| # Original license |
| #------------------------------------------------------------------------------- |
| # Name: winpcapy.py |
| # |
| # Author: Massimo Ciani |
| # |
| # Created: 01/09/2009 |
| # Copyright: (c) Massimo Ciani 2009 |
| # |
| #------------------------------------------------------------------------------- |
| # Modified for scapy's usage |
| |
| ## This file is part of Scapy |
| ## See http://www.secdev.org/projects/scapy for more informations |
| ## This program is published under a GPLv2 license |
| |
| from ctypes import * |
| from ctypes.util import find_library |
| import sys, os |
| from scapy.consts import WINDOWS |
| |
| HAVE_REMOTE=False |
| |
| if WINDOWS: |
| HAVE_REMOTE=True |
| SOCKET = c_uint |
| npcap_folder = os.environ["WINDIR"] + "\\System32\\Npcap" |
| if os.path.exists(npcap_folder): |
| # Try to load npcap |
| os.environ['PATH'] = npcap_folder + ";" + os.environ['PATH'] |
| del npcap_folder |
| _lib=CDLL("wpcap.dll") |
| else: |
| SOCKET = c_int |
| _lib_name = find_library("pcap") |
| if not _lib_name: |
| raise OSError("Cannot fine libpcap.so library") |
| _lib=CDLL(_lib_name) |
| |
| |
| ## |
| ## misc |
| ## |
| u_short = c_ushort |
| bpf_int32 = c_int |
| u_int = c_int |
| bpf_u_int32 = u_int |
| pcap = c_void_p |
| pcap_dumper = c_void_p |
| u_char = c_ubyte |
| FILE = c_void_p |
| STRING = c_char_p |
| |
| class bpf_insn(Structure): |
| _fields_=[("code",c_ushort), |
| ("jt",c_ubyte), |
| ("jf",c_ubyte), |
| ("k",bpf_u_int32)] |
| |
| class bpf_program(Structure): |
| pass |
| bpf_program._fields_ = [('bf_len', u_int), |
| ('bf_insns', POINTER(bpf_insn))] |
| |
| class bpf_version(Structure): |
| _fields_=[("bv_major",c_ushort), |
| ("bv_minor",c_ushort)] |
| |
| |
| class timeval(Structure): |
| pass |
| timeval._fields_ = [('tv_sec', c_long), |
| ('tv_usec', c_long)] |
| |
| ## sockaddr is used by pcap_addr. |
| ## For example if sa_family==socket.AF_INET then we need cast |
| ## with sockaddr_in |
| if WINDOWS: |
| class sockaddr(Structure): |
| _fields_ = [("sa_family", c_ushort), |
| ("sa_data",c_ubyte * 14)] |
| |
| class sockaddr_in(Structure): |
| _fields_ = [("sin_family", c_ushort), |
| ("sin_port", c_uint16), |
| ("sin_addr", 4 * c_ubyte)] |
| |
| class sockaddr_in6(Structure): |
| _fields_ = [("sin6_family", c_ushort), |
| ("sin6_port", c_uint16), |
| ("sin6_flowinfo", c_uint32), |
| ("sin6_addr", 16 * c_ubyte), |
| ("sin6_scope", c_uint32)] |
| else: |
| class sockaddr(Structure): |
| _fields_ = [("sa_len", c_ubyte), |
| ("sa_family",c_ubyte), |
| ("sa_data",c_ubyte * 14)] |
| |
| class sockaddr_in(Structure): |
| _fields_ = [("sin_len", c_ubyte), |
| ("sin_family", c_ubyte), |
| ("sin_port", c_uint16), |
| ("sin_addr", 4 * c_ubyte), |
| ("sin_zero", 8 * c_char)] |
| |
| class sockaddr_in6(Structure): |
| _fields_ = [("sin6_len", c_ubyte), |
| ("sin6_family", c_ubyte), |
| ("sin6_port", c_uint16), |
| ("sin6_flowinfo", c_uint32), |
| ("sin6_addr", 16 * c_ubyte), |
| ("sin6_scope", c_uint32)] |
| |
| class sockaddr_dl(Structure): |
| _fields_ = [("sdl_len", c_ubyte), |
| ("sdl_family", c_ubyte), |
| ("sdl_index", c_ushort), |
| ("sdl_type", c_ubyte), |
| ("sdl_nlen", c_ubyte), |
| ("sdl_alen", c_ubyte), |
| ("sdl_slen", c_ubyte), |
| ("sdl_data", 46 * c_ubyte)] |
| ## |
| ## END misc |
| ## |
| |
| ## |
| ## Data Structures |
| ## |
| |
| ## struct pcap_file_header |
| ## Header of a libpcap dump file. |
| class pcap_file_header(Structure): |
| _fields_ = [('magic', bpf_u_int32), |
| ('version_major', u_short), |
| ('version_minor', u_short), |
| ('thiszone', bpf_int32), |
| ('sigfigs', bpf_u_int32), |
| ('snaplen', bpf_u_int32), |
| ('linktype', bpf_u_int32)] |
| |
| ## struct pcap_pkthdr |
| ## Header of a packet in the dump file. |
| class pcap_pkthdr(Structure): |
| _fields_ = [('ts', timeval), |
| ('caplen', bpf_u_int32), |
| ('len', bpf_u_int32)] |
| |
| ## struct pcap_stat |
| ## Structure that keeps statistical values on an interface. |
| class pcap_stat(Structure): |
| pass |
| ### _fields_ list in Structure is final. |
| ### We need a temp list |
| _tmpList = [("ps_recv", c_uint), ("ps_drop", c_uint), ("ps_ifdrop", c_uint)] |
| if HAVE_REMOTE: |
| _tmpList.append(("ps_capt",c_uint)) |
| _tmpList.append(("ps_sent",c_uint)) |
| _tmpList.append(("ps_netdrop",c_uint)) |
| pcap_stat._fields_=_tmpList |
| |
| ## struct pcap_addr |
| ## Representation of an interface address, used by pcap_findalldevs(). |
| class pcap_addr(Structure): |
| pass |
| pcap_addr._fields_ = [('next', POINTER(pcap_addr)), |
| ('addr', POINTER(sockaddr)), |
| ('netmask', POINTER(sockaddr)), |
| ('broadaddr', POINTER(sockaddr)), |
| ('dstaddr', POINTER(sockaddr))] |
| |
| ## struct pcap_if |
| ## Item in a list of interfaces, used by pcap_findalldevs(). |
| class pcap_if(Structure): |
| pass |
| pcap_if._fields_ = [('next', POINTER(pcap_if)), |
| ('name', STRING), |
| ('description', STRING), |
| ('addresses', POINTER(pcap_addr)), |
| ('flags', bpf_u_int32)] |
| |
| ## |
| ## END Data Structures |
| ## |
| |
| ## |
| ## Defines |
| ## |
| |
| ##define PCAP_VERSION_MAJOR 2 |
| # Major libpcap dump file version. |
| PCAP_VERSION_MAJOR = 2 |
| ##define PCAP_VERSION_MINOR 4 |
| # Minor libpcap dump file version. |
| PCAP_VERSION_MINOR = 4 |
| ##define PCAP_ERRBUF_SIZE 256 |
| # Size to use when allocating the buffer that contains the libpcap errors. |
| PCAP_ERRBUF_SIZE = 256 |
| ##define PCAP_IF_LOOPBACK 0x00000001 |
| # interface is loopback |
| PCAP_IF_LOOPBACK = 1 |
| ##define MODE_CAPT 0 |
| # Capture mode, to be used when calling pcap_setmode(). |
| MODE_CAPT = 0 |
| ##define MODE_STAT 1 |
| # Statistical mode, to be used when calling pcap_setmode(). |
| MODE_STAT = 1 |
| |
| ## |
| ## END Defines |
| ## |
| |
| ## |
| ## Typedefs |
| ## |
| |
| #typedef int bpf_int32 (already defined) |
| # 32-bit integer |
| #typedef u_int bpf_u_int32 (already defined) |
| # 32-bit unsigned integer |
| #typedef struct pcap pcap_t |
| # Descriptor of an open capture instance. This structure is opaque to the user, that handles its content through the functions provided by wpcap.dll. |
| pcap_t = pcap |
| #typedef struct pcap_dumper pcap_dumper_t |
| # libpcap savefile descriptor. |
| pcap_dumper_t = pcap_dumper |
| #typedef struct pcap_if pcap_if_t |
| # Item in a list of interfaces, see pcap_if. |
| pcap_if_t = pcap_if |
| #typedef struct pcap_addr pcap_addr_t |
| # Representation of an interface address, see pcap_addr. |
| pcap_addr_t = pcap_addr |
| |
| ## |
| ## END Typedefs |
| ## |
| |
| |
| |
| |
| |
| # values for enumeration 'pcap_direction_t' |
| #pcap_direction_t = c_int # enum |
| |
| ## |
| ## Unix-compatible Functions |
| ## These functions are part of the libpcap library, and therefore work both on Windows and on Linux. |
| ## |
| |
| #typedef void(* pcap_handler )(u_char *user, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data) |
| # Prototype of the callback function that receives the packets. |
| ## This one is defined from programmer |
| pcap_handler=CFUNCTYPE(None,POINTER(c_ubyte),POINTER(pcap_pkthdr),POINTER(c_ubyte)) |
| |
| #pcap_t * pcap_open_live (const char *device, int snaplen, int promisc, int to_ms, char *ebuf) |
| # Open a live capture from the network. |
| pcap_open_live = _lib.pcap_open_live |
| pcap_open_live.restype = POINTER(pcap_t) |
| pcap_open_live.argtypes = [STRING, c_int, c_int, c_int, STRING] |
| |
| #pcap_t * pcap_open_dead (int linktype, int snaplen) |
| # Create a pcap_t structure without starting a capture. |
| pcap_open_dead = _lib.pcap_open_dead |
| pcap_open_dead.restype = POINTER(pcap_t) |
| pcap_open_dead.argtypes = [c_int, c_int] |
| |
| #pcap_t * pcap_open_offline (const char *fname, char *errbuf) |
| # Open a savefile in the tcpdump/libpcap format to read packets. |
| pcap_open_offline = _lib.pcap_open_offline |
| pcap_open_offline.restype = POINTER(pcap_t) |
| pcap_open_offline.argtypes = [STRING, STRING] |
| |
| #pcap_dumper_t * pcap_dump_open (pcap_t *p, const char *fname) |
| # Open a file to write packets. |
| pcap_dump_open = _lib.pcap_dump_open |
| pcap_dump_open.restype = POINTER(pcap_dumper_t) |
| pcap_dump_open.argtypes = [POINTER(pcap_t), STRING] |
| |
| #int pcap_setnonblock (pcap_t *p, int nonblock, char *errbuf) |
| # Switch between blocking and nonblocking mode. |
| pcap_setnonblock = _lib.pcap_setnonblock |
| pcap_setnonblock.restype = c_int |
| pcap_setnonblock.argtypes = [POINTER(pcap_t), c_int, STRING] |
| |
| #int pcap_getnonblock (pcap_t *p, char *errbuf) |
| # Get the "non-blocking" state of an interface. |
| pcap_getnonblock = _lib.pcap_getnonblock |
| pcap_getnonblock.restype = c_int |
| pcap_getnonblock.argtypes = [POINTER(pcap_t), STRING] |
| |
| #int pcap_findalldevs (pcap_if_t **alldevsp, char *errbuf) |
| # Construct a list of network devices that can be opened with pcap_open_live(). |
| pcap_findalldevs = _lib.pcap_findalldevs |
| pcap_findalldevs.restype = c_int |
| pcap_findalldevs.argtypes = [POINTER(POINTER(pcap_if_t)), STRING] |
| |
| #void pcap_freealldevs (pcap_if_t *alldevsp) |
| # Free an interface list returned by pcap_findalldevs(). |
| pcap_freealldevs = _lib.pcap_freealldevs |
| pcap_freealldevs.restype = None |
| pcap_freealldevs.argtypes = [POINTER(pcap_if_t)] |
| |
| #char * pcap_lookupdev (char *errbuf) |
| # Return the first valid device in the system. |
| pcap_lookupdev = _lib.pcap_lookupdev |
| pcap_lookupdev.restype = STRING |
| pcap_lookupdev.argtypes = [STRING] |
| |
| #int pcap_lookupnet (const char *device, bpf_u_int32 *netp, bpf_u_int32 *maskp, char *errbuf) |
| # Return the subnet and netmask of an interface. |
| pcap_lookupnet = _lib.pcap_lookupnet |
| pcap_lookupnet.restype = c_int |
| pcap_lookupnet.argtypes = [STRING, POINTER(bpf_u_int32), POINTER(bpf_u_int32), STRING] |
| |
| #int pcap_dispatch (pcap_t *p, int cnt, pcap_handler callback, u_char *user) |
| # Collect a group of packets. |
| pcap_dispatch = _lib.pcap_dispatch |
| pcap_dispatch.restype = c_int |
| pcap_dispatch.argtypes = [POINTER(pcap_t), c_int, pcap_handler, POINTER(u_char)] |
| |
| #int pcap_loop (pcap_t *p, int cnt, pcap_handler callback, u_char *user) |
| # Collect a group of packets. |
| pcap_loop = _lib.pcap_loop |
| pcap_loop.restype = c_int |
| pcap_loop.argtypes = [POINTER(pcap_t), c_int, pcap_handler, POINTER(u_char)] |
| |
| #u_char * pcap_next (pcap_t *p, struct pcap_pkthdr *h) |
| # Return the next available packet. |
| pcap_next = _lib.pcap_next |
| pcap_next.restype = POINTER(u_char) |
| pcap_next.argtypes = [POINTER(pcap_t), POINTER(pcap_pkthdr)] |
| |
| #int pcap_next_ex (pcap_t *p, struct pcap_pkthdr **pkt_header, const u_char **pkt_data) |
| # Read a packet from an interface or from an offline capture. |
| pcap_next_ex = _lib.pcap_next_ex |
| pcap_next_ex.restype = c_int |
| pcap_next_ex.argtypes = [POINTER(pcap_t), POINTER(POINTER(pcap_pkthdr)), POINTER(POINTER(u_char))] |
| |
| #void pcap_breakloop (pcap_t *) |
| # set a flag that will force pcap_dispatch() or pcap_loop() to return rather than looping. |
| pcap_breakloop = _lib.pcap_breakloop |
| pcap_breakloop.restype = None |
| pcap_breakloop.argtypes = [POINTER(pcap_t)] |
| |
| #int pcap_sendpacket (pcap_t *p, u_char *buf, int size) |
| # Send a raw packet. |
| pcap_sendpacket = _lib.pcap_sendpacket |
| pcap_sendpacket.restype = c_int |
| #pcap_sendpacket.argtypes = [POINTER(pcap_t), POINTER(u_char), c_int] |
| pcap_sendpacket.argtypes = [POINTER(pcap_t), c_void_p, c_int] |
| |
| #void pcap_dump (u_char *user, const struct pcap_pkthdr *h, const u_char *sp) |
| # Save a packet to disk. |
| pcap_dump = _lib.pcap_dump |
| pcap_dump.restype = None |
| pcap_dump.argtypes = [POINTER(pcap_dumper_t), POINTER(pcap_pkthdr), POINTER(u_char)] |
| |
| #long pcap_dump_ftell (pcap_dumper_t *) |
| # Return the file position for a "savefile". |
| pcap_dump_ftell = _lib.pcap_dump_ftell |
| pcap_dump_ftell.restype = c_long |
| pcap_dump_ftell.argtypes = [POINTER(pcap_dumper_t)] |
| |
| #int pcap_compile (pcap_t *p, struct bpf_program *fp, char *str, int optimize, bpf_u_int32 netmask) |
| # Compile a packet filter, converting an high level filtering expression (see Filtering expression syntax) in a program that can be interpreted by the kernel-level filtering engine. |
| pcap_compile = _lib.pcap_compile |
| pcap_compile.restype = c_int |
| pcap_compile.argtypes = [POINTER(pcap_t), POINTER(bpf_program), STRING, c_int, bpf_u_int32] |
| |
| #int pcap_compile_nopcap (int snaplen_arg, int linktype_arg, struct bpf_program *program, char *buf, int optimize, bpf_u_int32 mask) |
| # Compile a packet filter without the need of opening an adapter. This function converts an high level filtering expression (see Filtering expression syntax) in a program that can be interpreted by the kernel-level filtering engine. |
| pcap_compile_nopcap = _lib.pcap_compile_nopcap |
| pcap_compile_nopcap.restype = c_int |
| pcap_compile_nopcap.argtypes = [c_int, c_int, POINTER(bpf_program), STRING, c_int, bpf_u_int32] |
| |
| #int pcap_setfilter (pcap_t *p, struct bpf_program *fp) |
| # Associate a filter to a capture. |
| pcap_setfilter = _lib.pcap_setfilter |
| pcap_setfilter.restype = c_int |
| pcap_setfilter.argtypes = [POINTER(pcap_t), POINTER(bpf_program)] |
| |
| #void pcap_freecode (struct bpf_program *fp) |
| # Free a filter. |
| pcap_freecode = _lib.pcap_freecode |
| pcap_freecode.restype = None |
| pcap_freecode.argtypes = [POINTER(bpf_program)] |
| |
| #int pcap_datalink (pcap_t *p) |
| # Return the link layer of an adapter. |
| pcap_datalink = _lib.pcap_datalink |
| pcap_datalink.restype = c_int |
| pcap_datalink.argtypes = [POINTER(pcap_t)] |
| |
| #int pcap_list_datalinks (pcap_t *p, int **dlt_buf) |
| # list datalinks |
| pcap_list_datalinks = _lib.pcap_list_datalinks |
| pcap_list_datalinks.restype = c_int |
| #pcap_list_datalinks.argtypes = [POINTER(pcap_t), POINTER(POINTER(c_int))] |
| |
| #int pcap_set_datalink (pcap_t *p, int dlt) |
| # Set the current data link type of the pcap descriptor to the type specified by dlt. -1 is returned on failure. |
| pcap_set_datalink = _lib.pcap_set_datalink |
| pcap_set_datalink.restype = c_int |
| pcap_set_datalink.argtypes = [POINTER(pcap_t), c_int] |
| |
| #int pcap_datalink_name_to_val (const char *name) |
| # Translates a data link type name, which is a DLT_ name with the DLT_ removed, to the corresponding data link type value. The translation is case-insensitive. -1 is returned on failure. |
| pcap_datalink_name_to_val = _lib.pcap_datalink_name_to_val |
| pcap_datalink_name_to_val.restype = c_int |
| pcap_datalink_name_to_val.argtypes = [STRING] |
| |
| #const char * pcap_datalink_val_to_name (int dlt) |
| # Translates a data link type value to the corresponding data link type name. NULL is returned on failure. |
| pcap_datalink_val_to_name = _lib.pcap_datalink_val_to_name |
| pcap_datalink_val_to_name.restype = STRING |
| pcap_datalink_val_to_name.argtypes = [c_int] |
| |
| #const char * pcap_datalink_val_to_description (int dlt) |
| # Translates a data link type value to a short description of that data link type. NULL is returned on failure. |
| pcap_datalink_val_to_description = _lib.pcap_datalink_val_to_description |
| pcap_datalink_val_to_description.restype = STRING |
| pcap_datalink_val_to_description.argtypes = [c_int] |
| |
| #int pcap_snapshot (pcap_t *p) |
| # Return the dimension of the packet portion (in bytes) that is delivered to the application. |
| pcap_snapshot = _lib.pcap_snapshot |
| pcap_snapshot.restype = c_int |
| pcap_snapshot.argtypes = [POINTER(pcap_t)] |
| |
| #int pcap_is_swapped (pcap_t *p) |
| # returns true if the current savefile uses a different byte order than the current system. |
| pcap_is_swapped = _lib.pcap_is_swapped |
| pcap_is_swapped.restype = c_int |
| pcap_is_swapped.argtypes = [POINTER(pcap_t)] |
| |
| #int pcap_major_version (pcap_t *p) |
| # return the major version number of the pcap library used to write the savefile. |
| pcap_major_version = _lib.pcap_major_version |
| pcap_major_version.restype = c_int |
| pcap_major_version.argtypes = [POINTER(pcap_t)] |
| |
| #int pcap_minor_version (pcap_t *p) |
| # return the minor version number of the pcap library used to write the savefile. |
| pcap_minor_version = _lib.pcap_minor_version |
| pcap_minor_version.restype = c_int |
| pcap_minor_version.argtypes = [POINTER(pcap_t)] |
| |
| #FILE * pcap_file (pcap_t *p) |
| # Return the standard stream of an offline capture. |
| pcap_file=_lib.pcap_file |
| pcap_file.restype = FILE |
| pcap_file.argtypes = [POINTER(pcap_t)] |
| |
| #int pcap_stats (pcap_t *p, struct pcap_stat *ps) |
| # Return statistics on current capture. |
| pcap_stats = _lib.pcap_stats |
| pcap_stats.restype = c_int |
| pcap_stats.argtypes = [POINTER(pcap_t), POINTER(pcap_stat)] |
| |
| #void pcap_perror (pcap_t *p, char *prefix) |
| # print the text of the last pcap library error on stderr, prefixed by prefix. |
| pcap_perror = _lib.pcap_perror |
| pcap_perror.restype = None |
| pcap_perror.argtypes = [POINTER(pcap_t), STRING] |
| |
| #char * pcap_geterr (pcap_t *p) |
| # return the error text pertaining to the last pcap library error. |
| pcap_geterr = _lib.pcap_geterr |
| pcap_geterr.restype = STRING |
| pcap_geterr.argtypes = [POINTER(pcap_t)] |
| |
| #char * pcap_strerror (int error) |
| # Provided in case strerror() isn't available. |
| pcap_strerror = _lib.pcap_strerror |
| pcap_strerror.restype = STRING |
| pcap_strerror.argtypes = [c_int] |
| |
| #const char * pcap_lib_version (void) |
| # Returns a pointer to a string giving information about the version of the libpcap library being used; note that it contains more information than just a version number. |
| pcap_lib_version = _lib.pcap_lib_version |
| pcap_lib_version.restype = STRING |
| pcap_lib_version.argtypes = [] |
| |
| #void pcap_close (pcap_t *p) |
| # close the files associated with p and deallocates resources. |
| pcap_close = _lib.pcap_close |
| pcap_close.restype = None |
| pcap_close.argtypes = [POINTER(pcap_t)] |
| |
| #FILE * pcap_dump_file (pcap_dumper_t *p) |
| # return the standard I/O stream of the 'savefile' opened by pcap_dump_open(). |
| pcap_dump_file=_lib.pcap_dump_file |
| pcap_dump_file.restype=FILE |
| pcap_dump_file.argtypes= [POINTER(pcap_dumper_t)] |
| |
| #int pcap_dump_flush (pcap_dumper_t *p) |
| # Flushes the output buffer to the ``savefile,'' so that any packets written with pcap_dump() but not yet written to the ``savefile'' will be written. -1 is returned on error, 0 on success. |
| pcap_dump_flush = _lib.pcap_dump_flush |
| pcap_dump_flush.restype = c_int |
| pcap_dump_flush.argtypes = [POINTER(pcap_dumper_t)] |
| |
| #void pcap_dump_close (pcap_dumper_t *p) |
| # Closes a savefile. |
| pcap_dump_close = _lib.pcap_dump_close |
| pcap_dump_close.restype = None |
| pcap_dump_close.argtypes = [POINTER(pcap_dumper_t)] |
| |
| if not WINDOWS: |
| #int pcap_get_selectable_fd(pcap_t, *p) |
| # Returns, on UNIX, a file descriptor number for a file descriptor on which one can do a select(), poll(). -1 is returned if no such descriptor exists. |
| pcap_get_selectable_fd = _lib.pcap_get_selectable_fd |
| pcap_get_selectable_fd.restype = c_int |
| pcap_get_selectable_fd.argtypes = [POINTER(pcap_t)] |
| |
| ########################################### |
| ## Windows-specific Extensions |
| ## The functions in this section extend libpcap to offer advanced functionalities |
| ## (like remote packet capture, packet buffer size variation or high-precision packet injection). |
| ## Howerver, at the moment they can be used only in Windows. |
| ########################################### |
| if WINDOWS: |
| HANDLE = c_void_p |
| |
| ############## |
| ## Identifiers related to the new source syntax |
| ############## |
| #define PCAP_SRC_FILE 2 |
| #define PCAP_SRC_IFLOCAL 3 |
| #define PCAP_SRC_IFREMOTE 4 |
| #Internal representation of the type of source in use (file, remote/local interface). |
| PCAP_SRC_FILE = 2 |
| PCAP_SRC_IFLOCAL = 3 |
| PCAP_SRC_IFREMOTE = 4 |
| |
| ############## |
| ## Strings related to the new source syntax |
| ############## |
| #define PCAP_SRC_FILE_STRING "file://" |
| #define PCAP_SRC_IF_STRING "rpcap://" |
| #String that will be used to determine the type of source in use (file, remote/local interface). |
| PCAP_SRC_FILE_STRING="file://" |
| PCAP_SRC_IF_STRING="rpcap://" |
| |
| ############## |
| ## Flags defined in the pcap_open() function |
| ############## |
| # define PCAP_OPENFLAG_PROMISCUOUS 1 |
| # Defines if the adapter has to go in promiscuous mode. |
| PCAP_OPENFLAG_PROMISCUOUS=1 |
| # define PCAP_OPENFLAG_DATATX_UDP 2 |
| # Defines if the data transfer (in case of a remote capture) has to be done with UDP protocol. |
| PCAP_OPENFLAG_DATATX_UDP=2 |
| # define PCAP_OPENFLAG_NOCAPTURE_RPCAP 4 |
| PCAP_OPENFLAG_NOCAPTURE_RPCAP=4 |
| # Defines if the remote probe will capture its own generated traffic. |
| # define PCAP_OPENFLAG_NOCAPTURE_LOCAL 8 |
| PCAP_OPENFLAG_NOCAPTURE_LOCAL = 8 |
| # define PCAP_OPENFLAG_MAX_RESPONSIVENESS 16 |
| # This flag configures the adapter for maximum responsiveness. |
| PCAP_OPENFLAG_MAX_RESPONSIVENESS=16 |
| |
| ############## |
| ## Sampling methods defined in the pcap_setsampling() function |
| ############## |
| # define PCAP_SAMP_NOSAMP 0 |
| # No sampling has to be done on the current capture. |
| PCAP_SAMP_NOSAMP=0 |
| # define PCAP_SAMP_1_EVERY_N 1 |
| # It defines that only 1 out of N packets must be returned to the user. |
| PCAP_SAMP_1_EVERY_N=1 |
| #define PCAP_SAMP_FIRST_AFTER_N_MS 2 |
| # It defines that we have to return 1 packet every N milliseconds. |
| PCAP_SAMP_FIRST_AFTER_N_MS=2 |
| |
| ############## |
| ## Authentication methods supported by the RPCAP protocol |
| ############## |
| # define RPCAP_RMTAUTH_NULL 0 |
| # It defines the NULL authentication. |
| RPCAP_RMTAUTH_NULL=0 |
| # define RPCAP_RMTAUTH_PWD 1 |
| # It defines the username/password authentication. |
| RPCAP_RMTAUTH_PWD=1 |
| |
| |
| ############## |
| ## Remote struct and defines |
| ############## |
| # define PCAP_BUF_SIZE 1024 |
| # Defines the maximum buffer size in which address, port, interface names are kept. |
| PCAP_BUF_SIZE = 1024 |
| # define RPCAP_HOSTLIST_SIZE 1024 |
| # Maximum length of an host name (needed for the RPCAP active mode). |
| RPCAP_HOSTLIST_SIZE = 1024 |
| |
| class pcap_send_queue(Structure): |
| _fields_=[("maxlen",c_uint), |
| ("len",c_uint), |
| ("buffer",c_char_p)] |
| |
| ## struct pcap_rmtauth |
| ## This structure keeps the information needed to autheticate the user on a remote machine |
| class pcap_rmtauth(Structure): |
| _fields_=[("type",c_int), |
| ("username",c_char_p), |
| ("password",c_char_p)] |
| |
| ## struct pcap_samp |
| ## This structure defines the information related to sampling |
| class pcap_samp(Structure): |
| _fields_=[("method",c_int), |
| ("value",c_int)] |
| |
| #PAirpcapHandle pcap_get_airpcap_handle (pcap_t *p) |
| # Returns the AirPcap handler associated with an adapter. This handler can be used to change the wireless-related settings of the CACE Technologies AirPcap wireless capture adapters. |
| |
| #bool pcap_offline_filter (struct bpf_program *prog, const struct pcap_pkthdr *header, const u_char *pkt_data) |
| # Returns if a given filter applies to an offline packet. |
| pcap_offline_filter = _lib.pcap_offline_filter |
| pcap_offline_filter.restype = c_bool |
| pcap_offline_filter.argtypes = [POINTER(bpf_program),POINTER(pcap_pkthdr),POINTER(u_char)] |
| |
| #int pcap_live_dump (pcap_t *p, char *filename, int maxsize, int maxpacks) |
| # Save a capture to file. |
| pcap_live_dump = _lib.pcap_live_dump |
| pcap_live_dump.restype = c_int |
| pcap_live_dump.argtypes = [POINTER(pcap_t), POINTER(c_char), c_int,c_int] |
| |
| #int pcap_live_dump_ended (pcap_t *p, int sync) |
| # Return the status of the kernel dump process, i.e. tells if one of the limits defined with pcap_live_dump() has been reached. |
| pcap_live_dump_ended = _lib.pcap_live_dump_ended |
| pcap_live_dump_ended.restype = c_int |
| pcap_live_dump_ended.argtypes = [POINTER(pcap_t), c_int] |
| |
| #struct pcap_stat * pcap_stats_ex (pcap_t *p, int *pcap_stat_size) |
| # Return statistics on current capture. |
| pcap_stats_ex = _lib.pcap_stats_ex |
| pcap_stats_ex.restype = POINTER(pcap_stat) |
| pcap_stats_ex.argtypes = [POINTER(pcap_t), POINTER(c_int)] |
| |
| #int pcap_setbuff (pcap_t *p, int dim) |
| # Set the size of the kernel buffer associated with an adapter. |
| pcap_setbuff = _lib.pcap_setbuff |
| pcap_setbuff.restype = c_int |
| pcap_setbuff.argtypes = [POINTER(pcap_t), c_int] |
| |
| #int pcap_setmode (pcap_t *p, int mode) |
| # Set the working mode of the interface p to mode. |
| pcap_setmode = _lib.pcap_setmode |
| pcap_setmode.restype = c_int |
| pcap_setmode.argtypes = [POINTER(pcap_t), c_int] |
| |
| #int pcap_setmintocopy (pcap_t *p, int size) |
| # Set the minumum amount of data received by the kernel in a single call. |
| pcap_setmintocopy = _lib.pcap_setmintocopy |
| pcap_setmintocopy.restype = c_int |
| pcap_setmintocopy.argtype = [POINTER(pcap_t), c_int] |
| |
| #HANDLE pcap_getevent (pcap_t *p) |
| # Return the handle of the event associated with the interface p. |
| pcap_getevent = _lib.pcap_getevent |
| pcap_getevent.restype = HANDLE |
| pcap_getevent.argtypes = [POINTER(pcap_t)] |
| |
| #pcap_send_queue * pcap_sendqueue_alloc (u_int memsize) |
| # Allocate a send queue. |
| pcap_sendqueue_alloc = _lib.pcap_sendqueue_alloc |
| pcap_sendqueue_alloc.restype = POINTER(pcap_send_queue) |
| pcap_sendqueue_alloc.argtypes = [c_uint] |
| |
| #void pcap_sendqueue_destroy (pcap_send_queue *queue) |
| # Destroy a send queue. |
| pcap_sendqueue_destroy = _lib.pcap_sendqueue_destroy |
| pcap_sendqueue_destroy.restype = None |
| pcap_sendqueue_destroy.argtypes = [POINTER(pcap_send_queue)] |
| |
| #int pcap_sendqueue_queue (pcap_send_queue *queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data) |
| # Add a packet to a send queue. |
| pcap_sendqueue_queue = _lib.pcap_sendqueue_queue |
| pcap_sendqueue_queue.restype = c_int |
| pcap_sendqueue_queue.argtypes = [POINTER(pcap_send_queue), POINTER(pcap_pkthdr), POINTER(u_char)] |
| |
| #u_int pcap_sendqueue_transmit (pcap_t *p, pcap_send_queue *queue, int sync) |
| # Send a queue of raw packets to the network. |
| pcap_sendqueue_transmit = _lib.pcap_sendqueue_transmit |
| pcap_sendqueue_transmit.retype = u_int |
| pcap_sendqueue_transmit.argtypes = [POINTER(pcap_t), POINTER(pcap_send_queue), c_int] |
| |
| #int pcap_findalldevs_ex (char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf) |
| # Create a list of network devices that can be opened with pcap_open(). |
| pcap_findalldevs_ex = _lib.pcap_findalldevs_ex |
| pcap_findalldevs_ex.retype = c_int |
| pcap_findalldevs_ex.argtypes = [STRING, POINTER(pcap_rmtauth), POINTER(POINTER(pcap_if_t)), STRING] |
| |
| #int pcap_createsrcstr (char *source, int type, const char *host, const char *port, const char *name, char *errbuf) |
| # Accept a set of strings (host name, port, ...), and it returns the complete source string according to the new format (e.g. 'rpcap://1.2.3.4/eth0'). |
| pcap_createsrcstr = _lib.pcap_createsrcstr |
| pcap_createsrcstr.restype = c_int |
| pcap_createsrcstr.argtypes = [STRING, c_int, STRING, STRING, STRING, STRING] |
| |
| #int pcap_parsesrcstr (const char *source, int *type, char *host, char *port, char *name, char *errbuf) |
| # Parse the source string and returns the pieces in which the source can be split. |
| pcap_parsesrcstr = _lib.pcap_parsesrcstr |
| pcap_parsesrcstr.retype = c_int |
| pcap_parsesrcstr.argtypes = [STRING, POINTER(c_int), STRING, STRING, STRING, STRING] |
| |
| #pcap_t * pcap_open (const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf) |
| # Open a generic source in order to capture / send (WinPcap only) traffic. |
| pcap_open = _lib.pcap_open |
| pcap_open.restype = POINTER(pcap_t) |
| pcap_open.argtypes = [STRING, c_int, c_int, c_int, POINTER(pcap_rmtauth), STRING] |
| |
| #struct pcap_samp * pcap_setsampling (pcap_t *p) |
| # Define a sampling method for packet capture. |
| pcap_setsampling = _lib.pcap_setsampling |
| pcap_setsampling.restype = POINTER(pcap_samp) |
| pcap_setsampling.argtypes = [POINTER(pcap_t)] |
| |
| #SOCKET pcap_remoteact_accept (const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf) |
| # Block until a network connection is accepted (active mode only). |
| pcap_remoteact_accept = _lib.pcap_remoteact_accept |
| pcap_remoteact_accept.restype = SOCKET |
| pcap_remoteact_accept.argtypes = [STRING, STRING, STRING, STRING, POINTER(pcap_rmtauth), STRING] |
| |
| #int pcap_remoteact_close (const char *host, char *errbuf) |
| # Drop an active connection (active mode only). |
| pcap_remoteact_close = _lib.pcap_remoteact_close |
| pcap_remoteact_close.restypes = c_int |
| pcap_remoteact_close.argtypes = [STRING, STRING] |
| |
| #void pcap_remoteact_cleanup () |
| # Clean the socket that is currently used in waiting active connections. |
| pcap_remoteact_cleanup = _lib.pcap_remoteact_cleanup |
| pcap_remoteact_cleanup.restypes = None |
| pcap_remoteact_cleanup.argtypes = [] |
| |
| #int pcap_remoteact_list (char *hostlist, char sep, int size, char *errbuf) |
| # Return the hostname of the host that have an active connection with us (active mode only). |
| pcap_remoteact_list = _lib.pcap_remoteact_list |
| pcap_remoteact_list.restype = c_int |
| pcap_remoteact_list.argtypes = [STRING, c_char, c_int, STRING] |