#ifndef PCAPPP_PCAP_REMOTE_DEVICE #define PCAPPP_PCAP_REMOTE_DEVICE #if defined(_WIN32) #include #include "PcapLiveDevice.h" /// @file struct pcap_rmtauth; /** * \namespace pcpp * \brief The main namespace for the PcapPlusPlus lib */ namespace pcpp { /** * @struct PcapRemoteAuthentication * The remote daemon (rpcapd) can be configured to require authentication before allowing a client to connect. This is done for * security reasons of course. This struct wraps the WinPcap/Npcap authentication object (pcap_rmtauth) and can (but not must) be given to * PcapRemoteDeviceList when initiating a connection to the remote daemon */ struct PcapRemoteAuthentication { public: /** * A constructor that sets username and password * @param[in] username The username for authentication with the remote daemon * @param[in] password The password for authentication with the remote daemon */ PcapRemoteAuthentication(const std::string &username, const std::string &password) : userName(username) { this->password = password; } /** * A copy c'tor for this object * @param[in] other The object to copy from */ PcapRemoteAuthentication(const PcapRemoteAuthentication& other) : userName(other.userName), password(other.password) {} /** * The username for authentication */ std::string userName; /** * The password for authentication */ std::string password; /** * A conversion method from PcapRemoteAuthentication to pcap_rmtauth. Note: the char* pointers of the returned pcap_rmtauth points * to the same places in memory as PcapRemoteAuthentication::userName and PcapRemoteAuthentication::password so the user should avoid * freeing this memory * @return A pcap_rmtauth that is converted from this class */ pcap_rmtauth getPcapRmAuth() const; }; /** * @class PcapRemoteDevice * A class that provides a C++ wrapper for WinPcap/Npcap Remote Capture feature. This feature allows to interact to a remote machine and capture * packets that are being transmitted on the remote network interfaces. This requires a remote daemon (called rpcapd) which performs the * capture and sends data back and the local client (represented by PcapRemoteDevice) that sends the appropriate commands and receives the * captured data. You can read more about this feature in WinPcap Remote Capture manual: https://www.winpcap.org/docs/docs_412/html/group__remote.html
* Since this feature is supported in WinPcap and Npcap only and not in libpcap, PcapRemoteDevice can only be used in Windows only.
* This class provides a wrapper for the local client, meaning it assumes the daemon (rpcapd) is already running on the remote machine and it * tries to connect to it and start receiving/sending packets from/to it. This class assumes rpcapd is in passive mode, meaning * PcapRemoteDevice connects to the remote daemon, sends the appropriate commands to it, and starts capturing packets, rather than letting the * daemon connect to the client by itself. Using PcapRemoteDevice is very similar to using the other live devices (PcapLiveDevice or * WinPcapLiveDevice), meaning the API's are the same and the same logic is used (for example: capturing is done on a different thread, * sending packets are done on the same thread, etc.). For the full API and explanations, please refer to PcapLiveDevice. The reason for the * similar API is that WinPcap/Npcap's API is very similar between Remote Capture and local network interface capture. The things that are different * are some are some implementation details, mainly in making the connection to the remote daemon, and the way the user can get the instance * of PcapRemoteDevice. For more details on that please refer to PcapRemoteDeviceList */ class PcapRemoteDevice : public PcapLiveDevice { friend class PcapRemoteDeviceList; private: IPAddress m_RemoteMachineIpAddress; uint16_t m_RemoteMachinePort; PcapRemoteAuthentication* m_RemoteAuthentication; // c'tor is private, as only PcapRemoteDeviceList should create instances of it, and it'll create only one for every remote interface PcapRemoteDevice(pcap_if_t* iface, PcapRemoteAuthentication* remoteAuthentication, const IPAddress& remoteMachineIP, uint16_t remoteMachinePort); // private copy c'tor PcapRemoteDevice( const PcapRemoteDevice& other ); // private assignment operator PcapRemoteDevice& operator=(const PcapRemoteDevice& other); static void* remoteDeviceCaptureThreadMain(void *ptr); //overridden methods ThreadStart getCaptureThreadStart(); public: virtual ~PcapRemoteDevice() {} /** * @return The IP address of the remote machine where packets are transmitted from the remote machine to the client machine */ IPAddress getRemoteMachineIpAddress() const { return m_RemoteMachineIpAddress; } /** * @return The port of the remote machine where packets are transmitted from the remote machine to the client machine */ uint16_t getRemoteMachinePort() const { return m_RemoteMachinePort; } //overridden methods virtual LiveDeviceType getDeviceType() const { return RemoteDevice; } /** * MTU isn't supported for remote devices * @return 0 */ virtual uint32_t getMtu() const; /** * MAC address isn't supported for remote devices * @return MacAddress#Zero */ virtual MacAddress getMacAddress() const; /** * Open the device using pcap_open. Opening the device makes the connection to the remote daemon (including authentication if needed * and provided). If this methods succeeds it means the connection to the remote daemon succeeded and the device is ready for use. * As in PcapLiveDevice, packet capturing won't start yet. For packet capturing the user should call startCapture(). This implies * that calling this method is a must before calling startCapture() (otherwise startCapture() will fail with a "device not open" error). * The remote daemon is asked to capture packets in promiscuous mode * @return True if the device was opened successfully, false otherwise. When opening the device fails an error will be printed to log * as well, including the WinPcap/Npcap error if exists */ virtual bool open(); virtual void getStatistics(IPcapDevice::PcapStats& stats) const; }; } // namespace pcpp #endif // _WIN32 #endif /* PCAPPP_PCAP_REMOTE_DEVICE */