Package org.jnetpcap.winpcap
WinPcap extensions to libpcap avialable on a limited set of
platforms.
See:
Description
|
Class Summary |
| WinPcap |
Class peered with native pcap_t structure providing WinPcap
specific extensions to libpcap library. |
| WinPcapRmtAuth |
Class peered with native pcap_rmtauth structure. |
| WinPcapSamp |
Class peered with native pcap_samp structure. |
| WinPcapSendQueue |
Class peered with native pcap_send_queue structure. |
| WinPcapStat |
Class peered with native pcap_stat structure providing all
available extensions part of WinPcap extensions. |
Package org.jnetpcap.winpcap Description
WinPcap extensions to libpcap avialable on a limited set of
platforms. This package adds additional functionality provided by
WinPcap library widely available on win32 based platforms. These
extensions are optional and are not available on unix based platforms.
Checking for WinPcap extension availability
Before you utilize any of the extension in this package, the programmer
must first check if the extensions are available on this particular
platform. To do that use
WinPcap.isSupported()
method which returns a boolean value. A return value of
true
means that the extensions are supported and available, while a value of
false
means they are not. All methods will throw an
PcapExtensionNotAvailableException
if used and the extensions are not supported on this particular
platform. Therefore it is essential to always perform this check before
relying on these extensions.
Main WinPcap Extension Highlights
WinPcap improves greatly on libpcap. Since WinPcap is more then
just a libbrary (its actually a set of kernel drivers as well), it kind
of holds keys to many key resources within the native platform it was
designed to run on.
Main features:
- Control of kernel buffer
- Change of capture type from normal capture to sampling
- For raw network statistics, can engage the kernel to collect
those statistics and deliver them to the application. Much more
efficient
- Samples captures. Allows capturing only a sample of the
packets instead of every single one. Several sampling modes are
available.
- Packet queues which allow the programmer to send, very
efficiently a larger set of packets. These packets are sent using raw
link layer where you have to supply even the link header, i.e.
Ethernet.
- Remote network interface and file listing. List files and
interfaces on any WinPcap capable machine running WinPcaps's rpcapd
deamon.
- Remote capture. Capture packets remotely with the same
flexibility as being local.
WinPcap Source String Syntax
WinPcap introduced a URI style syntax for addressing local and remote
resources using a single
open
call, called a
source string
. The source string is used for both
open
and
findAllDevsEx
methods. A utility method is provided to help you build a
source string
from individual components,
createSrcStr(StringBuilder, int, String, String, String,
StringBuilder)
. The method does take quiet a few parameters, but most of them are
optional and null can be supplied instead. With the utility method you
can build
source strings
based on user interactions. The result is stored in the first
StringBuilder which is essentially a char buffer.
Here is a listing of various source string formats
allowed by the open method:
- file://path_and_filename - opens a local file
- rpcap://devicename - opens the selected device devices
available on the local host, without using the RPCAP protocol
- rpcap://host/devicename - opens the selected device available
on a remote host
- rpcap://host:port/devicename - opens the selected device
available on a remote host, using a non-standard port for RPCAP
- adaptername - to open a local adapter; kept for compability,
but it is strongly discouraged
- null - to open the first local adapter; kept for compability,
but it is strongly discouraged
The formats allowed by findAllDevsEx method are:
- file://folder/ - lists all the files in the given folder
- rpcap:// - lists all local adapters
- rpcap://host:port/ - lists the devices available on a remote
host
And some examples:
- rpcap://host.foo.bar/devicename [everything literal, no port
number]
- rpcap://host.foo.bar:1234/devicename [everything literal, with
port number]
- rpcap://10.11.12.13/devicename [IPv4 numeric, no port number]
- rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port
number]
- rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6
format, with port number]
- rpcap://[1:2:3::4]/devicename [IPv6 numeric, no port number]
- rpcap://[1:2:3::4]:1234/devicename [IPv6 numeric, with port
number]
- rpcap://[1:2:3::4]:http/devicename [IPv6 numeric, with literal
port number]
(Credit for most doc comments: WinPcap manual)