Package nl.sidnlabs.pcap
Class PcapReader
- java.lang.Object
-
- nl.sidnlabs.pcap.PcapReader
-
public class PcapReader extends Object
Read all data from a pcap file and decode all the packets
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description protected static classPcapReader.LinkType
-
Field Summary
Fields Modifier and Type Field Description static intCAP_LEN_OFFSETstatic intDNS_PORTstatic intETHERNET_HEADER_SIZEstatic intETHERNET_TYPE_8021Qstatic intETHERNET_TYPE_IPstatic intETHERNET_TYPE_IPV6static intETHERNET_TYPE_OFFSETstatic intHEADER_SIZEstatic longMAGIC_NUMBERstatic intPACKET_HEADER_SIZEstatic intPCAP_HEADER_LINKTYPE_OFFSETstatic intPROTOCOL_FRAGMENTEDstatic intSLL_ADDRESS_LENGTH_OFFSETstatic intSLL_HEADER_BASE_SIZEstatic intTIMESTAMP_MICROS_OFFSETstatic intTIMESTAMP_OFFSET
-
Constructor Summary
Constructors Constructor Description PcapReader(DataInputStream is, IPDecoder ipDecoder, boolean tcpEnabled, String filename, boolean partial)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidclearCache(int tcpCacheTTL, int ipCacheTTL)Clear expired cache entries in order to avoid memory problemsvoidclose()protected intfindIPStart(byte[] packet)com.google.common.collect.Multimap<Datagram,DatagramPayload>getDatagrams()protected PcapReader.LinkTypegetLinkType(long linkTypeVal)Iterable<Packet>iter()protected booleanreadBytes(byte[] buf)voidsetDatagrams(com.google.common.collect.Multimap<Datagram,DatagramPayload> map)voidsetTcpFlows(Map<TCPFlow,FlowData> flows)Stream<Packet>stream()protected booleanvalidateMagicNumber(byte[] pcapHeader)
-
-
-
Field Detail
-
DNS_PORT
public static final int DNS_PORT
- See Also:
- Constant Field Values
-
MAGIC_NUMBER
public static final long MAGIC_NUMBER
- See Also:
- Constant Field Values
-
HEADER_SIZE
public static final int HEADER_SIZE
- See Also:
- Constant Field Values
-
PCAP_HEADER_LINKTYPE_OFFSET
public static final int PCAP_HEADER_LINKTYPE_OFFSET
- See Also:
- Constant Field Values
-
PACKET_HEADER_SIZE
public static final int PACKET_HEADER_SIZE
- See Also:
- Constant Field Values
-
TIMESTAMP_OFFSET
public static final int TIMESTAMP_OFFSET
- See Also:
- Constant Field Values
-
TIMESTAMP_MICROS_OFFSET
public static final int TIMESTAMP_MICROS_OFFSET
- See Also:
- Constant Field Values
-
CAP_LEN_OFFSET
public static final int CAP_LEN_OFFSET
- See Also:
- Constant Field Values
-
ETHERNET_HEADER_SIZE
public static final int ETHERNET_HEADER_SIZE
- See Also:
- Constant Field Values
-
ETHERNET_TYPE_OFFSET
public static final int ETHERNET_TYPE_OFFSET
- See Also:
- Constant Field Values
-
ETHERNET_TYPE_IP
public static final int ETHERNET_TYPE_IP
- See Also:
- Constant Field Values
-
ETHERNET_TYPE_IPV6
public static final int ETHERNET_TYPE_IPV6
- See Also:
- Constant Field Values
-
ETHERNET_TYPE_8021Q
public static final int ETHERNET_TYPE_8021Q
- See Also:
- Constant Field Values
-
SLL_HEADER_BASE_SIZE
public static final int SLL_HEADER_BASE_SIZE
- See Also:
- Constant Field Values
-
SLL_ADDRESS_LENGTH_OFFSET
public static final int SLL_ADDRESS_LENGTH_OFFSET
- See Also:
- Constant Field Values
-
PROTOCOL_FRAGMENTED
public static final int PROTOCOL_FRAGMENTED
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
PcapReader
public PcapReader(DataInputStream is, IPDecoder ipDecoder, boolean tcpEnabled, String filename, boolean partial) throws IOException
- Throws:
IOException
-
-
Method Detail
-
clearCache
public void clearCache(int tcpCacheTTL, int ipCacheTTL)Clear expired cache entries in order to avoid memory problems- Parameters:
tcpCacheTTL- timeout for tcp flowsipCacheTTL- timeout for IP fragments
-
close
public void close()
-
validateMagicNumber
protected boolean validateMagicNumber(byte[] pcapHeader)
-
getLinkType
protected PcapReader.LinkType getLinkType(long linkTypeVal)
-
findIPStart
protected int findIPStart(byte[] packet)
-
readBytes
protected boolean readBytes(byte[] buf)
-
getDatagrams
public com.google.common.collect.Multimap<Datagram,DatagramPayload> getDatagrams()
-
setDatagrams
public void setDatagrams(com.google.common.collect.Multimap<Datagram,DatagramPayload> map)
-
-