Examples of org.jnetpcap.winpcap.WinPcap

• org.jnetpcap.winpcap.WinPcap
  re using any WinPcap code if (WinPcap.isSupported() == false) { return; // Can't use WinPcap extensions }

  Using WinPcap class

  For the most part, you use WinPcap the same way you would use Pcap class. WinPcap class provides many different static methods, and the same main three methods that Pcap does to open a capture session, plus one extra. They are:

  • openLive - opens a live capture from network interface
  • openOffline - opens a capture file
  • openDead - opens a dummy capture for filter compiling
  • open - special open command that uses the source string syntax to accomplish the same tasks as the three openXXX methods before it.

  There are also several addition methods:

  • findAllDevsEx - extended version of Pcap.findAllDevs which allows you to not only find network interfaces, but also PCAP files. This can be done locally or remotely.
  • liveDump - which can dump captured packets to a savefile automatically at the kernel level.
  • sendQueueTransmit - and related method, which allow raw packets to be sent in bulk, efficiently.
  • setMinToCopy, setMode and setBuf - allow tweaking of kernel buffers and enable/disable statistical captures
  • offlineFilter - ability to apply the BPF filter on your own packets without a capture
  • setSampling - changes the mode of the capture where only samples of a capture are retruend. packets
  • statEx - extended statistics that include counters on RPCAP remote connection

  Using WinPcap.findAllDevsEx

  The new method uses source string and WinPcapRmtAuth object and allows remote lookups of interfraces and files. A local lookup:

   String source = "rpcap://"; List<PcapIf> alldevs = new ArrayList<PcapIf>(); int r = WinPcap.findAllDevsEx(source, auth, alldevs, errbuf); if (r != Pcap.OK) { fail(errbuf.toString()); return; } System.out.println("device list is " + alldevs); 

  Now we have a list of PcapIf objects. You can use PcapIf.getName() which contains already properly formatted name to be passed to WinPcap.open call.

  Using WinPcap.open method

  Once you have a reference to a WinPcap object, you can then call any of its dynamic methods. Here is a straight forward example how to open a capture session and then close it:

   WinPcap pcap = WinPcap.openLive(device, snaplen, flags, timeout, errbuf); // Do something pcap.close(); 

  This is identical to Pcap.openLive method with the exception that WinPcap object is returned. WinPcap extends Pcap. Here is the same example this time using WinPcap's source string code and a bogus device name (you will need to substitute your own actual device name):

   String source = "rpcap://\\Device\\NPF_{BC81C4FC-242F-4F1C-9DAD-EA9523CC992D}"; int snaplen = 64 * 1024; int flags = Pcap.MODE_NON_PROMISCUOUS; int timeout = 1000; WinPcapRmtAuth auth = null; StringBuffer errbuf = new StringBuffer(); WinPcap pcap = WinPcap.open(source, snaplen, flags, timeout, auth, errbuf); if (pcap == null) { System.err.println(errbuf.toString()); return; } pcap.close();	} 

  We use open method which takes a WinPcapRmtAuth object. We could set username and password in it, but we chose the 'NULL' authentication method. The remote server has to be configured with a '-n' command line argument to access 'NULL' authentication. @see Pcap @author Mark Bednarczyk @author Sly Technologies, Inc.

    final StringBuilder errbuf = new StringBuilder();
    Pcap.findAllDevs(alldevs, errbuf);

    // System.out.println(alldevs);

    final WinPcap pcap =
        WinPcap.openLive(alldevs.get(0).getName(), 65 * 1024, 1, 0, errbuf);
    pcap.setMinToCopy(0);

    pcap.loop(0, callback, pcap);

    return pcap;
  }