28 const u_char *pkt_data);
981 int pcap_createsrcstr(
char *source,
int type,
const char *
host,
const char *port,
const char *name,
char *errbuf);
1039 int pcap_parsesrcstr(
const char *source,
int *type,
char *
host,
char *port,
char *name,
char *errbuf);
int pcap_sendqueue_queue(pcap_send_queue *queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data)
Add a packet to a send queue.
char * pcap_lookupdev(char *errbuf)
Return the first valid device in the system.
Header of a packet in the dump file.
int pcap_findalldevs_ex(char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf)
Create a list of network devices that can be opened with pcap_open().
int pcap_list_datalinks(pcap_t *p, int **dlt_buf)
list datalinks
pcap_t * pcap_open(const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf)
Open a generic source in order to capture / send (WinPcap only) traffic.
pcap_send_queue * pcap_sendqueue_alloc(u_int memsize)
Allocate a send queue.
A queue of raw packets that will be sent to the network with pcap_sendqueue_transmit().
struct pcap pcap_t
Descriptor of an open capture instance. This structure is opaque to the user, that handles its conten...
pcap_t * pcap_open_dead(int linktype, int snaplen)
Create a pcap_t structure without starting a capture.
int pcap_is_swapped(pcap_t *p)
returns true if the current savefile uses a different byte order than the current system...
void(* pcap_handler)(u_char *user, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data)
Prototype of the callback function that receives the packets.
void pcap_dump(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
Save a packet to disk.
int pcap_datalink(pcap_t *p)
Return the link layer of an adapter.
const char * pcap_datalink_val_to_description(int dlt)
Translates a data link type value to a short description of that data link type. NULL is returned on ...
long pcap_dump_ftell(pcap_dumper_t *)
Return the file position for a "savefile".
void pcap_freealldevs(pcap_if_t *alldevsp)
Free an interface list returned by pcap_findalldevs().
Structure that keeps statistical values on an interface.
This structure defines the information related to sampling.
char * pcap_strerror(int error)
Provided in case strerror() isn't available.
int pcap_live_dump(pcap_t *p, char *filename, int maxsize, int maxpacks)
Save a capture to file.
char * pcap_geterr(pcap_t *p)
return the error text pertaining to the last pcap library error.
int pcap_createsrcstr(char *source, int type, const char *host, const char *port, const char *name, char *errbuf)
Accept a set of strings (host name, port, ...), and it returns the complete source string according t...
int pcap_getnonblock(pcap_t *p, char *errbuf)
Get the "non-blocking" state of an interface.
HANDLE pcap_getevent(pcap_t *p)
Return the handle of the event associated with the interface p.
pcap_t * pcap_open_live(const char *device, int snaplen, int promisc, int to_ms, char *ebuf)
Open a live capture from the network.
int pcap_lookupnet(const char *device, bpf_u_int32 *netp, bpf_u_int32 *maskp, char *errbuf)
Return the subnet and netmask of an interface.
int pcap_compile(pcap_t *p, struct bpf_program *fp, char *str, int optimize, bpf_u_int32 netmask)
Compile a packet filter, converting an high level filtering expression (see Filtering expression synt...
int pcap_snapshot(pcap_t *p)
Return the dimension of the packet portion (in bytes) that is delivered to the application.
struct pcap_stat * pcap_stats_ex(pcap_t *p, int *pcap_stat_size)
Return statistics on current capture.
int pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf)
Switch between blocking and nonblocking mode.
PAirpcapHandle pcap_get_airpcap_handle(pcap_t *p)
Returns the AirPcap handler associated with an adapter. This handler can be used to change the wirele...
int pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header, const u_char **pkt_data)
Read a packet from an interface or from an offline capture.
void pcap_remoteact_cleanup()
Clean the socket that is currently used in waiting active connections.
u_char * pcap_next(pcap_t *p, struct pcap_pkthdr *h)
Return the next available packet.
void pcap_breakloop(pcap_t *)
set a flag that will force pcap_dispatch() or pcap_loop() to return rather than looping.
const char * pcap_datalink_val_to_name(int dlt)
Translates a data link type value to the corresponding data link type name. NULL is returned on failu...
int pcap_dump_flush(pcap_dumper_t *p)
Flushes the output buffer to the savefile,'' so that any packets written with pcap_dump() but not yet...
struct pcap_samp * pcap_setsampling(pcap_t *p)
Define a sampling method for packet capture.
int pcap_parsesrcstr(const char *source, int *type, char *host, char *port, char *name, char *errbuf)
Parse the source string and returns the pieces in which the source can be split.
int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
Collect a group of packets.
the client sends the appropriate commands to the daemon and it starts the capture This name is due to the fact thet the daemon becomes< i > active</i > instead of< i > waiting</i > for new connections</li ></ul >< p > The Active Mode is useful in case the remote daemon is behind a firewall and it cannot receive connections from the external world In this the daemon can be configured to establish the connection to a given host
int pcap_sendpacket(pcap_t *p, u_char *buf, int size)
Send a raw packet.
int pcap_setbuff(pcap_t *p, int dim)
Set the size of the kernel buffer associated with an adapter.
int pcap_setmode(pcap_t *p, int mode)
Set the working mode of the interface p to mode.
int pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
Collect a group of packets.
u_int pcap_sendqueue_transmit(pcap_t *p, pcap_send_queue *queue, int sync)
Send a queue of raw packets to the network.
void pcap_dump_close(pcap_dumper_t *p)
Closes a savefile.
int pcap_minor_version(pcap_t *p)
return the minor version number of the pcap library used to write the savefile.
FILE * pcap_file(pcap_t *p)
Return the standard stream of an offline capture.
int pcap_remoteact_close(const char *host, char *errbuf)
Drop an active connection (active mode only).
This structure keeps the information needed to autheticate the user on a remote machine.
struct pcap_dumper pcap_dumper_t
libpcap savefile descriptor.
int pcap_compile_nopcap(int snaplen_arg, int linktype_arg, struct bpf_program *program, char *buf, int optimize, bpf_u_int32 mask)
Compile a packet filter without the need of opening an adapter. This function converts an high level ...
int pcap_setfilter(pcap_t *p, struct bpf_program *fp)
Associate a filter to a capture.
int pcap_remoteact_list(char *hostlist, char sep, int size, char *errbuf)
Return the hostname of the host that have an active connection with us (active mode only)...
struct _AirpcapHandle * PAirpcapHandle
const char * pcap_lib_version(void)
Returns a pointer to a string giving information about the version of the libpcap library being used;...
int pcap_datalink_name_to_val(const char *name)
Translates a data link type name, which is a DLT_ name with the DLT_ removed, to the corresponding da...
void pcap_perror(pcap_t *p, char *prefix)
print the text of the last pcap library error on stderr, prefixed by prefix.
pcap_dumper_t * pcap_dump_open(pcap_t *p, const char *fname)
Open a file to write packets.
FILE * pcap_dump_file(pcap_dumper_t *p)
return the standard I/O stream of the 'savefile' opened by pcap_dump_open().
SOCKET pcap_remoteact_accept(const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf)
Block until a network connection is accepted (active mode only).
Item in a list of interfaces, used by pcap_findalldevs().
int pcap_setmintocopy(pcap_t *p, int size)
Set the minumum amount of data received by the kernel in a single call.
int pcap_live_dump_ended(pcap_t *p, int sync)
Return the status of the kernel dump process, i.e. tells if one of the limits defined with pcap_live_...
pcap_t * pcap_open_offline(const char *fname, char *errbuf)
Open a savefile in the tcpdump/libpcap format to read packets.
int pcap_offline_filter(struct bpf_program *prog, const struct pcap_pkthdr *header, const u_char *pkt_data)
Returns if a given filter applies to an offline packet.
u_int bpf_u_int32
32-bit unsigned integer
int pcap_set_datalink(pcap_t *p, int dlt)
Set the current data link type of the pcap descriptor to the type specified by dlt. -1 is returned on failure.
int pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
Construct a list of network devices that can be opened with pcap_open_live().
void pcap_sendqueue_destroy(pcap_send_queue *queue)
Destroy a send queue.
void pcap_close(pcap_t *p)
close the files associated with p and deallocates resources.
void pcap_freecode(struct bpf_program *fp)
Free a filter.
int pcap_major_version(pcap_t *p)
return the major version number of the pcap library used to write the savefile.
int pcap_stats(pcap_t *p, struct pcap_stat *ps)
Return statistics on current capture.