Read a pcap or pcapng capture file format.
More...
#include <tsPcapFile.h>
|
|
| PcapFile ()=default |
| | Default constructor.
|
| |
|
virtual | ~PcapFile () |
| | Destructor.
|
| |
| virtual void | close () |
| | Close the file.
|
| |
| bool | endOfFile () const |
| | Check if the end of file (or other error) has been reached.
|
| |
| fs::path | fileName () const |
| | Get the file name.
|
| |
| uint64_t | fileSize () const |
| | Get the total file size in bytes so far.
|
| |
| cn::microseconds | firstTimestamp () const |
| | Get the capture timestamp of the first packet in the file.
|
| |
| uint64_t | ipv4PacketCount () const |
| | Get the number of valid captured IPv4 packets so far.
|
| |
| bool | isOpen () const |
| | Check if the file is open.
|
| |
| cn::microseconds | lastTimestamp () const |
| | Get the capture timestamp of the last packet which was read from the file.
|
| |
| virtual bool | open (const fs::path &filename, Report &report) |
| | Open the file for read.
|
| |
| uint64_t | packetCount () const |
| | Get the number of captured packets so far.
|
| |
| virtual bool | readIPv4 (IPv4Packet &packet, VLANIdStack &vlans, cn::microseconds ×tamp, Report &report) |
| | Read the next IPv4 packet (headers included).
|
| |
| cn::microseconds | timeOffset (cn::microseconds timestamp) const |
| | Compute the time offset from the beginning of the file of a packet timestamp.
|
| |
| uint64_t | totalIPv4PacketsSize () const |
| | Get the total size in bytes of valid captured IPv4 packets so far.
|
| |
| uint64_t | totalPacketsSize () const |
| | Get the total size in bytes of captured packets so far.
|
| |
|
| static Time | ToTime (cn::microseconds timestamp) |
| | Compute the date and time from a packet timestamp.
|
| |
Read a pcap or pcapng capture file format.
This is the type of files which is created by Wireshark. This class reads a pcap or pcapng file and extracts IPv4 frames. All metadata and all other types of frames are ignored.
- See also
- https://tools.ietf.org/pdf/draft-gharris-opsawg-pcap-02.pdf (PCAP)
-
https://datatracker.ietf.org/doc/draft-gharris-opsawg-pcap/ (PCAP tracker)
-
https://tools.ietf.org/pdf/draft-tuexen-opsawg-pcapng-04.pdf (PCAP-ng)
-
https://datatracker.ietf.org/doc/draft-tuexen-opsawg-pcapng/ (PCAP-ng tracker)
◆ open()
| virtual bool ts::PcapFile::open |
( |
const fs::path & |
filename, |
|
|
Report & |
report |
|
) |
| |
|
virtual |
Open the file for read.
- Parameters
-
| [in] | filename | File name. If empty or "-", use standard input. |
| [in,out] | report | Where to report errors. |
- Returns
- True on success, false on error.
Reimplemented in ts::PcapFilter, and ts::PcapStream.
◆ isOpen()
| bool ts::PcapFile::isOpen |
( |
| ) |
const |
|
inline |
Check if the file is open.
- Returns
- True if the file is open, false otherwise.
◆ fileName()
| fs::path ts::PcapFile::fileName |
( |
| ) |
const |
|
inline |
Get the file name.
- Returns
- The file name as specified in open(). If the standard input is used, return "standard input".
◆ readIPv4()
Read the next IPv4 packet (headers included).
Skip intermediate metadata and other types of packets.
- Parameters
-
| [out] | packet | Received IPv4 packet. |
| [out] | vlans | Stack of VLAN encapsulation from which the packet is extracted. |
| [out] | timestamp | Capture timestamp in microseconds since Unix epoch or -1 if none is available. |
| [in,out] | report | Where to report error. |
- Returns
- True on success, false on error.
Reimplemented in ts::PcapFilter.
◆ packetCount()
| uint64_t ts::PcapFile::packetCount |
( |
| ) |
const |
|
inline |
Get the number of captured packets so far.
This includes all packets, not only IPv4 packets. This value is the number of the last returned packet, as seen in the left-most column in Wireshark interface.
- Returns
- The number of captured packets so far.
◆ endOfFile()
| bool ts::PcapFile::endOfFile |
( |
| ) |
const |
|
inline |
Check if the end of file (or other error) has been reached.
- Returns
- True on end of file or error.
◆ ipv4PacketCount()
| uint64_t ts::PcapFile::ipv4PacketCount |
( |
| ) |
const |
|
inline |
Get the number of valid captured IPv4 packets so far.
- Returns
- The number of valid captured IPv4 packets so far.
◆ fileSize()
| uint64_t ts::PcapFile::fileSize |
( |
| ) |
const |
|
inline |
Get the total file size in bytes so far.
- Returns
- The total file size in bytes so far.
◆ totalPacketsSize()
| uint64_t ts::PcapFile::totalPacketsSize |
( |
| ) |
const |
|
inline |
Get the total size in bytes of captured packets so far.
This includes all packets, including link-layer headers when present.
- Returns
- The total size in bytes of captured packets so far.
◆ totalIPv4PacketsSize()
| uint64_t ts::PcapFile::totalIPv4PacketsSize |
( |
| ) |
const |
|
inline |
Get the total size in bytes of valid captured IPv4 packets so far.
This includes all IPv4 headers but not link-layer headers when present.
- Returns
- The total size in bytes of valid captured IPv4 packets so far.
◆ firstTimestamp()
| cn::microseconds ts::PcapFile::firstTimestamp |
( |
| ) |
const |
|
inline |
Get the capture timestamp of the first packet in the file.
- Returns
- Capture timestamp in microseconds since Unix epoch or -1 if none is available.
◆ lastTimestamp()
| cn::microseconds ts::PcapFile::lastTimestamp |
( |
| ) |
const |
|
inline |
Get the capture timestamp of the last packet which was read from the file.
- Returns
- Capture timestamp in microseconds since Unix epoch or -1 if none is available.
◆ timeOffset()
| cn::microseconds ts::PcapFile::timeOffset |
( |
cn::microseconds |
timestamp | ) |
const |
|
inline |
Compute the time offset from the beginning of the file of a packet timestamp.
- Parameters
-
| [in] | timestamp | Capture timestamp of a packet in the file. |
- Returns
- Time offset in microseconds of the packet from the beginning of the file.
◆ ToTime()
| static Time ts::PcapFile::ToTime |
( |
cn::microseconds |
timestamp | ) |
|
|
inlinestatic |
Compute the date and time from a packet timestamp.
- Parameters
-
| [in] | timestamp | Capture timestamp of a packet in a file. |
- Returns
- Corresponding date or Epoch in case of error.
◆ close()
| virtual void ts::PcapFile::close |
( |
| ) |
|
|
virtual |
Close the file.
Do not reset counters, file names, etc. The last values before close() are still accessible.
The documentation for this class was generated from the following file:
1.9.8