pcpp::PcapRemoteDevice Class Reference

#include <PcapRemoteDevice.h>

Inheritance diagram for pcpp::PcapRemoteDevice:
pcpp::PcapLiveDevice pcpp::IPcapDevice pcpp::IDevice pcpp::IFilterableDevice

Public Member Functions

IPAddressgetRemoteMachineIpAddress ()
uint16_t getRemoteMachinePort ()
virtual LiveDeviceType getDeviceType ()
virtual uint16_t getMtu ()
virtual MacAddress getMacAddress ()
virtual bool open ()
void getStatistics (pcap_stat &stats)
- Public Member Functions inherited from pcpp::PcapLiveDevice
virtual ~PcapLiveDevice ()
const char * getName ()
const char * getDesc ()
bool getLoopback ()
virtual LinkLayerType getLinkType ()
std::vector< pcap_addr_t > & getAddresses ()
IPv4Address getIPv4Address ()
IPv4Address getDefaultGateway ()
std::vector< IPv4Address > & getDnsServers ()
virtual bool startCapture (OnPacketArrivesCallback onPacketArrives, void *onPacketArrivesUserCookie)
virtual bool startCapture (OnPacketArrivesCallback onPacketArrives, void *onPacketArrivesUserCookie, int intervalInSecondsToUpdateStats, OnStatsUpdateCallback onStatsUpdate, void *onStatsUpdateUserCookie)
virtual bool startCapture (int intervalInSecondsToUpdateStats, OnStatsUpdateCallback onStatsUpdate, void *onStatsUpdateUserCookie)
virtual bool startCapture (RawPacketVector &capturedPacketsVector)
virtual int startCaptureBlockingMode (OnPacketArrivesStopBlocking onPacketArrives, void *userCookie, int timeout)
void stopCapture ()
bool sendPacket (RawPacket const &rawPacket)
bool sendPacket (const uint8_t *packetData, int packetDataLength)
bool sendPacket (Packet *packet)
virtual int sendPackets (RawPacket *rawPacketsArr, int arrLength)
virtual int sendPackets (Packet **packetsArr, int arrLength)
virtual int sendPackets (const RawPacketVector &rawPackets)
bool open (const DeviceConfiguration &config)
void close ()
- Public Member Functions inherited from pcpp::IPcapDevice
virtual bool setFilter (std::string filterAsString)
bool clearFilter ()
- Public Member Functions inherited from pcpp::IDevice
bool isOpened ()
- Public Member Functions inherited from pcpp::IFilterableDevice
virtual bool setFilter (GeneralFilter &filter)

Additional Inherited Members

- Public Types inherited from pcpp::PcapLiveDevice
enum  LiveDeviceType { LibPcapDevice, WinPcapDevice, RemoteDevice }
enum  DeviceMode { Normal = 0, Promiscuous = 1 }
- Static Public Member Functions inherited from pcpp::IPcapDevice
static std::string getPcapLibVersionInfo ()
static bool verifyFilter (std::string filterAsString)
static bool matchPacketWithFilter (std::string filterAsString, RawPacket *rawPacket)

Detailed Description

A class that provides a C++ wrapper for WinPcap Remote Capture feature. This feature allows to interact to a remote machine and capture packets that are being transmitted on the remote network interfaces. This requires a remote daemon (called rpcapd) which performs the capture and sends data back and the local client (represented by PcapRemoteDevice) that sends the appropriate commands and receives the captured data. You can read more about this feature in WinPcap Remote Capture manual: https://www.winpcap.org/docs/docs_412/html/group__remote.html
Since this feature is supported in WinPcap only and not in libpcap, PcapRemoteDevice can only be used in Windows only.
This class provides a wrapper for the local client, meaning it assumes the daemon (rpcapd) is already running on the remote machine and it tries to connect to it and start receiving/sending packets from/to it. This class assumes rpcapd is in passive mode, meaning PcapRemoteDevice connects to the remote daemon, sends the appropriate commands to it, and starts capturing packets, rather than letting the daemon connect to the client by itself. Using PcapRemoteDevice is very similar to using the other live devices (PcapLiveDevice or WinPcapLiveDevice), meaning the API's are the same and the same logic is used (for example: capturing is done on a different thread, sending packets are done on the same thread, etc.). For the full API and explanations, please refer to PcapLiveDevice. The reason for the similar API is that WinPcap's API is very similar between Remote Capture and local network interface capture. The things that are different are some are some implementation details, mainly in making the connection to the remote daemon, and the way the user can get the instance of PcapRemoteDevice. For more details on that please refer to PcapRemoteDeviceList

Member Function Documentation

◆ getDeviceType()

virtual LiveDeviceType pcpp::PcapRemoteDevice::getDeviceType ( )
The type of the device (libPcap, WinPcap or a remote device)

Reimplemented from pcpp::PcapLiveDevice.

◆ getMacAddress()

virtual MacAddress pcpp::PcapRemoteDevice::getMacAddress ( )

MAC address isn't supported for remote devices


Reimplemented from pcpp::PcapLiveDevice.

◆ getMtu()

virtual uint16_t pcpp::PcapRemoteDevice::getMtu ( )

MTU isn't supported for remote devices


Reimplemented from pcpp::PcapLiveDevice.

◆ getRemoteMachineIpAddress()

IPAddress* pcpp::PcapRemoteDevice::getRemoteMachineIpAddress ( )
The IP address of the remote machine where packets are transmitted from the remote machine to the client machine

◆ getRemoteMachinePort()

uint16_t pcpp::PcapRemoteDevice::getRemoteMachinePort ( )
The port of the remote machine where packets are transmitted from the remote machine to the client machine

◆ getStatistics()

void pcpp::PcapRemoteDevice::getStatistics ( pcap_stat &  stats)

Get statistics from device:

  • pcap_stat::ps_recv: number of packets received
  • pcap_stat::ps_drop: number of packets dropped
  • pcap_stat::ps_ifdorp: number of packets dropped by interface
    [out]statsThe stats struct where stats are returned

Reimplemented from pcpp::PcapLiveDevice.

◆ open()

virtual bool pcpp::PcapRemoteDevice::open ( )

Open the device using pcap_open. Opening the device makes the connection to the remote daemon (including authentication if needed and provided). If this methods succeeds it means the connection to the remote daemon succeeded and the device is ready for use. As in PcapLiveDevice, packet capturing won't start yet. For packet capturing the user should call startCapture(). This implies that calling this method is a must before calling startCapture() (otherwise startCapture() will fail with a "device not open" error). The remote deamon is asked to capture packets in promiscuous mode

True if the device was opened successfully, false otherwise. When opening the device fails an error will be printed to log as well, including the WinPcap error if exists

Reimplemented from pcpp::PcapLiveDevice.