base/bif/pcap.bif.zeek

GLOBAL
Pcap
Namespaces

GLOBAL, Pcap

Summary

Functions

Pcap::error: function

Returns a string representation of the last PCAP error.

Pcap::findalldevs: function

Pcap::get_filter_state: function

Returns the initialization state of a PCAP filter, or OK if the either there’s no active packet source or the pcap filter ID does not exist.

Pcap::get_filter_state_string: function

Returns a string containing any error messages that were reported by filter initialization.

Pcap::install_pcap_filter: function

Installs a PCAP filter that has been precompiled with Pcap::precompile_pcap_filter.

Pcap::precompile_pcap_filter: function

Precompiles a PCAP filter and binds it to a given identifier.

Detailed Interface

Functions

Pcap::error
Type

function () : string

Returns a string representation of the last PCAP error.

Returns

A descriptive error message of the PCAP function that failed.

See also: Pcap::precompile_pcap_filter, Pcap::install_pcap_filter, install_src_addr_filter, install_src_net_filter, uninstall_src_addr_filter, uninstall_src_net_filter, install_dst_addr_filter, install_dst_net_filter, uninstall_dst_addr_filter, uninstall_dst_net_filter

Pcap::findalldevs
Type

function () : Pcap::Interfaces

Pcap::get_filter_state
Type

function (id: PcapFilterID) : Pcap::filter_state

Returns the initialization state of a PCAP filter, or OK if the either there’s no active packet source or the pcap filter ID does not exist.

Parameters

id – The PCAP filter id of a precompiled filter.

Returns

A state value denoting whether any warnings or errors were encountered while initializing the filter.

See also: Pcap::precompile_pcap_filter, Pcap::install_pcap_filter

Pcap::get_filter_state_string
Type

function (id: PcapFilterID) : string

Returns a string containing any error messages that were reported by filter initialization.

Parameters

id – The PCAP filter id of a precompiled filter.

Returns

Warning/error strings from the initialization process, a blank string if none were encountered, or ‘<unknown>’ if either there is no active packet source or the filter ID doesn’t exist.

See also: Pcap::precompile_pcap_filter, Pcap::install_pcap_filter

Pcap::install_pcap_filter
Type

function (id: PcapFilterID) : bool

Installs a PCAP filter that has been precompiled with Pcap::precompile_pcap_filter.

Parameters

id – The PCAP filter id of a precompiled filter.

Returns

True if the filter associated with id has been installed successfully.

See also: Pcap::precompile_pcap_filter, install_src_addr_filter, install_src_net_filter, uninstall_src_addr_filter, uninstall_src_net_filter, install_dst_addr_filter, install_dst_net_filter, uninstall_dst_addr_filter, uninstall_dst_net_filter, Pcap::error

Pcap::precompile_pcap_filter
Type

function (id: PcapFilterID, s: string) : bool

Precompiles a PCAP filter and binds it to a given identifier.

Parameters
  • id – The PCAP identifier to reference the filter s later on.

  • s – The PCAP filter. See man tcpdump for valid expressions.

Returns

True if s is valid and precompiles successfully.

See also: Pcap::install_pcap_filter, install_src_addr_filter, install_src_net_filter, uninstall_src_addr_filter, uninstall_src_net_filter, install_dst_addr_filter, install_dst_net_filter, uninstall_dst_addr_filter, uninstall_dst_net_filter, Pcap::error