PcapPlusPlus  21.11
pcpp::PcapRemoteDevice Class Reference

#include <PcapRemoteDevice.h>

Inheritance diagram for pcpp::PcapRemoteDevice:
pcpp::PcapLiveDevice pcpp::IPcapDevice pcpp::IDevice pcpp::IFilterableDevice

Public Member Functions

IPAddress getRemoteMachineIpAddress () const
uint16_t getRemoteMachinePort () const
virtual LiveDeviceType getDeviceType () const
virtual uint32_t getMtu () const
virtual MacAddress getMacAddress () const
virtual bool open ()
virtual void getStatistics (IPcapDevice::PcapStats &stats) const
- Public Member Functions inherited from pcpp::PcapLiveDevice
virtual ~PcapLiveDevice ()
std::string getName () const
std::string getDesc () const
bool getLoopback () const
virtual LinkLayerType getLinkType () const
const std::vector< pcap_addr_t > & getAddresses () const
IPv4Address getIPv4Address () const
IPv4Address getDefaultGateway () const
const std::vector< IPv4Address > & getDnsServers () const
virtual bool startCapture (OnPacketArrivesCallback onPacketArrives, void *onPacketArrivesUserCookie)
virtual bool startCapture (OnPacketArrivesCallback onPacketArrives, void *onPacketArrivesUserCookie, int intervalInSecondsToUpdateStats, OnStatsUpdateCallback onStatsUpdate, void *onStatsUpdateUserCookie)
virtual bool startCapture (int intervalInSecondsToUpdateStats, OnStatsUpdateCallback onStatsUpdate, void *onStatsUpdateUserCookie)
virtual bool startCapture (RawPacketVector &capturedPacketsVector)
virtual int startCaptureBlockingMode (OnPacketArrivesStopBlocking onPacketArrives, void *userCookie, int timeout)
void stopCapture ()
bool captureActive ()
bool doMtuCheck (int packetPayloadLength)
bool sendPacket (RawPacket const &rawPacket, bool checkMtu=false)
bool sendPacket (const uint8_t *packetData, int packetDataLength, int packetPayloadLength)
bool sendPacket (const uint8_t *packetData, int packetDataLength, bool checkMtu=false, pcpp::LinkLayerType linkType=pcpp::LINKTYPE_ETHERNET)
bool sendPacket (Packet *packet, bool checkMtu=true)
virtual int sendPackets (RawPacket *rawPacketsArr, int arrLength, bool checkMtu=false)
virtual int sendPackets (Packet **packetsArr, int arrLength, bool checkMtu=true)
virtual int sendPackets (const RawPacketVector &rawPackets, bool checkMtu=false)
bool open (const DeviceConfiguration &config)
void close ()
- Public Member Functions inherited from pcpp::IPcapDevice
virtual bool setFilter (std::string filterAsString)
bool clearFilter ()
- Public Member Functions inherited from pcpp::IDevice
bool isOpened ()
- Public Member Functions inherited from pcpp::IFilterableDevice
virtual bool setFilter (GeneralFilter &filter)

Additional Inherited Members

- Public Types inherited from pcpp::PcapLiveDevice
enum  LiveDeviceType { LibPcapDevice, WinPcapDevice, RemoteDevice }
enum  DeviceMode { Normal = 0, Promiscuous = 1 }
enum  PcapDirection { PCPP_INOUT = 0, PCPP_IN, PCPP_OUT }
- Static Public Member Functions inherited from pcpp::IPcapDevice
static std::string getPcapLibVersionInfo ()
static bool verifyFilter (std::string filterAsString)
static bool matchPacketWithFilter (std::string filterAsString, RawPacket *rawPacket)
static bool matchPacketWithFilter (GeneralFilter &filter, RawPacket *rawPacket)

Detailed Description

A class that provides a C++ wrapper for WinPcap/Npcap Remote Capture feature. This feature allows to interact to a remote machine and capture packets that are being transmitted on the remote network interfaces. This requires a remote daemon (called rpcapd) which performs the capture and sends data back and the local client (represented by PcapRemoteDevice) that sends the appropriate commands and receives the captured data. You can read more about this feature in WinPcap Remote Capture manual: https://www.winpcap.org/docs/docs_412/html/group__remote.html
Since this feature is supported in WinPcap and Npcap only and not in libpcap, PcapRemoteDevice can only be used in Windows only.
This class provides a wrapper for the local client, meaning it assumes the daemon (rpcapd) is already running on the remote machine and it tries to connect to it and start receiving/sending packets from/to it. This class assumes rpcapd is in passive mode, meaning PcapRemoteDevice connects to the remote daemon, sends the appropriate commands to it, and starts capturing packets, rather than letting the daemon connect to the client by itself. Using PcapRemoteDevice is very similar to using the other live devices (PcapLiveDevice or WinPcapLiveDevice), meaning the API's are the same and the same logic is used (for example: capturing is done on a different thread, sending packets are done on the same thread, etc.). For the full API and explanations, please refer to PcapLiveDevice. The reason for the similar API is that WinPcap/Npcap's API is very similar between Remote Capture and local network interface capture. The things that are different are some are some implementation details, mainly in making the connection to the remote daemon, and the way the user can get the instance of PcapRemoteDevice. For more details on that please refer to PcapRemoteDeviceList

Member Function Documentation

◆ getDeviceType()

virtual LiveDeviceType pcpp::PcapRemoteDevice::getDeviceType ( ) const
The type of the device (libPcap, WinPcap/Npcap or a remote device)

Reimplemented from pcpp::PcapLiveDevice.

◆ getMacAddress()

virtual MacAddress pcpp::PcapRemoteDevice::getMacAddress ( ) const

MAC address isn't supported for remote devices


Reimplemented from pcpp::PcapLiveDevice.

◆ getMtu()

virtual uint32_t pcpp::PcapRemoteDevice::getMtu ( ) const

MTU isn't supported for remote devices


Reimplemented from pcpp::PcapLiveDevice.

◆ getRemoteMachineIpAddress()

IPAddress pcpp::PcapRemoteDevice::getRemoteMachineIpAddress ( ) const
The IP address of the remote machine where packets are transmitted from the remote machine to the client machine

◆ getRemoteMachinePort()

uint16_t pcpp::PcapRemoteDevice::getRemoteMachinePort ( ) const
The port of the remote machine where packets are transmitted from the remote machine to the client machine

◆ getStatistics()

virtual void pcpp::PcapRemoteDevice::getStatistics ( IPcapDevice::PcapStats stats) const

Get statistics from the device

[out]statsAn object containing the stats
No return value

Reimplemented from pcpp::PcapLiveDevice.

◆ open()

virtual bool pcpp::PcapRemoteDevice::open ( )

Open the device using pcap_open. Opening the device makes the connection to the remote daemon (including authentication if needed and provided). If this methods succeeds it means the connection to the remote daemon succeeded and the device is ready for use. As in PcapLiveDevice, packet capturing won't start yet. For packet capturing the user should call startCapture(). This implies that calling this method is a must before calling startCapture() (otherwise startCapture() will fail with a "device not open" error). The remote deamon is asked to capture packets in promiscuous mode

True if the device was opened successfully, false otherwise. When opening the device fails an error will be printed to log as well, including the WinPcap/Npcap error if exists

Reimplemented from pcpp::PcapLiveDevice.