PcapFile

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jnetstream.capture.file.pcap
Interface PcapFile

All Superinterfaces:: Capture<PcapPacket>, java.io.Closeable, FileCapture<PcapPacket>, java.io.Flushable, java.lang.Iterable<PcapPacket>, PcapFormat

public interface PcapFile
extends FileCapture<PcapPacket>, PcapFormat
extends FileCapture<PcapPacket>, PcapFormat

PCAP file format from tcpdump.org folks.

Author:: Mark Bednarczyk, Sly Technologies, Inc.

Field Summary
`static HeaderReader`	`headerReader`
`static org.apache.commons.logging.Log`	`logger`
`static byte[]`	`MAGIC_PATTERN_BE` Default MAGIC byte pattern for Pcap file in big-endian byte encoding
`static byte[]`	`MAGIC_PATTERN_LE` Default MAGIC byte pattern for Pcap file in little-endian byte encoding
`static long`	`MAJOR_VERSION` Default major version of the file format
`static int`	`MINOR_VERSION` Default minor version of the file format

Fields inherited from interface org.jnetstream.capture.file.pcap.PcapFormat
`DEFAULT_ACCURACY, DEFAULT_SNAPLEN, HEADER_LENGTH`

Method Summary
`com.slytechs.utils.collection.IOSkippableIterator<PcapBlockRecord>`	`getBlockIterator()` Each capture file is organized so that there exists atleast 1 block record, usually at the beginning of the capture file.
`PcapBlockRecord`	`getBlockRecord()`
`Protocol`	`getDlt()`
`PacketIndexer<PcapPacket>`	`getPacketIndexer()` Indexer which accesses packets by index.
`PacketIterator<PcapPacket>`	`getPacketIterator()` Retrieves an iterator `Iterator` which can iterate over all the packets of this capture session.
`RawIndexer`	`getRawIndexer()` Raw ByteBuffer based record indexer.
`RawIterator`	`getRawIterator()` Gets an iterator that will return raw contents of the records contained in the underlying capture file.
`RecordIndexer<PcapRecord>`	`getRecordIndexer()` Indexer which accesses records by index.
`RecordIterator<PcapRecord>`	`getRecordIterator()` Iterator which iterates over every record within the file capture.
`PcapBlockRecord`	`setBlockRecord(byte[] m, int major, int minor, PcapDLT dlt, int a, int tz, int i)` Adds a new block record at the beginning of the Pcap file.
`PcapBlockRecord`	`setBlockRecord(PcapDLT dlt, int i)` Adds a new block record at the beginning of the Pcap file.

Methods inherited from interface org.jnetstream.capture.FileCapture
`abortChanges, flush, getFastIterator, getFile, getFormatType, getLength, getPacketCount, getPacketCount, getRawIterator, getRecordIterator, getVersion, isEmpty, isOpen, order`

Methods inherited from interface org.jnetstream.capture.Capture
`getFilter, getType, isMutable, iterator`

Field Detail

headerReader

static final HeaderReader headerReader

logger

static final org.apache.commons.logging.Log logger

MAGIC_PATTERN_BE

static final byte[] MAGIC_PATTERN_BE

Default MAGIC byte pattern for Pcap file in big-endian byte encoding

   A1 B2 C3 D4

MAGIC_PATTERN_LE

static final byte[] MAGIC_PATTERN_LE

Default MAGIC byte pattern for Pcap file in little-endian byte encoding

   D4 C3 B2 A1

MAJOR_VERSION

static final long MAJOR_VERSION

Default major version of the file format

See Also:: Constant Field Values

MINOR_VERSION

static final int MINOR_VERSION

Default minor version of the file format

See Also:: Constant Field Values

Method Detail

getBlockIterator

com.slytechs.utils.collection.IOSkippableIterator<PcapBlockRecord> getBlockIterator()
                                                                                    throws java.io.IOException

Description copied from interface: FileCapture

Each capture file is organized so that there exists atleast 1 block record, usually at the beginning of the capture file. Block record, also sometimes called file header, contains 0 or more data records which hold some kind of information. The most common record type is packet record which has a record header and record data content which is the raw packet data.

Specified by:: getBlockIterator in interface FileCapture<PcapPacket>

Returns:: record iterator that will iterate over all block records within the capture file
Throws:: java.io.IOException

getBlockRecord

PcapBlockRecord getBlockRecord()
                               throws java.io.IOException

Throws:: java.io.IOException

getDlt

Protocol getDlt()
                throws java.io.IOException

Throws:: java.io.IOException

getPacketIndexer

PacketIndexer<PcapPacket> getPacketIndexer()
                                           throws java.io.IOException

Description copied from interface: FileCapture

Indexer which accesses packets by index. The elements returned by this indexer are FilePacket based objects.

Specified by:: getPacketIndexer in interface FileCapture<PcapPacket>

Returns:: packet indexer
Throws:: java.io.IOException - any IO errors

getPacketIterator

PacketIterator<PcapPacket> getPacketIterator()
                                             throws java.io.IOException

Description copied from interface: Capture

Retrieves an iterator Iterator which can iterate over all the packets of this capture session. The IO based iterator mimics the methods and behaviour of its counter part Iterator that it can throw IO exceptions in any of the methods.

Specified by:: getPacketIterator in interface Capture<PcapPacket>
Specified by:: getPacketIterator in interface FileCapture<PcapPacket>

Returns:: Iterator capable of throwing IO exceptions
Throws:: java.io.IOException - Any IO errors while retrieving a packet

getRawIndexer

RawIndexer getRawIndexer()
                         throws java.io.IOException

Description copied from interface: FileCapture

Raw ByteBuffer based record indexer. The elements returned by this indexer are ByteBuffers which have the limit and position properties aligned to the beginning and end of recods. You access these records using list-like indexes. Raw indexer also allows some low level mutable methods.

Specified by:: getRawIndexer in interface FileCapture<PcapPacket>

Returns:: indexer which accesses raw records
Throws:: java.io.IOException - any IO errors

getRawIterator

RawIterator getRawIterator()
                           throws java.io.IOException

Description copied from interface: FileCapture

Gets an iterator that will return raw contents of the records contained in the underlying capture file.

Specified by:: getRawIterator in interface FileCapture<PcapPacket>

Returns:: raw record iterator
Throws:: java.io.IOException - any IO errors

getRecordIndexer

RecordIndexer<PcapRecord> getRecordIndexer()
                                           throws java.io.IOException

Description copied from interface: FileCapture

Indexer which accesses records by index. The elements returned by this indexer are Record based objects.

Specified by:: getRecordIndexer in interface FileCapture<PcapPacket>

Returns:: record indexer
Throws:: java.io.IOException - any IO errors

getRecordIterator

RecordIterator<PcapRecord> getRecordIterator()
                                             throws java.io.IOException

Description copied from interface: FileCapture

Iterator which iterates over every record within the file capture. The iterator will iterate has range over every single record including the block record (i.e. file header) at the beginning of the file.

Specified by:: getRecordIterator in interface FileCapture<PcapPacket>

Returns:
Throws:: java.io.IOException

setBlockRecord

PcapBlockRecord setBlockRecord(byte[] m,
                               int major,
                               int minor,
                               PcapDLT dlt,
                               int a,
                               int tz,
                               int i)
                               throws java.io.IOException,
                                      java.lang.IllegalStateException

Adds a new block record at the beginning of the Pcap file. The file must be completely empty inorder for this operation to succeed, otherwise InvalidStateException will be thrown.

Parameters:: m - magic number to include in the block header, the magic number must exactly 4 octets in length and its position and limit properties point to the beginning of pattern; major - major version number; minor - minor version number; dlt - PCAP data link type; a - accuracy of the timestamp; tz - timezone of the timestamp; i - included length or sometimes refered to as snaplen value
Throws:: java.io.IOException - any IO errors; java.lang.IllegalStateException - if the file is not completely empty and its size not equal to length of 0 bytes

setBlockRecord

PcapBlockRecord setBlockRecord(PcapDLT dlt,
                               int i)
                               throws java.io.IOException,
                                      java.lang.IllegalStateException

Adds a new block record at the beginning of the Pcap file. The file must be completely empty inorder for this operation to succeed, otherwise InvalidStateException will be thrown. This method uses defaults for many of the required parameters, such as the timezone is taken from the current runtime environment settings.

Parameters:: dlt - PCAP data link type; i - included length or sometimes refered to as snaplen value
Throws:: java.io.IOException - any IO errors; java.lang.IllegalStateException - if the file is not completely empty and its size not equal to length of 0 bytes

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jnetstream.capture.file.pcap Interface PcapFile

headerReader

logger

MAGIC_PATTERN_BE

MAGIC_PATTERN_LE

MAJOR_VERSION

MINOR_VERSION

getBlockIterator

getBlockRecord

getDlt

getPacketIndexer

getPacketIterator

getRawIndexer

getRawIterator

getRecordIndexer

getRecordIterator

setBlockRecord

setBlockRecord

org.jnetstream.capture.file.pcap
Interface PcapFile