PcapPlusPlus
21.05
|
The main namespace for the PcapPlusPlus lib. More...
Functions | |
std::string | byteArrayToHexString (const uint8_t *byteArr, size_t byteArrSize, int stringSizeLimit=-1) |
size_t | hexStringToByteArray (const std::string &hexString, uint8_t *resultByteArr, size_t resultByteArrSize) |
char * | cross_platform_memmem (const char *haystack, size_t haystackLen, const char *needle, size_t needleLen) |
uint16_t | computeChecksum (ScalarBuffer< uint16_t > vec[], size_t vecSize) |
uint32_t | fnvHash (ScalarBuffer< uint8_t > vec[], size_t vecSize) |
uint32_t | fnvHash (uint8_t *buffer, size_t bufSize) |
uint32_t | hash5Tuple (Packet *packet, bool const &directionUnique=false) |
uint32_t | hash2Tuple (Packet *packet) |
std::string | getPcapPlusPlusVersion () |
std::string | getPcapPlusPlusVersionFull () |
std::string | getBuildDateTime () |
std::string | getGitCommit () |
std::string | getGitBranch () |
std::string | getGitInfo () |
int | getNumOfCores () |
CoreMask | getCoreMaskForAllMachineCores () |
CoreMask | createCoreMaskFromCoreVector (std::vector< SystemCore > cores) |
CoreMask | createCoreMaskFromCoreIds (std::vector< int > coreIds) |
void | createCoreVectorFromCoreMask (CoreMask coreMask, std::vector< SystemCore > &resultVec) |
std::string | executeShellCommand (const std::string command) |
bool | directoryExists (std::string dirPath) |
int | clockGetTime (long &sec, long &nsec) |
void | multiPlatformSleep (uint32_t seconds) |
uint16_t | hostToNet16 (uint16_t host) |
uint16_t | netToHost16 (uint16_t net) |
uint32_t | hostToNet32 (uint32_t host) |
uint32_t | netToHost32 (uint32_t net) |
The main namespace for the PcapPlusPlus lib.
ICMP address mask reply message structure, same as icmp_address_mask_request
ICMP echo (ping) reply message structure, same as icmp_echo_request
ICMP information reply message structure, same as icmp_info_request
ICMP router solicitation message structure, same as icmphdr
ICMP source quence message structure, same as icmp_time_exceeded
ICMP timestamp reply message structure, same as icmp_timestamp_request
A vector of pointers to MBufRawPacket
pcpp::OnDpdkPacketsArriveCallback |
A callback that is called when a burst of packets are captured by DpdkDevice
[in] | packets | A pointer to an array of MBufRawPacket |
[in] | numOfPackets | The length of the array |
[in] | threadId | The thread/core ID who captured the packets |
[in] | device | A pointer to the DpdkDevice who captured the packets |
[in] | userCookie | The user cookie assigned by the user in DpdkDevice::startCaptureSingleThread() or DpdkDevice::startCaptureMultiThreads |
typedef bool(* pcpp::OnKniPacketArriveCallback) (MBufRawPacket *packets, uint32_t numOfPackets, KniDevice *device, void *userCookie) |
Defines the signature callback used by capturing API on KNI device
pcpp::OnPacketArrivesCallback |
A callback that is called when a packet is captured by PcapLiveDevice
[in] | pPacket | A pointer to the raw packet |
[in] | pDevice | A pointer to the PcapLiveDevice instance |
[in] | userCookie | A pointer to the object put by the user when packet capturing stared |
pcpp::OnPacketArrivesStopBlocking |
A callback that is called when a packet is captured by PcapLiveDevice
[in] | pPacket | A pointer to the raw packet |
[in] | pDevice | A pointer to the PcapLiveDevice instance |
[in] | userCookie | A pointer to the object put by the user when packet capturing stared |
pcpp::OnStatsUpdateCallback |
A callback that is called periodically for stats collection if user asked to start packet capturing with periodic stats collection
[in] | stats | A reference to the most updated stats |
[in] | userCookie | A pointer to the object put by the user when packet capturing stared |
Representing all protocols supported by PcapPlusPlus
typedef PointerVector<RawPacket> pcpp::RawPacketVector |
A vector of pointers to RawPacket
enum pcpp::ArpOpcode |
enum pcpp::BootpOpCodes |
DHCP message types
DHCP option types.
enum pcpp::Direction |
enum pcpp::DnsClass |
enum pcpp::DnsType |
An enum for all possible DNS record types
enum pcpp::DpdkPMDType |
An enum describing all PMD (poll mode driver) types supported by DPDK. For more info about these PMDs please visit the DPDK web-site
enum pcpp::FilterOperator |
An enum representing the possible GTP v1 message types. All of the message types except for GtpV1_GPDU are considered GTP-C messages. GtpV1_GPDU is considered a GTP-U message
enum pcpp::HttpVersion |
An enum for all possible codes for a destination unreachable message type Documentation is taken from Wikipedia: https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
Enumerator | |
---|---|
IcmpNetworkUnreachable | Network unreachable error |
IcmpHostUnreachable | Host unreachable error |
IcmpProtocolUnreachable | Protocol unreachable error (the designated transport protocol is not supported) |
IcmpPortUnreachable | Port unreachable error (the designated protocol is unable to inform the host of the incoming message) |
IcmpDatagramTooBig | The datagram is too big. Packet fragmentation is required but the 'don't fragment' (DF) flag is on |
IcmpSourceRouteFailed | Source route failed error |
IcmpDestinationNetworkUnknown | Destination network unknown error |
IcmpDestinationHostUnknown | Destination host unknown error |
IcmpSourceHostIsolated | Source host isolated error |
IcmpDestinationNetworkProhibited | The destination network is administratively prohibited |
IcmpDestinationHostProhibited | The destination host is administratively prohibited |
IcmpNetworkUnreachableForTypeOfService | The network is unreachable for Type Of Service |
IcmpHostUnreachableForTypeOfService | The host is unreachable for Type Of Service |
IcmpCommunicationProhibited | Communication administratively prohibited (administrative filtering prevents packet from being forwarded) |
IcmpHostPrecedenceViolation | Host precedence violation (indicates the requested precedence is not permitted for the combination of host or network and port) |
IcmpPrecedenceCutoff | Precedence cutoff in effect (precedence of datagram is below the level set by the network administrators) |
An enum of all supported ICMP message types
enum pcpp::IgmpType |
IGMP message types
An enum for all possible IPv4 and IPv6 protocol types
An enum for supported IPv4 option types
Enumerator | |
---|---|
IPV4OPT_EndOfOptionsList | End of Options List |
IPV4OPT_NOP | No Operation |
IPV4OPT_RecordRoute | Record Route |
IPV4OPT_MTUProbe | MTU Probe |
IPV4OPT_MTUReply | MTU Reply |
IPV4OPT_QuickStart | Quick-Start |
IPV4OPT_Timestamp | Timestamp |
IPV4OPT_Traceroute | Traceroute |
IPV4OPT_Security | Security |
IPV4OPT_LooseSourceRoute | Loose Source Route |
IPV4OPT_ExtendedSecurity | Extended Security |
IPV4OPT_CommercialSecurity | Commercial Security |
IPV4OPT_StreamID | Stream ID |
IPV4OPT_StrictSourceRoute | Strict Source Route |
IPV4OPT_ExtendedInternetProtocol | Extended Internet Protocol |
IPV4OPT_AddressExtension | Address Extension |
IPV4OPT_RouterAlert | Router Alert |
IPV4OPT_SelectiveDirectedBroadcast | Selective Directed Broadcast |
IPV4OPT_DynamicPacketState | Dynamic Packet State |
IPV4OPT_UpstreamMulticastPkt | Upstream Multicast Pkt. |
IPV4OPT_Unknown | Unknown IPv4 option |
enum pcpp::LinkLayerType |
An enum describing all known link layer type. Taken from: http://www.tcpdump.org/linktypes.html .
Enumerator | |
---|---|
LINKTYPE_NULL | BSD loopback encapsulation |
LINKTYPE_ETHERNET | IEEE 802.3 Ethernet |
LINKTYPE_AX25 | AX.25 packet |
LINKTYPE_IEEE802_5 | IEEE 802.5 Token Ring |
LINKTYPE_ARCNET_BSD | ARCNET Data Packets |
LINKTYPE_SLIP | SLIP, encapsulated with a LINKTYPE_SLIP header |
LINKTYPE_PPP | PPP, as per RFC 1661 and RFC 1662 |
LINKTYPE_FDDI | FDDI, as specified by ANSI INCITS 239-1994 |
LINKTYPE_DLT_RAW1 | Raw IP |
LINKTYPE_DLT_RAW2 | Raw IP (OpenBSD) |
LINKTYPE_PPP_HDLC | PPP in HDLC-like framing, as per RFC 1662, or Cisco PPP with HDLC framing, as per section 4.3.1 of RFC 1547 |
LINKTYPE_PPP_ETHER | PPPoE |
LINKTYPE_ATM_RFC1483 | RFC 1483 LLC/SNAP-encapsulated ATM |
LINKTYPE_RAW | Raw IP |
LINKTYPE_C_HDLC | Cisco PPP with HDLC framing |
LINKTYPE_IEEE802_11 | IEEE 802.11 wireless LAN |
LINKTYPE_FRELAY | Frame Relay |
LINKTYPE_LOOP | OpenBSD loopback encapsulation |
LINKTYPE_LINUX_SLL | Linux "cooked" capture encapsulation |
LINKTYPE_LTALK | Apple LocalTalk |
LINKTYPE_PFLOG | OpenBSD pflog |
LINKTYPE_IEEE802_11_PRISM | Prism monitor mode information followed by an 802.11 header |
LINKTYPE_IP_OVER_FC | RFC 2625 IP-over-Fibre Channel |
LINKTYPE_SUNATM | ATM traffic, encapsulated as per the scheme used by SunATM devices |
LINKTYPE_IEEE802_11_RADIOTAP | Radiotap link-layer information followed by an 802.11 header |
LINKTYPE_ARCNET_LINUX | ARCNET Data Packets, as described by the ARCNET Trade Association standard ATA 878.1-1999 |
LINKTYPE_APPLE_IP_OVER_IEEE1394 | Apple IP-over-IEEE 1394 cooked header |
LINKTYPE_MTP2_WITH_PHDR | Signaling System 7 Message Transfer Part Level 2 |
LINKTYPE_MTP2 | Signaling System 7 Message Transfer Part Level 2 |
LINKTYPE_MTP3 | Signaling System 7 Message Transfer Part Level 3 |
LINKTYPE_SCCP | Signaling System 7 Signalling Connection Control Part |
LINKTYPE_DOCSIS | Signaling System 7 Signalling Connection Control Part |
LINKTYPE_LINUX_IRDA | Linux-IrDA packets |
LINKTYPE_USER0 | Reserved for private use |
LINKTYPE_USER1 | Reserved for private use |
LINKTYPE_USER2 | Reserved for private use |
LINKTYPE_USER3 | Reserved for private use |
LINKTYPE_USER4 | Reserved for private use |
LINKTYPE_USER5 | Reserved for private use |
LINKTYPE_USER6 | Reserved for private use |
LINKTYPE_USER7 | Reserved for private use |
LINKTYPE_USER8 | Reserved for private use |
LINKTYPE_USER9 | Reserved for private use |
LINKTYPE_USER10 | Reserved for private use |
LINKTYPE_USER11 | Reserved for private use |
LINKTYPE_USER12 | Reserved for private use |
LINKTYPE_USER13 | Reserved for private use |
LINKTYPE_USER14 | Reserved for private use |
LINKTYPE_USER15 | Reserved for private use |
LINKTYPE_IEEE802_11_AVS | AVS monitor mode information followed by an 802.11 header |
LINKTYPE_BACNET_MS_TP | BACnet MS/TP frames |
LINKTYPE_PPP_PPPD | PPP in HDLC-like encapsulation, like LINKTYPE_PPP_HDLC, but with the 0xff address byte replaced by a direction indication - 0x00 for incoming and 0x01 for outgoing |
LINKTYPE_GPRS_LLC | General Packet Radio Service Logical Link Control |
LINKTYPE_GPF_T | Transparent-mapped generic framing procedure |
LINKTYPE_GPF_F | Frame-mapped generic framing procedure |
LINKTYPE_LINUX_LAPD | Link Access Procedures on the D Channel (LAPD) frames |
LINKTYPE_BLUETOOTH_HCI_H4 | Bluetooth HCI UART transport layer |
LINKTYPE_USB_LINUX | USB packets, beginning with a Linux USB header |
LINKTYPE_PPI | Per-Packet Information information |
LINKTYPE_IEEE802_15_4 | IEEE 802.15.4 wireless Personal Area Network |
LINKTYPE_SITA | Various link-layer types, with a pseudo-header, for SITA |
LINKTYPE_ERF | Various link-layer types, with a pseudo-header, for Endace DAG cards; encapsulates Endace ERF record |
LINKTYPE_BLUETOOTH_HCI_H4_WITH_PHDR | Bluetooth HCI UART transport layer |
LINKTYPE_AX25_KISS | AX.25 packet, with a 1-byte KISS header containing a type indicator |
LINKTYPE_LAPD | Link Access Procedures on the D Channel (LAPD) frames |
LINKTYPE_PPP_WITH_DIR | PPP, as per RFC 1661 and RFC 1662, preceded with a one-byte pseudo-header with a zero value meaning "received by this host" and a non-zero value meaning "sent by this host" |
LINKTYPE_C_HDLC_WITH_DIR | Cisco PPP with HDLC framing |
LINKTYPE_FRELAY_WITH_DIR | Frame Relay |
LINKTYPE_IPMB_LINUX | IPMB over an I2C circuit |
LINKTYPE_IEEE802_15_4_NONASK_PHY | IEEE 802.15.4 wireless Personal Area Network |
LINKTYPE_USB_LINUX_MMAPPED | USB packets, beginning with a Linux USB header |
LINKTYPE_FC_2 | Fibre Channel FC-2 frames, beginning with a Frame_Header |
LINKTYPE_FC_2_WITH_FRAME_DELIMS | Fibre Channel FC-2 frames |
LINKTYPE_IPNET | Solaris ipnet pseudo-header |
LINKTYPE_CAN_SOCKETCAN | CAN (Controller Area Network) frames, with a pseudo-header as supplied by Linux SocketCAN |
LINKTYPE_IPV4 | Raw IPv4; the packet begins with an IPv4 header |
LINKTYPE_IPV6 | Raw IPv6; the packet begins with an IPv6 header |
LINKTYPE_IEEE802_15_4_NOFCS | IEEE 802.15.4 wireless Personal Area Network, without the FCS at the end of the frame |
LINKTYPE_DBUS | Raw D-Bus messages, starting with the endianness flag, followed by the message type, etc., but without the authentication handshake before the message sequence |
LINKTYPE_DVB_CI | DVB-CI (DVB Common Interface for communication between a PC Card module and a DVB receiver), with the message format specified by the PCAP format for DVB-CI specification |
LINKTYPE_MUX27010 | Variant of 3GPP TS 27.010 multiplexing protocol (similar to, but not the same as, 27.010) |
LINKTYPE_STANAG_5066_D_PDU | D_PDUs as described by NATO standard STANAG 5066, starting with the synchronization sequence, and including both header and data CRCs |
LINKTYPE_NFLOG | Linux netlink NETLINK NFLOG socket log messages |
LINKTYPE_NETANALYZER | Pseudo-header for Hilscher Gesellschaft für Systemautomation mbH netANALYZER devices, followed by an Ethernet frame, beginning with the MAC header and ending with the FCS |
LINKTYPE_NETANALYZER_TRANSPARENT | Pseudo-header for Hilscher Gesellschaft für Systemautomation mbH netANALYZER devices, followed by an Ethernet frame, beginning with the preamble, SFD, and MAC header, and ending with the FCS |
LINKTYPE_IPOIB | IP-over-InfiniBand, as specified by RFC 4391 section 6 |
LINKTYPE_MPEG_2_TS | MPEG-2 Transport Stream transport packets, as specified by ISO 13818-1/ITU-T Recommendation H.222.0 |
LINKTYPE_NG40 | Pseudo-header for ng4T GmbH's UMTS Iub/Iur-over-ATM and Iub/Iur-over-IP format as used by their ng40 protocol tester |
LINKTYPE_NFC_LLCP | Pseudo-header for NFC LLCP packet captures, followed by frame data for the LLCP Protocol as specified by NFCForum-TS-LLCP_1.1 |
LINKTYPE_INFINIBAND | Raw InfiniBand frames, starting with the Local Routing Header |
LINKTYPE_SCTP | SCTP packets, as defined by RFC 4960, with no lower-level protocols such as IPv4 or IPv6 |
LINKTYPE_USBPCAP | USB packets, beginning with a USBPcap header |
LINKTYPE_RTAC_SERIAL | Serial-line packet header for the Schweitzer Engineering Laboratories "RTAC" product |
LINKTYPE_BLUETOOTH_LE_LL | Bluetooth Low Energy air interface Link Layer packets |
LINKTYPE_NETLINK | Linux Netlink capture encapsulation |
LINKTYPE_BLUETOOTH_LINUX_MONITOR | Bluetooth Linux Monitor encapsulation of traffic for the BlueZ stack |
LINKTYPE_BLUETOOTH_BREDR_BB | Bluetooth Basic Rate and Enhanced Data Rate baseband packets |
LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR | Bluetooth Low Energy link-layer packets |
LINKTYPE_PROFIBUS_DL | PROFIBUS data link layer packets, as specified by IEC standard 61158-6-3 |
LINKTYPE_PKTAP | Apple PKTAP capture encapsulation |
LINKTYPE_EPON | Ethernet-over-passive-optical-network packets |
LINKTYPE_IPMI_HPM_2 | IPMI trace packets, as specified by Table 3-20 "Trace Data Block Format" in the PICMG HPM.2 specification |
LINKTYPE_ZWAVE_R1_R2 | Per Joshua Wright jwrig, formats for Z-Wave RF profiles R1 and R2 captures ht@h asbor g.co m |
LINKTYPE_ZWAVE_R3 | Per Joshua Wright jwrig, formats for Z-Wave RF profile R3 captures ht@h asbor g.co m |
LINKTYPE_WATTSTOPPER_DLM | Formats for WattStopper Digital Lighting Management (DLM) and Legrand Nitoo Open protocol common packet structure captures |
LINKTYPE_ISO_14443 | Messages between ISO 14443 contactless smartcards (Proximity Integrated Circuit Card, PICC) and card readers (Proximity Coupling Device, PCD), with the message format specified by the PCAP format for ISO14443 specification |
enum pcpp::LogModule |
An enum representing all PcapPlusPlus modules
Enumerator | |
---|---|
CommonLogModuleIpUtils | IP Utils module (Common++) |
CommonLogModuleTablePrinter | Table printer module (Common++) |
CommonLogModuleGenericUtils | Generic Utils (Common++) |
PacketLogModuleRawPacket | RawPacket module (Packet++) |
PacketLogModulePacket | Packet module (Packet++) |
PacketLogModuleLayer | Layer module (Packet++) |
PacketLogModuleArpLayer | ArpLayer module (Packet++) |
PacketLogModuleEthLayer | EthLayer module (Packet++) |
PacketLogModuleIPv4Layer | IPv4Layer module (Packet++) |
PacketLogModuleIPv6Layer | IPv6Layer module (Packet++) |
PacketLogModulePayloadLayer | PayloadLayer module (Packet++) |
PacketLogModuleTcpLayer | TcpLayer module (Packet++) |
PacketLogModuleUdpLayer | UdpLayer module (Packet++) |
PacketLogModuleVlanLayer | VlanLayer module (Packet++) |
PacketLogModuleHttpLayer | HttpLayer module (Packet++) |
PacketLogModulePPPoELayer | PPPoELayer module (Packet++) |
PacketLogModuleDnsLayer | DnsLayer module (Packet++) |
PacketLogModuleMplsLayer | MplsLayer module (Packet++) |
PacketLogModuleIcmpLayer | IcmpLayer module (Packet++) |
PacketLogModuleGreLayer | GreLayer module (Packet++) |
PacketLogModuleSSLLayer | SSLLayer module (Packet++) |
PacketLogModuleSllLayer | SllLayer module (Packet++) |
PacketLogModuleDhcpLayer | DhcpLayer module (Packet++) |
PacketLogModuleIgmpLayer | IgmpLayer module (Packet++) |
PacketLogModuleSipLayer | SipLayer module (Packet++) |
PacketLogModuleSdpLayer | SdpLayer module (Packet++) |
PacketLogModuleRadiusLayer | RadiusLayer module (Packet++) |
PacketLogModuleGtpLayer | GtpLayer module (Packet++) |
PacketLogModuleBgpLayer | GtpLayer module (Packet++) |
PacketLogModuleSSHLayer | SSHLayer module (Packet++) |
PacketLogModuleTcpReassembly | TcpReassembly module (Packet++) |
PacketLogModuleIPReassembly | IPReassembly module (Packet++) |
PacketLogModuleIPSecLayer | IPSecLayers module (Packet++) |
PcapLogModuleWinPcapLiveDevice | WinPcapLiveDevice module (Pcap++) |
PcapLogModuleRemoteDevice | WinPcapRemoteDevice module (Pcap++) |
PcapLogModuleLiveDevice | PcapLiveDevice module (Pcap++) |
PcapLogModuleFileDevice | FileDevice module (Pcap++) |
PcapLogModulePfRingDevice | PfRingDevice module (Pcap++) |
PcapLogModuleMBufRawPacket | MBufRawPacket module (Pcap++) |
PcapLogModuleDpdkDevice | DpdkDevice module (Pcap++) |
PcapLogModuleKniDevice | KniDevice module (Pcap++) |
NetworkUtils | NetworkUtils module (Pcap++) |
enum pcpp::OsiModelLayer |
An enum representing OSI model layers
SSL/TLS alert description types
enum pcpp::SSLAlertLevel |
SSL/TLS authentication algorithms
SSL/TLS client certificate types
SSL/TLS extension types
Enumerator | |
---|---|
SSL_EXT_SERVER_NAME | Server Name Indication extension |
SSL_EXT_MAX_FRAGMENT_LENGTH | Maximum Fragment Length Negotiation extension |
SSL_EXT_CLIENT_CERTIFICATE_URL | Client Certificate URLs extension |
SSL_EXT_TRUSTED_CA_KEYS | Trusted CA Indication extension |
SSL_EXT_TRUNCATED_HMAC | Truncated HMAC extension |
SSL_EXT_STATUS_REQUEST | Certificate Status Request extension |
SSL_EXT_USER_MAPPING | TLS User Mapping extension |
SSL_EXT_CLIENT_AUTHZ | Client Authorization extension |
SSL_EXT_SERVER_AUTHZ | Server Authorization extension |
SSL_EXT_CERT_TYPE | Certificate Type extension |
SSL_EXT_SUPPORTED_GROUPS | Supported Groups extension (renamed from "elliptic curves") |
SSL_EXT_EC_POINT_FORMATS | Elliptic Curves Point Format extension |
SSL_EXT_SRP | Secure Remote Password extension |
SSL_EXT_SIGNATURE_ALGORITHMS | Signature Algorithms extension |
SSL_EXT_USE_SRTP | Use Secure Real-time Transport Protocol extension |
SSL_EXT_HEARTBEAT | TLS Heartbit extension |
SSL_EXT_APPLICATION_LAYER_PROTOCOL_NEGOTIATION | Application Layer Protocol Negotiation (ALPN) extension |
SSL_EXT_STATUS_REQUEST_V2 | Status Request extension |
SSL_EXT_SIGNED_CERTIFICATE_TIMESTAMP | Signed Certificate Timestamp extension |
SSL_EXT_CLIENT_CERTIFICATE_TYPE | Client Certificate Type extension |
SSL_EXT_SERVER_CERTIFICATE_TYPE | Server Certificate Type extension |
SSL_EXT_PADDING | ClientHello Padding extension |
SSL_EXT_ENCRYPT_THEN_MAC | Encrypt-then-MAC extension |
SSL_EXT_EXTENDED_MASTER_SECRET | Extended Master Secret extension |
SSL_EXT_TOKEN_BINDING | Token Binding extension |
SSL_EXT_SESSIONTICKET_TLS | SessionTicket TLS extension |
SSL_EXT_PRE_SHARED_KEY | Pre-shared key (PSK) extension (TLS 1.3) |
SSL_EXT_EARLY_DATA | Early data extension (TLS 1.3) |
SSL_EXT_SUPPORTED_VERSIONS | Supported versions extension (TLS 1.3) |
SSL_EXT_COOKIE | Cookie extension (TLS 1.3) |
SSL_EXT_PSK_KEY_EXCHANGE_MODES | Pre-Shared Key Exchange Modes extension (TLS 1.3) |
SSL_EXT_CERTIFICATE_AUTHORITIES | Certificate authorities extension (TLS 1.3) |
SSL_EXT_OLD_FILTERS | Old filters extension (TLS 1.3) |
SSL_EXT_POST_HANDSHAKE_AUTH | Post hanshake auth extension (TLS 1.3) |
SSL_EXT_SIGNATURE_ALGORITHM_CERT | Signature algorithm cert extension (TLS 1.3) |
SSL_EXT_KEY_SHARE | Key share extension (TLS 1.3) |
SSL_EXT_RENEGOTIATION_INFO | Renegotiation Indication extension |
SSL_EXT_Unknown | Unknown extension |
SSL/TLS handshake message types
SSL/TLS hashing algortihms
SSL/TLS key exchange algorithms
enum pcpp::SSLRecordType |
SSL/TLS symmetric encryption algorithms
enum pcpp::TcpOptionType |
TCP options types
Enumerator | |
---|---|
PCPP_TCPOPT_NOP | Padding |
PCPP_TCPOPT_EOL | End of options |
TCPOPT_MSS | Segment size negotiating |
PCPP_TCPOPT_WINDOW | Window scaling |
TCPOPT_SACK_PERM | SACK Permitted |
PCPP_TCPOPT_SACK | SACK Block |
TCPOPT_ECHO | Echo (obsoleted by option PCPP_TCPOPT_TIMESTAMP) |
TCPOPT_ECHOREPLY | Echo Reply (obsoleted by option PCPP_TCPOPT_TIMESTAMP) |
PCPP_TCPOPT_TIMESTAMP | TCP Timestamps |
TCPOPT_CC | CC (obsolete) |
TCPOPT_CCNEW | CC.NEW (obsolete) |
TCPOPT_CCECHO | CC.ECHO(obsolete) |
TCPOPT_MD5 | MD5 Signature Option |
TCPOPT_MPTCP | Multipath TCP |
TCPOPT_SCPS | SCPS Capabilities |
TCPOPT_SNACK | SCPS SNACK |
TCPOPT_RECBOUND | SCPS Record Boundary |
TCPOPT_CORREXP | SCPS Corruption Experienced |
TCPOPT_QS | Quick-Start Response |
TCPOPT_USER_TO | User Timeout Option (also, other known unauthorized use) |
TCPOPT_EXP_FD | RFC3692-style Experiment 1 (also improperly used for shipping products) |
TCPOPT_EXP_FE | RFC3692-style Experiment 2 (also improperly used for shipping products) |
TCPOPT_RVBD_PROBE | Riverbed probe option, non IANA registered option number |
TCPOPT_RVBD_TRPY | Riverbed transparency option, non IANA registered option number |
TCPOPT_Unknown | Unknown option |
std::string pcpp::byteArrayToHexString | ( | const uint8_t * | byteArr, |
size_t | byteArrSize, | ||
int | stringSizeLimit = -1 |
||
) |
Convert a byte array into a string of hex characters. For example: for the array { 0xaa, 0x2b, 0x10 } the string "aa2b10" will be returned
[in] | byteArr | A byte array |
[in] | byteArrSize | The size of the byte array [in bytes] |
[in] | stringSizeLimit | An optional parameter that enables to limit the returned string size. If set to a positive integer value the returned string size will be equal or less than this value. If the string representation of the whole array is longer than this size then only part of the array will be read. The default value is -1 which means no string size limitation |
int pcpp::clockGetTime | ( | long & | sec, |
long & | nsec | ||
) |
Retrieve a system-wide real-time accurate clock. It's actually a multi-platform version of clock_gettime() which is fully supported only on Linux
[out] | sec | The second portion of the time |
[out] | nsec | The nanosecond portion of the time |
uint16_t pcpp::computeChecksum | ( | ScalarBuffer< uint16_t > | vec[], |
size_t | vecSize | ||
) |
Computes the checksum for a vector of buffers
[in] | vec | The vector of buffers |
[in] | vecSize | Number of ScalarBuffers in vector |
CoreMask pcpp::createCoreMaskFromCoreIds | ( | std::vector< int > | coreIds | ) |
Create a core mask from a vector of core IDs
[in] | coreIds | A vector of core IDs |
CoreMask pcpp::createCoreMaskFromCoreVector | ( | std::vector< SystemCore > | cores | ) |
Create a core mask from a vector of system cores
[in] | cores | A vector of SystemCore instances |
void pcpp::createCoreVectorFromCoreMask | ( | CoreMask | coreMask, |
std::vector< SystemCore > & | resultVec | ||
) |
Covert a core mask into a vector of its appropriate system cores
[in] | coreMask | The input core mask |
[out] | resultVec | The vector that will contain the system cores |
char* pcpp::cross_platform_memmem | ( | const char * | haystack, |
size_t | haystackLen, | ||
const char * | needle, | ||
size_t | needleLen | ||
) |
This is a cross platform version of memmem (https://man7.org/linux/man-pages/man3/memmem.3.html) which is not supported on all platforms.
[in] | haystack | A pointer to the buffer to be searched |
[in] | haystackLen | Length of the haystack buffer |
[in] | needle | A pointer to a buffer that will be searched for |
[in] | needleLen | Length of the needle buffer |
bool pcpp::directoryExists | ( | std::string | dirPath | ) |
Check if a directory exists
[in] | dirPath | Full path of the directory to search |
std::string pcpp::executeShellCommand | ( | const std::string | command | ) |
Execute a shell command and return its output
[in] | command | The command to run |
uint32_t pcpp::fnvHash | ( | ScalarBuffer< uint8_t > | vec[], |
size_t | vecSize | ||
) |
Computes Fowler-Noll-Vo (FNV-1) 32bit hash function on an array of byte buffers. The hash is calculated on each byte in each byte buffer, as if all byte buffers were one long byte buffer
[in] | vec | An array of byte buffers (ScalarBuffer of type uint8_t) |
[in] | vecSize | The length of vec |
uint32_t pcpp::fnvHash | ( | uint8_t * | buffer, |
size_t | bufSize | ||
) |
Computes Fowler-Noll-Vo (FNV-1) 32bit hash function on a byte buffer
[in] | buffer | The byte buffer |
[in] | bufSize | The size of the byte buffer |
|
inline |
CoreMask pcpp::getCoreMaskForAllMachineCores | ( | ) |
Create a core mask for all cores available on machine
std::string pcpp::getGitBranch | ( | ) |
std::string pcpp::getGitCommit | ( | ) |
std::string pcpp::getGitInfo | ( | ) |
int pcpp::getNumOfCores | ( | ) |
Get total number of cores on device
|
inline |
|
inline |
uint32_t pcpp::hash2Tuple | ( | Packet * | packet | ) |
A method that is given a packet and calculates a hash value by the packet's 2-tuple (IP src + IP dst). Supports IPv4 and IPv6. For packets which aren't IPv4/6 the value of 0 will be returned
[in] | packet | The packet to calculate hash for |
uint32_t pcpp::hash5Tuple | ( | Packet * | packet, |
bool const & | directionUnique = false |
||
) |
A method that is given a packet and calculates a hash value by the packet's 5-tuple. Supports IPv4, IPv6, TCP and UDP. For packets which doesn't have 5-tuple (for example: packets which aren't IPv4/6 or aren't TCP/UDP) the value of 0 will be returned
[in] | packet | The packet to calculate hash for |
[in] | directionUnique | Make hash value unique for each direction |
size_t pcpp::hexStringToByteArray | ( | const std::string & | hexString, |
uint8_t * | resultByteArr, | ||
size_t | resultByteArrSize | ||
) |
Convert a string of hex characters into a byte array. For example: for the string "aa2b10" an array of values { 0xaa, 0x2b, 0x10 } will be returned
[in] | hexString | A string of hex characters |
[out] | resultByteArr | A pre-allocated byte array where the result will be written to |
[in] | resultByteArrSize | The size of the pre-allocated byte array |
uint16_t pcpp::hostToNet16 | ( | uint16_t | host | ) |
A multi-platform version of htons
which convert host to network byte order
[in] | host | Value in host byte order |
uint32_t pcpp::hostToNet32 | ( | uint32_t | host | ) |
A multi-platform version of htonl
which convert host to network byte order
[in] | host | Value in host byte order |
void pcpp::multiPlatformSleep | ( | uint32_t | seconds | ) |
A multi-platform version of the popular sleep method. This method simply runs the right sleep method, according to the platform it is running on.
[in] | seconds | Number of seconds to sleep |
uint16_t pcpp::netToHost16 | ( | uint16_t | net | ) |
A multi-platform version of ntohs
which convert network to host byte order
[in] | net | Value in network byte order |
uint32_t pcpp::netToHost32 | ( | uint32_t | net | ) |
A multi-platform version of ntohl
which convert network to host byte order
[in] | net | Value in network byte order |
const ProtocolType pcpp::ARP = 0x80 |
ARP protocol
const ProtocolType pcpp::AuthenticationHeader = 0x800000000 |
IPSec Authentication Header (AH) protocol
const ProtocolType pcpp::BGP = 0x200000000 |
Border Gateway Protocol (BGP) version 4 protocol
const ProtocolType pcpp::DHCP = 0x80000 |
DHCP/BOOTP protocol
const ProtocolType pcpp::DNS = 0x1000 |
DNS protocol
const ProtocolType pcpp::ESP = 0x1000000000 |
IPSec Encapsulating Security Payload (ESP) protocol
const ProtocolType pcpp::Ethernet = 0x01 |
Ethernet protocol
const ProtocolType pcpp::EthernetDot3 = 0x100000000 |
IEEE 802.3 Ethernet protocol
const ProtocolType pcpp::GenericPayload = 0x1000000 |
Generic payload (no specific protocol)
const ProtocolType pcpp::GRE = 0xc000 |
GRE protocol (aggregation bitmask of GREv0 and GREv1 protocols)
const ProtocolType pcpp::GREv0 = 0x4000 |
GRE version 0 protocol
const ProtocolType pcpp::GREv1 = 0x8000 |
GRE version 1 protocol
const ProtocolType pcpp::GTP = 0x80000000 |
GTP protocol (currently the same as GTPv1)
const ProtocolType pcpp::GTPv1 = 0x80000000 |
GTPv1 protocol
const ProtocolType pcpp::HTTP = 0x60 |
HTTP protocol (aggregation bitmask of HTTP request and HTTP response protocols)
const ProtocolType pcpp::HTTPRequest = 0x20 |
HTTP request protocol
const ProtocolType pcpp::HTTPResponse = 0x40 |
HTTP response protocol
const ProtocolType pcpp::ICMP = 0x200 |
ICMP protocol
const ProtocolType pcpp::IGMP = 0xE00000 |
IGMP protocol
const ProtocolType pcpp::IGMPv1 = 0x200000 |
IGMPv1 protocol
const ProtocolType pcpp::IGMPv2 = 0x400000 |
IGMPv2 protocol
const ProtocolType pcpp::IGMPv3 = 0x800000 |
IGMPv3 protocol
const ProtocolType pcpp::IP = 0x06 |
IP protocol (aggregation bitmask of IPv4 and IPv6 protocols)
const ProtocolType pcpp::IPSec = 0x1800000000 |
IPSec protocol (aggregation bitmask of AH and ESP protocols)
const ProtocolType pcpp::IPv4 = 0x02 |
IPv4 protocol
const ProtocolType pcpp::IPv6 = 0x04 |
IPv6 protocol
const ProtocolType pcpp::MPLS = 0x2000 |
MPLS protocol
const ProtocolType pcpp::NULL_LOOPBACK = 0x100000 |
Null/Loopback protocol
const ProtocolType pcpp::PacketTrailer = 0x20000000 |
Packet trailer
const ProtocolType pcpp::PPP_PPTP = 0x10000 |
PPP for PPTP protocol
const ProtocolType pcpp::PPPoE = 0xc00 |
PPPoE protocol (aggregation bitmask of PPPoESession and PPPoEDiscovery protocols)
const ProtocolType pcpp::PPPoEDiscovery = 0x800 |
PPPoE discovery protocol
const ProtocolType pcpp::PPPoESession = 0x400 |
PPPoE session protocol
const ProtocolType pcpp::Radius = 0x40000000 |
RADIUS protocol
const ProtocolType pcpp::SDP = 0x10000000 |
SDP protocol
const ProtocolType pcpp::SIP = 0xc000000 |
SIP protocol (aggregation bitmask of SIPRequest and SIPResponse protocols)
const ProtocolType pcpp::SIPRequest = 0x4000000 |
SIP request protocol
const ProtocolType pcpp::SIPResponse = 0x8000000 |
SIP response protocol
const ProtocolType pcpp::SLL = 0x40000 |
SLL (Linux cooked capture) protocol
const ProtocolType pcpp::SSH = 0x400000000 |
SSH version 2 protocol
const ProtocolType pcpp::SSL = 0x20000 |
SSL/TLS protocol
const ProtocolType pcpp::TCP = 0x08 |
TCP protocol
const ProtocolType pcpp::UDP = 0x10 |
UDP protocol
const ProtocolType pcpp::UnknownProtocol = 0x00 |
Unknown protocol (or unsupported by PcapPlusPlus)
const ProtocolType pcpp::VLAN = 0x100 |
VLAN protocol
const ProtocolType pcpp::VXLAN = 0x2000000 |
VXLAN protocol