Class WinPcap

最新推荐文章于 2021-02-26 06:48:31 发布

chief1985

最新推荐文章于 2021-02-26 06:48:31 发布

阅读量1.6k

点赞数

分类专栏： java 网络文章标签： class methods network authentication statistics command

java 同时被 2 个专栏收录

101 篇文章 0 订阅

订阅专栏

网络

49 篇文章 1 订阅

订阅专栏

http://jnetstream.com/docs/javadoc/jnetpcap-1.1-javadoc/org/jnetpcap/winpcap/WinPcap.html

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES All Classes

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jnetpcap.winpcap
Class WinPcap

java.lang.Object
  org.jnetpcap.Pcap
      org.jnetpcap.winpcap.WinPcap

public class WinPcap
    
    
     
     extends 
     
     Pcap

Class peered with native pcap_t structure providing WinPcap specific extensions to libpcap library. To access WinPcap extensions, you must use WinPcap class and its methods. WinPcap class extends Pcap class so you have all of the typeical Pcap class functionality. WinPcap provides many additional methods which are only available on platforms what support WinPcap. First you must use static WinPcap.isSupported() method call which will return a boolean that will indicate if WinPcap extensions are supported on this particular platform. If you try and use any method in this class when WinPcap extensions are not supported, another words WinPcap.isSupported() returned false, every method in this calls will throw unchecked PcapExtensionNotAvailableException. Of course,isSupported call itself never throws an exception. So its safe to use on any platform.

 // Before using any WinPcap code
 if (WinPcap.isSupported() == false) {
        return; // Can't use WinPcap extensions
 }

Using WinPcap class

For the most part, you use WinPcap the same way you would use Pcap class. WinPcap class provides many different static methods, and the same main three methods that Pcap does to open a capture session, plus one extra. They are:

openLive - opens a live capture from network interface
openOffline - opens a capture file
openDead - opens a dummy capture for filter compiling
open - special open command that uses the source string syntax to accomplish the same tasks as the three openXXX methods before it.

There are also several addition methods:

findAllDevsEx - extended version of Pcap.findAllDevs which allows you to not only find network interfaces, but also PCAP files. This can be done locally or remotely.
liveDump - which can dump captured packets to a savefile automatically at the kernel level.
sendQueueTransmit - and related method, which allow raw packets to be sent in bulk, efficiently.
setMinToCopy, setMode and setBuf - allow tweaking of kernel buffers and enable/disable statistical captures
offlineFilter - ability to apply the BPF filter on your own packets without a capture
setSampling - changes the mode of the capture where only samples of a capture are retruend. packets
statEx - extended statistics that include counters on RPCAP remote connection

Using WinPcap.findAllDevsEx

The new method uses source string and WinPcapRmtAuth object and allows remote lookups of interfraces and files. A local lookup:

 String source = "rpcap://";
 List<PcapIf> alldevs = new ArrayList<PcapIf>();
 
 int r = WinPcap.findAllDevsEx(source, auth, alldevs, errbuf);
 if (r != Pcap.OK) {
        fail(errbuf.toString());
        return;
 }
 
 System.out.println("device list is " + alldevs);

Now we have a list of PcapIf objects. You can use PcapIf.getName() which contains already properly formatted name to be passed to WinPcap.open call.

Using WinPcap.open method

Once you have a reference to a WinPcap object, you can then call any of its dynamic methods. Here is a straight forward example how to open a capture session and then close it:

 WinPcap pcap = WinPcap.openLive(device, snaplen, flags, timeout, errbuf);
 // Do something
 pcap.close();

This is identical to Pcap.openLive method with the exception that WinPcap object is returned. WinPcap extends Pcap. Here is the same example this time using WinPcap's source string code and a bogus device name (you will need to substitute your own actual device name):

  String source = "rpcap:Device//NPF_{BC81C4FC-242F-4F1C-9DAD-EA9523CC992D}";
  int snaplen = 64 * 1024;
  int flags = Pcap.MODE_NON_PROMISCUOUS;
  int timeout = 1000;
  WinPcapRmtAuth auth = null;
  StringBuilder errbuf = new StringBuilder();
 
  WinPcap pcap = WinPcap.open(source, snaplen, flags, timeout, auth, errbuf);
  if (pcap == null) {
        System.err.println(errbuf.toString());
        return;
  }
  pcap.close(); }

We use open method which takes a WinPcapRmtAuth object. We could set username and password in it, but we chose the 'NULL' authentication method. The remote server has to be configured with a '-n' command line argument to access 'NULL' authentication.

Author:

Mark Bednarczyk, Sly Technologies, Inc.

See Also:

Pcap

Field Summary
`static int`	`MODE_CAPT` default capture mode
`static int`	`MODE_MONITOR` monitor mode
`static int`	`MODE_STAT` statistical mode
`static int`	`OPENFLAG_DATATX_UDP` Defines if the data trasfer (in case of a remote capture) has to be done with UDP protocol and can only be used with `WinPcap.open`.
`static int`	`OPENFLAG_MAX_RESPONSIVENESS` This flag configures the adapter for maximum responsiveness and can only be used with `WinPcap.open`.
`static int`	`OPENFLAG_NOCAPTURE_LOCAL` Defines if the local adapter will capture its own generated traffic and can only be used with `WinPcap.open`.
`static int`	`OPENFLAG_NOCAPTURE_RPCAP` Defines if the remote probe will capture its own generated traffic and can only be used with `WinPcap.open`.
`static int`	`SRC_FILE` Used to create a source string using method `createSrcStr`, which will be used to open a local capture file.
`static int`	`SRC_IFLOCAL` Used to create a source string using method `createSrcStr`, which will be used to open a local network interface.
`static int`	`SRC_IFREMOTE` Used to create a source string using method `createSrcStr`,which will be used to open a remote connection (could be file, or network interface on remote system).
`static int`	`TRANSMIT_SYNCH_ASAP` Flag used with `sendQueueTransmit(WinPcapSendQueue, int)`, to tell kernel to send packets as fast as possible, without synchronizing with packet timestamps found in headers.
`static int`	`TRANSMIT_SYNCH_USE_TIMESTAMP` Flag used with `sendQueueTransmit(WinPcapSendQueue, int)`, to tell kernel to send packets at the rate that is determined by the timestamp with in the sendqueue.

Fields inherited from class org.jnetpcap.Pcap
`DISPATCH_BUFFER_FULL, JNETPCAP_LIBRARY_NAME, LOOP_INFINATE, LOOP_INTERRUPTED, MODE_BLOCKING, MODE_NON_BLOCKING, MODE_NON_PROMISCUOUS, MODE_PROMISCUOUS, NEXT_EX_EOF,NEXT_EX_NOT_OK, NEXT_EX_OK, NEXT_EX_TIMEDOUT, NOT_OK, OK`