#include <PcapFileDevice.h>
Public Member Functions | |
| PcapNgFileReaderDevice (const char *fileName) | |
| virtual | ~PcapNgFileReaderDevice () |
| std::string | getOS () |
| std::string | getHardware () |
| std::string | getCaptureApplication () |
| std::string | getCaptureFileComment () |
| bool | getNextPacket (RawPacket &rawPacket, std::string &packetComment) |
| bool | getNextPacket (RawPacket &rawPacket) |
| bool | open () |
| void | getStatistics (pcap_stat &stats) |
| bool | setFilter (std::string filterAsString) |
| void | close () |
 Public Member Functions inherited from pcpp::IFileReaderDevice | |
| virtual | ~IFileReaderDevice () |
| uint64_t | getFileSize () |
| int | getNextPackets (RawPacketVector &packetVec, int numOfPacketsToRead=-1) |
| Public Member Functions inherited from pcpp::IFileDevice | |
| std::string | getFileName () |
| Public Member Functions inherited from pcpp::IPcapDevice | |
| bool | isOpened () |
| bool | setFilter (GeneralFilter &filter) |
| void | clearFilter () |
Additional Inherited Members | |
| Static Public Member Functions inherited from pcpp::IFileReaderDevice | |
| static IFileReaderDevice * | getReader (const char *fileName) |
| Static Public Member Functions inherited from pcpp::IPcapDevice | |
| static bool | verifyFilter (std::string filterAsString) |
| static bool | matchPakcetWithFilter (std::string filterAsString, RawPacket *rawPacket) |
| Protected Member Functions inherited from pcpp::IFileReaderDevice | |
| IFileReaderDevice (const char *fileName) | |
Detailed Description
A class for opening a pcap-ng file in read-only mode. This class enable to open the file and read all packets, packet-by-packet
Constructor & Destructor Documentation
◆ PcapNgFileReaderDevice()
| pcpp::PcapNgFileReaderDevice::PcapNgFileReaderDevice | ( | const char * | fileName | ) |
A constructor for this class that gets the pcap-ng full path file name to open. Notice that after calling this constructor the file isn't opened yet, so reading packets will fail. For opening the file call open()
- Parameters
-
[in] fileName The full path of the file to read
◆ ~PcapNgFileReaderDevice()
|
inlinevirtual |
A destructor for this class
Member Function Documentation
◆ close()
|
virtual |
Close the pacp-ng file
Reimplemented from pcpp::IFileDevice.
◆ getCaptureApplication()
| std::string pcpp::PcapNgFileReaderDevice::getCaptureApplication | ( | ) |
The pcap-ng format allows storing metadata at the header of the file. Part of this metadata is a string specifying the capture application that was used for capturing the packets. This method reads this string from the metadata (if exists) and returns it
- Returns
- The capture application string if exists, or an empty string otherwise
◆ getCaptureFileComment()
| std::string pcpp::PcapNgFileReaderDevice::getCaptureFileComment | ( | ) |
The pcap-ng format allows storing metadata at the header of the file. Part of this metadata is a string containing a user-defined comment (can be any string). This method reads this string from the metadata (if exists) and returns it
- Returns
- The comment written inside the file if exists, or an empty string otherwise
◆ getHardware()
| std::string pcpp::PcapNgFileReaderDevice::getHardware | ( | ) |
The pcap-ng format allows storing metadata at the header of the file. Part of this metadata is a string specifying the hardware that was used for capturing the packets. This method reads this string from the metadata (if exists) and returns it
- Returns
- The hardware string if exists, or an empty string otherwise
◆ getNextPacket() [1/2]
| bool pcpp::PcapNgFileReaderDevice::getNextPacket | ( | RawPacket & | rawPacket, |
| std::string & | packetComment | ||
| ) |
The pcap-ng format allows storing a user-defined comment for every packet (besides the comment per-file). This method reads the next packet and the comment attached to it (if such comment exists), and returns them both
- Parameters
-
[out] rawPacket A reference for an empty RawPacket where the packet will be written [out] packetComment The comment attached to the packet or an empty string if no comment exists
- Returns
- True if a packet was read successfully. False will be returned if the file isn't opened (also, an error log will be printed) or if reached end-of-file
◆ getNextPacket() [2/2]
|
virtual |
Read the next packet from the file. Before using this method please verify the file is opened using open()
- Parameters
-
[out] rawPacket A reference for an empty RawPacket where the packet will be written
- Returns
- True if a packet was read successfully. False will be returned if the file isn't opened (also, an error log will be printed) or if reached end-of-file
Implements pcpp::IFileReaderDevice.
◆ getOS()
| std::string pcpp::PcapNgFileReaderDevice::getOS | ( | ) |
The pcap-ng format allows storing metadata at the header of the file. Part of this metadata is a string specifying the operating system that was used for capturing the packets. This method reads this string from the metadata (if exists) and returns it
- Returns
- The operating system string if exists, or an empty string otherwise
◆ getStatistics()
|
virtual |
Get statistics of packets read so far. In the pcap_stat struct, only ps_recv member is relevant. The rest of the members will contain 0
- Parameters
-
[out] stats The stats struct where stats are returned
Implements pcpp::IPcapDevice.
◆ open()
|
virtual |
Open the file name which path was specified in the constructor in a read-only mode
- Returns
- True if file was opened successfully or if file is already opened. False if opening the file failed for some reason (for example: file path does not exist)
Implements pcpp::IPcapDevice.
◆ setFilter()
|
virtual |
Set a filter for PcapNG reader device. Only packets that match the filter will be received
- Parameters
-
[in] filterAsString The filter to be set in Berkeley Packet Filter (BPF) syntax (http://biot.com/capstats/bpf.html)
- Returns
- True if filter set successfully, false otherwise
Reimplemented from pcpp::IPcapDevice.
