PcapPlusPlus  24.09
pcpp::PcapRemoteDevice Class Reference

#include <PcapRemoteDevice.h>

Inheritance diagram for pcpp::PcapRemoteDevice:
pcpp::PcapLiveDevice pcpp::IPcapDevice pcpp::IDevice pcpp::IFilterableDevice

Public Member Functions

IPAddress getRemoteMachineIpAddress () const
 
uint16_t getRemoteMachinePort () const
 
LiveDeviceType getDeviceType () const override
 
uint32_t getMtu () const override
 
MacAddress getMacAddress () const override
 
bool open () override
 
void getStatistics (IPcapDevice::PcapStats &stats) const override
 
- Public Member Functions inherited from pcpp::PcapLiveDevice
 ~PcapLiveDevice () override
 
std::string getName () const
 
std::string getDesc () const
 
bool getLoopback () const
 
virtual LinkLayerType getLinkType () const
 
const std::vector< pcap_addr_t > & getAddresses () const
 
std::vector< IPAddressgetIPAddresses () const
 
IPv4Address getIPv4Address () const
 
IPv6Address getIPv6Address () const
 
IPv4Address getDefaultGateway () const
 
const std::vector< IPv4Address > & getDnsServers () const
 
virtual bool startCapture (OnPacketArrivesCallback onPacketArrives, void *onPacketArrivesUserCookie)
 
virtual bool startCapture (OnPacketArrivesCallback onPacketArrives, void *onPacketArrivesUserCookie, int intervalInSecondsToUpdateStats, OnStatsUpdateCallback onStatsUpdate, void *onStatsUpdateUserCookie)
 
virtual bool startCapture (int intervalInSecondsToUpdateStats, OnStatsUpdateCallback onStatsUpdate, void *onStatsUpdateUserCookie)
 
virtual bool startCapture (RawPacketVector &capturedPacketsVector)
 
virtual int startCaptureBlockingMode (OnPacketArrivesStopBlocking onPacketArrives, void *userCookie, const double timeout)
 
void stopCapture ()
 
bool captureActive ()
 
bool doMtuCheck (int packetPayloadLength) const
 
bool sendPacket (RawPacket const &rawPacket, bool checkMtu=false)
 
bool sendPacket (const uint8_t *packetData, int packetDataLength, int packetPayloadLength)
 
bool sendPacket (const uint8_t *packetData, int packetDataLength, bool checkMtu=false, pcpp::LinkLayerType linkType=pcpp::LINKTYPE_ETHERNET)
 
bool sendPacket (Packet *packet, bool checkMtu=true)
 
virtual int sendPackets (RawPacket *rawPacketsArr, int arrLength, bool checkMtu=false)
 
virtual int sendPackets (Packet **packetsArr, int arrLength, bool checkMtu=true)
 
virtual int sendPackets (const RawPacketVector &rawPackets, bool checkMtu=false)
 
bool open (const DeviceConfiguration &config)
 
void close () override
 
PcapLiveDeviceclone () const
 
- Public Member Functions inherited from pcpp::IPcapDevice
virtual bool setFilter (std::string filterAsString)
 
bool clearFilter ()
 
virtual bool setFilter (GeneralFilter &filter)
 
virtual bool setFilter (std::string filterAsString)=0
 
- Public Member Functions inherited from pcpp::IDevice
bool isOpened ()
 
- Public Member Functions inherited from pcpp::IFilterableDevice
virtual bool setFilter (GeneralFilter &filter)
 

Additional Inherited Members

- Public Types inherited from pcpp::PcapLiveDevice
enum  LiveDeviceType { LibPcapDevice , WinPcapDevice , RemoteDevice }
 
enum  DeviceMode { Normal = 0 , Promiscuous = 1 }
 
enum  PcapDirection { PCPP_INOUT = 0 , PCPP_IN , PCPP_OUT }
 
- Static Public Member Functions inherited from pcpp::IPcapDevice
static std::string getPcapLibVersionInfo ()
 
static bool matchPacketWithFilter (GeneralFilter &filter, RawPacket *rawPacket)
 

Detailed Description

A class that provides a C++ wrapper for WinPcap/Npcap Remote Capture feature. This feature allows to interact to a remote machine and capture packets that are being transmitted on the remote network interfaces. This requires a remote daemon (called rpcapd) which performs the capture and sends data back and the local client (represented by PcapRemoteDevice) that sends the appropriate commands and receives the captured data. You can read more about this feature in WinPcap Remote Capture manual: https://www.winpcap.org/docs/docs_412/html/group__remote.html
Since this feature is supported in WinPcap and Npcap only and not in libpcap, PcapRemoteDevice can only be used in Windows only.
This class provides a wrapper for the local client, meaning it assumes the daemon (rpcapd) is already running on the remote machine and it tries to connect to it and start receiving/sending packets from/to it. This class assumes rpcapd is in passive mode, meaning PcapRemoteDevice connects to the remote daemon, sends the appropriate commands to it, and starts capturing packets, rather than letting the daemon connect to the client by itself. Using PcapRemoteDevice is very similar to using the other live devices (PcapLiveDevice or WinPcapLiveDevice), meaning the API's are the same and the same logic is used (for example: capturing is done on a different thread, sending packets are done on the same thread, etc.). For the full API and explanations, please refer to PcapLiveDevice. The reason for the similar API is that WinPcap/Npcap's API is very similar between Remote Capture and local network interface capture. The things that are different are some are some implementation details, mainly in making the connection to the remote daemon, and the way the user can get the instance of PcapRemoteDevice. For more details on that please refer to PcapRemoteDeviceList

Member Function Documentation

◆ getDeviceType()

LiveDeviceType pcpp::PcapRemoteDevice::getDeviceType ( ) const
inlineoverridevirtual
Returns
The type of the device (libPcap, WinPcap/Npcap or a remote device)

Reimplemented from pcpp::PcapLiveDevice.

◆ getMacAddress()

MacAddress pcpp::PcapRemoteDevice::getMacAddress ( ) const
overridevirtual

MAC address isn't supported for remote devices

Returns
MacAddress::Zero

Reimplemented from pcpp::PcapLiveDevice.

◆ getMtu()

uint32_t pcpp::PcapRemoteDevice::getMtu ( ) const
overridevirtual

MTU isn't supported for remote devices

Returns
0

Reimplemented from pcpp::PcapLiveDevice.

◆ getRemoteMachineIpAddress()

IPAddress pcpp::PcapRemoteDevice::getRemoteMachineIpAddress ( ) const
inline
Returns
The IP address of the remote machine where packets are transmitted from the remote machine to the client machine

◆ getRemoteMachinePort()

uint16_t pcpp::PcapRemoteDevice::getRemoteMachinePort ( ) const
inline
Returns
The port of the remote machine where packets are transmitted from the remote machine to the client machine

◆ getStatistics()

void pcpp::PcapRemoteDevice::getStatistics ( IPcapDevice::PcapStats stats) const
overridevirtual

Get statistics from the device

Parameters
[out]statsAn object containing the stats

Reimplemented from pcpp::PcapLiveDevice.

◆ open()

bool pcpp::PcapRemoteDevice::open ( )
overridevirtual

Open the device using pcap_open. Opening the device makes the connection to the remote daemon (including authentication if needed and provided). If this methods succeeds it means the connection to the remote daemon succeeded and the device is ready for use. As in PcapLiveDevice, packet capturing won't start yet. For packet capturing the user should call startCapture(). This implies that calling this method is a must before calling startCapture() (otherwise startCapture() will fail with a "device not open" error). The remote daemon is asked to capture packets in promiscuous mode

Returns
True if the device was opened successfully, false otherwise. When opening the device fails an error will be printed to log as well, including the WinPcap/Npcap error if exists

Reimplemented from pcpp::PcapLiveDevice.