pcpp::WinPcapLiveDevice Class Reference

#include <WinPcapLiveDevice.h>

Inheritance diagram for pcpp::WinPcapLiveDevice:

Public Member Functions
LiveDeviceType	getDeviceType () const override
bool	setMinAmountOfDataToCopyFromKernelToApplication (int size)
int	getMinAmountOfDataToCopyFromKernelToApplication () const
WinPcapLiveDevice *	clone () const override
virtual int	sendPackets (RawPacket *rawPacketsArr, int arrLength, bool checkMtu=false)
virtual int	sendPackets (Packet **packetsArr, int arrLength, bool checkMtu=true)
virtual int	sendPackets (const RawPacketVector &rawPackets, bool checkMtu=false)
Public Member Functions inherited from pcpp::PcapLiveDevice
	~PcapLiveDevice () override
	A destructor for this class.
std::string	getName () const
std::string	getDesc () const
bool	getLoopback () const
virtual uint32_t	getMtu () const
virtual LinkLayerType	getLinkType () const
std::vector< IPAddress >	getIPAddresses () const
virtual MacAddress	getMacAddress () const
IPv4Address	getIPv4Address () const
IPv6Address	getIPv6Address () const
IPv4Address	getDefaultGateway () const
const std::vector< IPv4Address > &	getDnsServers () const
virtual bool	startCapture (OnPacketArrivesCallback onPacketArrives, void *onPacketArrivesUserCookie)
virtual bool	startCapture (OnPacketArrivesCallback onPacketArrives, void *onPacketArrivesUserCookie, int intervalInSecondsToUpdateStats, OnStatsUpdateCallback onStatsUpdate, void *onStatsUpdateUserCookie)
virtual bool	startCapture (int intervalInSecondsToUpdateStats, OnStatsUpdateCallback onStatsUpdate, void *onStatsUpdateUserCookie)
virtual bool	startCapture (RawPacketVector &capturedPacketsVector)
virtual int	startCaptureBlockingMode (OnPacketArrivesStopBlocking onPacketArrives, void *userCookie, const double timeout)
void	stopCapture ()
bool	captureActive ()
bool	doMtuCheck (int packetPayloadLength) const
bool	sendPacket (Packet *packet, bool checkMtu=true)
bool	sendPacket (Packet const &packet, bool checkMtu=true)
bool	sendPacket (RawPacket const &rawPacket, bool checkMtu=false)
bool	sendPacket (const uint8_t *packetData, int packetDataLength, int packetPayloadLength)
bool	sendPacket (const uint8_t *packetData, int packetDataLength, bool checkMtu=false, pcpp::LinkLayerType linkType=pcpp::LINKTYPE_ETHERNET)
virtual int	sendPackets (RawPacket *rawPacketsArr, int arrLength, bool checkMtu=false)
virtual int	sendPackets (Packet **packetsArr, int arrLength, bool checkMtu=true)
virtual int	sendPackets (const RawPacketVector &rawPackets, bool checkMtu=false)
bool	open () override
bool	open (const DeviceConfiguration &config)
void	close () override
	Close the device.
void	getStatistics (IPcapDevice::PcapStats &stats) const override
Public Member Functions inherited from pcpp::IPcapDevice
bool	setFilter (std::string filterAsString) override
bool	clearFilter () override
virtual bool	setFilter (GeneralFilter &filter)
virtual bool	setFilter (std::string filterAsString)=0
Public Member Functions inherited from pcpp::IDevice
bool	isOpened ()
Public Member Functions inherited from pcpp::IFilterableDevice
virtual bool	setFilter (GeneralFilter &filter)
Public Member Functions inherited from pcpp::IPcapStatisticsProvider
PcapStats	getStatistics () const
	Get statistics from the device. More...

Protected Member Functions
void	prepareCapture (bool asyncCapture, bool captureStats) override
	Called before starting a capture to prepare the device for capturing packets. More...
Protected Member Functions inherited from pcpp::PcapLiveDevice
bool	isPayloadWithinMtu (size_t payloadLength) const
	Checks whether the packetPayloadLength is smaller or equal than the device MTU. More...
bool	isPayloadWithinMtu (Packet const &packet, bool allowUnknownLength=false, size_t *outPayloadLength=nullptr) const
	Checks whether the packet's payload length is smaller or equal than the device MTU. More...
bool	isPayloadWithinMtu (RawPacket const &rawPacket, bool allowUnknownLength=false, size_t *outPayloadLength=nullptr) const
	Checks whether the payload length of a RawPacket is smaller or equal than the device MTU. More...
bool	isPayloadWithinMtu (uint8_t const *packetData, size_t packetLen, LinkLayerType linkType=pcpp::LINKTYPE_ETHERNET, bool allowUnknownLength=false, size_t *outPayloadLength=nullptr) const
	Checks whether the payload length of a packet's raw data is smaller or equal than the device MTU. More...

Additional Inherited Members
Public Types inherited from pcpp::PcapLiveDevice
enum	LiveDeviceType { LibPcapDevice , WinPcapDevice , RemoteDevice }
	The type of the live device. More...
enum	DeviceMode { Normal = 0 , Promiscuous = 1 }
	Device capturing mode. More...
enum	PcapDirection { PCPP_INOUT = 0 , PCPP_IN , PCPP_OUT }
enum class	TimestampProvider {   Host = 0 , HostLowPrecision , HostHighPrecision , Adapter ,   AdapterUnsynced , HostHighPrecisionUnsynced }
enum class	TimestampPrecision { Microseconds = 0 , Nanoseconds }
Static Public Member Functions inherited from pcpp::IPcapDevice
static std::string	getPcapLibVersionInfo ()
static bool	matchPacketWithFilter (GeneralFilter &filter, RawPacket *rawPacket)

Detailed Description

A class that wraps a Windows network interface (each of the interfaces listed in ipconfig). This class is almost similar in its capabilities to PcapLiveDevice (its parent class) with some small changes that mainly result from differences between libpcap and WinPcap/Npcap. Please see the reference for PcapLiveDevice for more details

Member Function Documentation

clone()

WinPcapLiveDevice* pcpp::WinPcapLiveDevice::clone ( ) const

overridevirtual

Clones the current device class

Returns

Pointer to the copied class

Reimplemented from pcpp::PcapLiveDevice.

getDeviceType()

LiveDeviceType pcpp::WinPcapLiveDevice::getDeviceType ( ) const

inlineoverridevirtual

Returns

The type of the device (libPcap, WinPcap/Npcap or a remote device)

Reimplemented from pcpp::PcapLiveDevice.

getMinAmountOfDataToCopyFromKernelToApplication()

int pcpp::WinPcapLiveDevice::getMinAmountOfDataToCopyFromKernelToApplication ( ) const

inline

Returns

The current amount of data in the kernel buffer that causes a read from the application to return (see also setMinAmountOfDataToCopyFromKernelToApplication())

prepareCapture()

void pcpp::WinPcapLiveDevice::prepareCapture ( bool  asyncCapture, bool  captureStats  )

overrideprotectedvirtual

Called before starting a capture to prepare the device for capturing packets.

This method can be overridden by derived classes to perform additional preparations before starting the packet capture.

Parameters

asyncCapture	True if the capture is asynchronous (i.e. packets are captured in a separate thread),
captureStats	True if statistics should be captured during the capture process.

Reimplemented from pcpp::PcapLiveDevice.

sendPackets() [1/3]

virtual int pcpp::PcapLiveDevice::sendPackets

Send a vector of pointers to RawPacket objects to the network

Parameters

[in]	rawPackets	The array of pointers to RawPacket objects to send. This method treats all packets as read-only, it doesn't change anything in them
[in]	checkMtu	Whether to check the size of the packet payload against MTU size. Incurs a parsing overhead. Default value is false to avoid performance overhead. Set to true if you don't know whether packets fit the live device's MTU and you can afford the overhead.

Returns

The number of packets sent successfully. Sending a packet can fail if:

• Device is not opened. In this case no packets will be sent, return value will be 0
• Packet length is 0
• Packet length is larger than device MTU and checkMtu is true
• Packet could not be sent due to some error in libpcap/WinPcap/Npcap

sendPackets() [2/3]

virtual int pcpp::PcapLiveDevice::sendPackets

Send an array of pointers to Packet objects to the network

Parameters

[in]	packetsArr	The array of pointers to Packet objects to send. This method treats all packets as read-only, it doesn't change anything in them
[in]	arrLength	The length of the array
[in]	checkMtu	Whether to check the size of the packet payload against MTU size. Default value is true, since the packets being passed in has already been parsed, so checking the MTU does not incur significant processing overhead.

Returns

The number of packets sent successfully. Sending a packet can fail if:

• Device is not opened. In this case no packets will be sent, return value will be 0
• Packet length is 0
• Packet length is larger than device MTU and checkMtu is true
• Packet could not be sent due to some error in libpcap/WinPcap/Npcap

sendPackets() [3/3]

virtual int pcpp::PcapLiveDevice::sendPackets

Send an array of RawPacket objects to the network

Parameters

[in]	rawPacketsArr	The array of RawPacket objects to send. This method treats all packets as read-only, it doesn't change anything in them
[in]	arrLength	The length of the array
[in]	checkMtu	Whether to check the size of the packet payload against MTU size. Incurs a parsing overhead. Default value is false to avoid performance overhead. Set to true if you don't know whether packets fit the live device's MTU and you can afford the overhead.

Returns

The number of packets sent successfully. Sending a packet can fail if:

• Device is not opened. In this case no packets will be sent, return value will be 0
• Packet length is 0
• Packet length is larger than device MTU and checkMtu is true
• Packet could not be sent due to some error in libpcap/WinPcap/Npcap

setMinAmountOfDataToCopyFromKernelToApplication()

bool pcpp::WinPcapLiveDevice::setMinAmountOfDataToCopyFromKernelToApplication

(

int

size

)

WinPcap/Npcap have a feature (that doesn't exist in libpcap) to change the minimum amount of data in the kernel buffer that causes a read from the application to return (unless the timeout expires). Please see documentation for pcap_setmintocopy for more info. This method enables the user to change this size. Note the device must be open for this method to work

Parameters

[in]

size

The size to set in bytes

Returns

True if set succeeded, false if the device is closed or if pcap_setmintocopy failed