not be installed at the time of activation.
      Returns:
      reference to this pcap handle

    • setBufferSize

      public NetPcap setBufferSize(long size, com.slytechs.jnet.jnetruntime.util.MemoryUnit unit) throws org.jnetpcap.PcapException
      Sets the buffer size for a not-yet- activated capture handle.

      sets the buffer size that will be used on a capture handle when the handle is activated to buffer_size, which is in units of bytes

      Parameters:
      size - the size of the buffer in specified units
      unit - memory units
      Returns:
      this pcap handle
      Throws:
      org.jnetpcap.PcapException - the pcap exception
      Since:
      libpcap 1.0, jNetPcap Pro 1.0