PcapPlusPlus  20.08
pcpp::PcapRemoteDevice Class Reference

#include <PcapRemoteDevice.h>

Inheritance diagram for pcpp::PcapRemoteDevice:
pcpp::PcapLiveDevice pcpp::IPcapDevice pcpp::IDevice pcpp::IFilterableDevice

Public Member Functions

IPAddress getRemoteMachineIpAddress () const
 
uint16_t getRemoteMachinePort () const
 
virtual LiveDeviceType getDeviceType () const
 
virtual uint32_t getMtu () const
 
virtual MacAddress getMacAddress () const
 
virtual bool open ()
 
virtual void getStatistics (pcap_stat &stats) const
 
- Public Member Functions inherited from pcpp::PcapLiveDevice
virtual ~PcapLiveDevice ()
 
const char * getName () const
 
const char * getDesc () const
 
bool getLoopback () const
 
virtual LinkLayerType getLinkType () const
 
const std::vector< pcap_addr_t > & getAddresses () const
 
IPv4Address getIPv4Address () const
 
IPv4Address getDefaultGateway () const
 
const std::vector< IPv4Address > & getDnsServers () const
 
virtual bool startCapture (OnPacketArrivesCallback onPacketArrives, void *onPacketArrivesUserCookie)
 
virtual bool startCapture (OnPacketArrivesCallback onPacketArrives, void *onPacketArrivesUserCookie, int intervalInSecondsToUpdateStats, OnStatsUpdateCallback onStatsUpdate, void *onStatsUpdateUserCookie)
 
virtual bool startCapture (int intervalInSecondsToUpdateStats, OnStatsUpdateCallback onStatsUpdate, void *onStatsUpdateUserCookie)
 
virtual bool startCapture (RawPacketVector &capturedPacketsVector)
 
virtual int startCaptureBlockingMode (OnPacketArrivesStopBlocking onPacketArrives, void *userCookie, int timeout)
 
void stopCapture ()
 
bool captureActive ()
 
bool sendPacket (RawPacket const &rawPacket)
 
bool sendPacket (const uint8_t *packetData, int packetDataLength)
 
bool sendPacket (Packet *packet)
 
virtual int sendPackets (RawPacket *rawPacketsArr, int arrLength)
 
virtual int sendPackets (Packet **packetsArr, int arrLength)
 
virtual int sendPackets (const RawPacketVector &rawPackets)
 
bool open (const DeviceConfiguration &config)
 
void close ()
 
- Public Member Functions inherited from pcpp::IPcapDevice
virtual bool setFilter (std::string filterAsString)
 
bool clearFilter ()
 
virtual bool setFilter (GeneralFilter &filter)
 
virtual bool setFilter (std::string filterAsString)=0
 
- Public Member Functions inherited from pcpp::IDevice
bool isOpened ()
 
- Public Member Functions inherited from pcpp::IFilterableDevice
virtual bool setFilter (GeneralFilter &filter)
 

Additional Inherited Members

- Public Types inherited from pcpp::PcapLiveDevice
enum  LiveDeviceType { LibPcapDevice, WinPcapDevice, RemoteDevice }
 
enum  DeviceMode { Normal = 0, Promiscuous = 1 }
 
enum  PcapDirection { PCPP_INOUT = 0, PCPP_IN, PCPP_OUT }
 
- Static Public Member Functions inherited from pcpp::IPcapDevice
static std::string getPcapLibVersionInfo ()
 
static bool verifyFilter (std::string filterAsString)
 
static bool matchPacketWithFilter (std::string filterAsString, RawPacket *rawPacket)
 
static bool matchPacketWithFilter (GeneralFilter &filter, RawPacket *rawPacket)
 

Detailed Description

A class that provides a C++ wrapper for WinPcap/Npcap Remote Capture feature. This feature allows to interact to a remote machine and capture packets that are being transmitted on the remote network interfaces. This requires a remote daemon (called rpcapd) which performs the capture and sends data back and the local client (represented by PcapRemoteDevice) that sends the appropriate commands and receives the captured data. You can read more about this feature in WinPcap Remote Capture manual: https://www.winpcap.org/docs/docs_412/html/group__remote.html
Since this feature is supported in WinPcap and Npcap only and not in libpcap, PcapRemoteDevice can only be used in Windows only.
This class provides a wrapper for the local client, meaning it assumes the daemon (rpcapd) is already running on the remote machine and it tries to connect to it and start receiving/sending packets from/to it. This class assumes rpcapd is in passive mode, meaning PcapRemoteDevice connects to the remote daemon, sends the appropriate commands to it, and starts capturing packets, rather than letting the daemon connect to the client by itself. Using PcapRemoteDevice is very similar to using the other live devices (PcapLiveDevice or WinPcapLiveDevice), meaning the API's are the same and the same logic is used (for example: capturing is done on a different thread, sending packets are done on the same thread, etc.). For the full API and explanations, please refer to PcapLiveDevice. The reason for the similar API is that WinPcap/Npcap's API is very similar between Remote Capture and local network interface capture. The things that are different are some are some implementation details, mainly in making the connection to the remote daemon, and the way the user can get the instance of PcapRemoteDevice. For more details on that please refer to PcapRemoteDeviceList

Member Function Documentation

◆ getDeviceType()

virtual LiveDeviceType pcpp::PcapRemoteDevice::getDeviceType ( ) const
inlinevirtual
Returns
The type of the device (libPcap, WinPcap/Npcap or a remote device)

Reimplemented from pcpp::PcapLiveDevice.

◆ getMacAddress()

virtual MacAddress pcpp::PcapRemoteDevice::getMacAddress ( ) const
virtual

MAC address isn't supported for remote devices

Returns
MacAddress::Zero

Reimplemented from pcpp::PcapLiveDevice.

◆ getMtu()

virtual uint32_t pcpp::PcapRemoteDevice::getMtu ( ) const
virtual

MTU isn't supported for remote devices

Returns
0

Reimplemented from pcpp::PcapLiveDevice.

◆ getRemoteMachineIpAddress()

IPAddress pcpp::PcapRemoteDevice::getRemoteMachineIpAddress ( ) const
inline
Returns
The IP address of the remote machine where packets are transmitted from the remote machine to the client machine

◆ getRemoteMachinePort()

uint16_t pcpp::PcapRemoteDevice::getRemoteMachinePort ( ) const
inline
Returns
The port of the remote machine where packets are transmitted from the remote machine to the client machine

◆ getStatistics()

virtual void pcpp::PcapRemoteDevice::getStatistics ( pcap_stat &  stats) const
virtual

Get statistics from device:

  • pcap_stat::ps_recv: number of packets received
  • pcap_stat::ps_drop: number of packets dropped
  • pcap_stat::ps_ifdrop: number of packets dropped by interface
    Parameters
    [out]statsThe stats struct where stats are returned

Reimplemented from pcpp::PcapLiveDevice.

◆ open()

virtual bool pcpp::PcapRemoteDevice::open ( )
virtual

Open the device using pcap_open. Opening the device makes the connection to the remote daemon (including authentication if needed and provided). If this methods succeeds it means the connection to the remote daemon succeeded and the device is ready for use. As in PcapLiveDevice, packet capturing won't start yet. For packet capturing the user should call startCapture(). This implies that calling this method is a must before calling startCapture() (otherwise startCapture() will fail with a "device not open" error). The remote deamon is asked to capture packets in promiscuous mode

Returns
True if the device was opened successfully, false otherwise. When opening the device fails an error will be printed to log as well, including the WinPcap/Npcap error if exists

Reimplemented from pcpp::PcapLiveDevice.