Module org.jnetpcap
Package org.jnetpcap

Class Pcap0_7

java.lang.Object
org.jnetpcap.Pcap
org.jnetpcap.Pcap0_4
org.jnetpcap.Pcap0_5
org.jnetpcap.Pcap0_6
org.jnetpcap.Pcap0_7
All Implemented Interfaces:
AutoCloseable
Direct Known Subclasses:
Pcap0_8
public sealed class Pcap0_7 extends Pcap0_6 permits Pcap0_8
Provides Pcap API method calls for up to libpcap version 0.7
Author:
Sly Technologies Inc, repos@slytechs.com, mark

  • Method Details

    • findAllDevs

      public static List<PcapIf> findAllDevs() throws PcapException
      Constructs a list of network devices that can be opened with pcap_create(3PCAP) and pcap_activate(3PCAP) or with pcap_open_live(3PCAP). (Note that there may be network devices that cannot be opened by the process calling pcap_findalldevs(), because, for example, that process does not have sufficient privileges to open them for capturing; if so, those devices will not appear on the list.) If pcap_findalldevs() succeeds, the pointer pointed to by alldevsp is set to point to the first element of the list, or to NULL if no devices were found (this is considered success).

      Each element of the list is of type pcap_if_t, and has the following members:

      next
      if not NULL, a pointer to the next element in the list; NULL for the last element of the list
      name
      a pointer to a string giving a name for the device to pass to pcap_open_live()
      description
      if not NULL, a pointer to a string giving a human-readable description of the device
      addresses
      a pointer to the first element of a list of network addresses for the device, or NULL if the device has no addresses
      flags
      device flags:
      PCAP_IF_LOOPBACK
      set if the device is a loopback interface
      PCAP_IF_UP
      set if the device is up
      PCAP_IF_RUNNING
      set if the device is running
      PCAP_IF_WIRELESS
      set if the device is a wireless interface; this includes IrDA as well as radio-based networks such as IEEE 802.15.4 and IEEE 802.11, so it doesn't just mean Wi-Fi
      PCAP_IF_CONNECTION_STATUS
      a bitmask for an indication of whether the adapter is connected or not; for wireless interfaces, "connected" means "associated with a network"
      PCAP_IF_CONNECTION_STATUS_UNKNOWN
      it's unknown whether the adapter is connected or not
      PCAP_IF_CONNECTION_STATUS_CONNECTED
      the adapter is connected
      PCAP_IF_CONNECTION_STATUS_DISCONNECTED
      the adapter is disconnected
      PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE
      the notion of "connected" and "disconnected" don't apply to this interface; for example, it doesn't apply to a loopback device

      Each element of the list of addresses is of type pcap_addr_t, and has the following members:

      next
      if not NULL, a pointer to the next element in the list; NULL for the last element of the list
      addr
      a pointer to a struct sockaddr containing an address
      netmask
      if not NULL, a pointer to a struct sockaddr that contains the netmask corresponding to the address pointed to by addr
      broadaddr
      if not NULL, a pointer to a struct sockaddr that contains the broadcast address corresponding to the address pointed to by addr; may be null if the device doesn't support broadcasts
      dstaddr
      if not NULL, a pointer to a struct sockaddr that contains the destination address corresponding to the address pointed to by addr; may be null if the device isn't a point-to-point interface

      Note that the addresses in the list of addresses might be IPv4 addresses, IPv6 addresses, or some other type of addresses, so you must check the sa_family member of the struct sockaddr before interpreting the contents of the address; do not assume that the addresses are all IPv4 addresses, or even all IPv4 or IPv6 addresses. IPv4 addresses have the value AF_INET, IPv6 addresses have the value AF_INET6 (which older operating systems that don't support IPv6 might not define), and other addresses have other values. Whether other addresses are returned, and what types they might have is platform-dependent. For IPv4 addresses, the struct sockaddr pointer can be interpreted as if it pointed to a struct sockaddr_in; for IPv6 addresses, it can be interpreted as if it pointed to a struct sockaddr_in6.

      For example 

      

      	List<PcapIf> list = Pcap.findAllDevs()
      Returns:
      list of network devices
      Throws:
      PcapException - any pcap errors
      Since:
      libpcap 0.7

    • isSupported

      public static boolean isSupported()
      Checks if the Pcap subclass at a specific libpcap API version is natively supported. This is a safe method to use anytime on any platform, weather native library is present or not.

      For example, Pcap1_0.isSupported() will accurately ascertain if libpcap API version 1.0 level calls are supported by the system runtime. Also a call such as WinPcap.isSupported() will determine if WinPcap related calls, ie. native WinPcap 4.1.3 or less, are supported and by extension if this is a Microsoft Windows platform.

      Due to libpcap API versioning, it is safe to assume that if Pcap1_10.isSupported() returns true, that at least libpcap API version 1.0 is installed on this platform, and that all lower version calls such as libpcap 0.8 and 0.9 are available as well. The subclass hierarchy of jNetPcap module reflects the versioning of libpcap and its derivatives and the public releases of the native libraries. For example Npcap class extends WinPcap class because Npcap project took over the support for WinPcap where it left off.

      Implementation notes: The check is performed by verifying that certain, subclass specific native symbols were linked with Pcap full which was introduced at a specific libpcap or related API levels.

      Returns:
      true, if pcap is supported up to this specific version level, otherwise false
      See Also:

    • openDead

      public static Pcap0_7 openDead(PcapDlt linktype, int snaplen) throws PcapException
      Open a fake pcap_t for compiling filters or opening a capture for output.

      openDead(org.jnetpcap.constant.PcapDlt, int) and pcap_open_dead_with_tstamp_precision() are used for creating a pcap_t structure to use when calling the other functions in libpcap. It is typically used when just using libpcap for compiling BPF full; it can also be used if using pcap_dump_open(3PCAP), pcap_dump(3PCAP), and pcap_dump_close(3PCAP) to write a savefile if there is no pcap_t that supplies the packets to be written.

      When pcap_open_dead_with_tstamp_precision(), is used to create a pcap_t for use with pcap_dump_open(), precision specifies the time stamp precision for packets; PCAP_TSTAMP_PRECISION_MICRO should be specified if the packets to be written have time stamps in seconds and microseconds, and PCAP_TSTAMP_PRECISION_NANO should be specified if the packets to be written have time stamps in seconds and nanoseconds. Its value does not affect pcap_compile(3PCAP).

      Parameters:
      linktype - specifies the link-layer type for the pcap handle
      snaplen - specifies the snapshot length for the pcap handle
      Returns:
      A dead pcap handle
      Throws:
      PcapException - any errors
      Since:
      libpcap 0.6

    • openLive

      public static Pcap0_7 openLive(String device, int snaplen, boolean promisc, long timeout, TimeUnit unit) throws PcapException
      Open a device for capturing.

      openLive is used to obtain a packet capture handle to look at packets on the network. device is a string that specifies the network device to open; on Linux systems with 2.2 or later kernels, a device argument of "any" or NULL can be used to capture packets from all interfaces.

      Parameters:
      device - the device name
      snaplen - specifies the snapshot length to be set on the handle
      promisc - specifies whether the interface is to be put into promiscuous mode. If promisc is non-zero, promiscuous mode will be set, otherwise it will not be set
      timeout - the packet buffer timeout, as a non-negative value, in units
      unit - time timeout unit
      Returns:
      the pcap handle
      Throws:
      PcapException - any errors
      Since:
      libpcap 0.4

    • openOffline

      public static Pcap0_7 openOffline(String fname) throws PcapException
      Open a saved capture file for reading.

      pcap_open_offline() and pcap_open_offline_with_tstamp_precision() are called to open a ``savefile'' for reading.

      Parameters:
      fname - specifies the name of the file to open. The file can have the pcap file format as described in pcap-savefile(5), which is the file format used by, among other programs, tcpdump(1) and tcpslice(1), or can have the pcapng file format, although not all pcapng files can be read
      Returns:
      the pcap handle
      Throws:
      PcapException - any errors
      Since:
      libpcap 0.4

    • getNonBlock

      public final boolean getNonBlock() throws PcapException
      Gets the non block.
      Overrides:
      getNonBlock in class Pcap
      Returns:
      the non block
      Throws:
      PcapException - the pcap exception
      See Also:

    • setNonBlock

      public final Pcap0_7 setNonBlock(boolean b) throws PcapException
      Sets the non block.
      Overrides:
      setNonBlock in class Pcap
      Parameters:
      b - the b
      Returns:
      the pcap 0 7
      Throws:
      PcapException - the pcap exception
      See Also: