Module org.jnetpcap
Package org.jnetpcap

Class Pcap.Linux

All Implemented Interfaces:
AutoCloseable
Enclosing class:
Pcap

public static final class Pcap.Linux extends Pcap.Unix
Linux only/specific calls.
  • Method Details

    • create

      public static Pcap.Linux create(String device) throws PcapException
      Create a live capture handle. create is used to create a packet capture handle to look at packets on the network. source is a string that specifies the network device to open; on Linux systems with 2.2 or later kernels, a source argument of "any" or NULL can be used to capture packets from all interfaces. The returned handle must be activated with pcap_activate() before pack' ets can be captured with it; options for the capture, such as promiscu' ous mode, can be set on the handle before activating it.
      Parameters:
      device - a string that specifies the network device to open; on Linux systems with 2.2 or later kernels, a source argument of "any" or NULL can be used to capture packets from all interfaces.
      Returns:
      a new pcap object that needs to be activated using Pcap1_0.activate() call
      Throws:
      PcapException - the pcap exception
      Since:
      libpcap 1.0
    • isSupported

      public static boolean isSupported()
      Checks if the Pcap subclass at a specific libpcap API version is natively supported. This is a safe method to use anytime on any platform, weather native library is present or not.

      For example, Pcap1_0.isSupported() will accurately ascertain if libpcap API version 1.0 level calls are supported by the system runtime. Also a call such as WinPcap.isSupported() will determine if WinPcap related calls, ie. native WinPcap 4.1.3 or less, are supported and by extension if this is a Microsoft Windows platform.

      Due to libpcap API versioning, it is safe to assume that if Pcap1_10.isSupported() returns true, that at least libpcap API version 1.0 is installed on this platform, and that all lower version calls such as libpcap 0.8 and 0.9 are available as well. The subclass hierarchy of jNetPcap module reflects the versioning of libpcap and its derivatives and the public releases of the native libraries. For example Npcap class extends WinPcap class because Npcap project took over the support for WinPcap where it left off.

      Implementation notes: The check is performed by verifying that certain, subclass specific native symbols were linked with Pcap full which was introduced at a specific libpcap or related API levels.

      Returns:
      true, if pcap is supported up to this specific version level, otherwise false
      See Also:
    • openDead

      public static Pcap.Linux openDead(PcapDlt linktype, int snaplen) throws PcapException
      Open a fake pcap_t for compiling filters or opening a capture for output.

      openDead(org.jnetpcap.constant.PcapDlt, int) and pcap_open_dead_with_tstamp_precision() are used for creating a pcap_t structure to use when calling the other functions in libpcap. It is typically used when just using libpcap for compiling BPF full; it can also be used if using pcap_dump_open(3PCAP), pcap_dump(3PCAP), and pcap_dump_close(3PCAP) to write a savefile if there is no pcap_t that supplies the packets to be written.

      When pcap_open_dead_with_tstamp_precision(), is used to create a pcap_t for use with pcap_dump_open(), precision specifies the time stamp precision for packets; PCAP_TSTAMP_PRECISION_MICRO should be specified if the packets to be written have time stamps in seconds and microseconds, and PCAP_TSTAMP_PRECISION_NANO should be specified if the packets to be written have time stamps in seconds and nanoseconds. Its value does not affect pcap_compile(3PCAP).

      Parameters:
      linktype - specifies the link-layer type for the pcap handle
      snaplen - specifies the snapshot length for the pcap handle
      Returns:
      A dead pcap handle
      Throws:
      PcapException - any errors
      Since:
      libpcap 0.6
    • openDeadWithTstampPrecision

      public static Pcap.Linux openDeadWithTstampPrecision(PcapDlt linktype, int snaplen, PcapTStampPrecision precision) throws PcapException
      Open a fake pcap_t for compiling filters or opening a capture for output.

      openDead(PcapDlt, int) and openDeadWithTstampPrecision(PcapDlt, int, PcapTStampPrecision) are used for creating a pcap_t structure to use when calling the other functions in libpcap. It is typically used when just using libpcap for compiling BPF full; it can also be used if using #dumpOpen(String), PcapDumper.dump(MemorySegment, MemorySegment)PREVIEW, and PcapDumper.close() to write a savefile if there is no pcap_t that supplies the packets to be written.

      When openDeadWithTstampPrecision(PcapDlt, int, PcapTStampPrecision), is used to create a Pcap handle for use with Pcap0_4.dumpOpen(String), precision specifies the time stamp precision for packets; PCAP_TSTAMP_PRECISION_MICRO should be specified if the packets to be written have time stamps in seconds and microseconds, and PCAP_TSTAMP_PRECISION_NANO should be specified if the packets to be written have time stamps in seconds and nanoseconds. Its value does not affect pcap_compile(3PCAP).

      Parameters:
      linktype - specifies the link-layer type for the pcap handle
      snaplen - specifies the snapshot length for the pcap handle
      precision - the requested timestamp precision
      Returns:
      A dead pcap handle
      Throws:
      PcapException - any errors
      Since:
      libpcap 1.5.1
    • openLive

      public static Pcap.Linux openLive(String device, int snaplen, boolean promisc, long timeout, TimeUnit unit) throws PcapException
      Open a device for capturing.

      openLive is used to obtain a packet capture handle to look at packets on the network. device is a string that specifies the network device to open; on Linux systems with 2.2 or later kernels, a device argument of "any" or NULL can be used to capture packets from all interfaces.

      Parameters:
      device - the device name
      snaplen - specifies the snapshot length to be set on the handle
      promisc - specifies whether the interface is to be put into promiscuous mode. If promisc is non-zero, promiscuous mode will be set, otherwise it will not be set
      timeout - the packet buffer timeout, as a non-negative value, in units
      unit - time timeout unit
      Returns:
      the pcap handle
      Throws:
      PcapException - any errors
      Since:
      libpcap 0.4
    • openOffline

      public static Pcap.Linux openOffline(String fname) throws PcapException
      Open a saved capture file for reading.

      pcap_open_offline() and pcap_open_offline_with_tstamp_precision() are called to open a ``savefile'' for reading.

      Parameters:
      fname - specifies the name of the file to open. The file can have the pcap file format as described in pcap-savefile(5), which is the file format used by, among other programs, tcpdump(1) and tcpslice(1), or can have the pcapng file format, although not all pcapng files can be read
      Returns:
      the pcap handle
      Throws:
      PcapException - any errors
      Since:
      libpcap 0.4
    • setProtocolLinux

      public int setProtocolLinux(int protocol) throws PcapException
      Set capture protocol for a not-yet-activated capture handle.

      On network interface devices on Linux, pcap_set_protocol_linux() sets the protocol to be used in the socket(2) call to create a capture socket when the handle is activated. The argument is a link-layer protocol value, such as the values in the <linux/if_ether.h> header file, specified in host byte order. If protocol is non-zero, packets of that protocol will be captured when the handle is activated, otherwise, all packets will be captured. This function is only provided on Linux, and, if it is used on any device other than a network interface, it will have no effect. It should not be used in portable full; instead, a filter should be specified with pcap_setfilter(3PCAP).

      If a given network interface provides a standard link-layer header, with a standard packet type, but provides some packet types with a different socket-layer protocol type from the one in the link-layer header, that packet type cannot be filtered with a filter specified with pcap_setfilter() but can be filtered by specifying the socket-layer protocol type using pcap_set_protocol_linux().

      Parameters:
      protocol - the protocol
      Returns:
      the int
      Throws:
      PcapException - the pcap exception
      Since:
      libpcap 0.9 (Linux only)