Struct file_header_t

Struct Documentation

struct libnokogiri::pcap::file_header_t

pcap file header

This is the header that is at the very beginning of a pcap file. It contains the magic numbers as well as various information related to the contents of the capture.

It’s organized as follows:

 0               1               2               3
 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                        PCAP Magic Number                      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|      Major Version Number     |      Minor Version Number     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                     Timezone GMT Offset                       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                      Time-stamp Accuracy                      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                       Max Packet Length                       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                        Data Link Type                         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  • PCAP Magic Number - The 32-bit unsigned value is used to identify the type of pcap file and its endianness.

  • Major Version Number & Minor Version Number Two unsigned 16-bit values to indicate the version of the pcap

  • Timezone GMT Offset - A signed 32-bit value which describes the timezone offset in seconds from GMT that this capture was taken at. (normally set to 0)

  • Time-stamp Accuracy - An unsigned 32-bit value describing the number of significant figures the timestamps have (normally 0)

  • Max Packet Length - An unsigned 32-bit value that represents the maximum number of octets saved per packet in this file. Packets larger than this value will be truncated.

  • Data Link Type - Am unsigned 32-bit value describing the link layer. See libnokogiri::link_type_t for possible values.

The most recent version for pcap is 2.4.

Public Functions

constexpr file_header_t() noexcept
constexpr file_header_t(pcap_variant_t variant, version_t version, std::int32_t tz_offset, std::uint32_t ts_figs, std::uint32_t pcklen, link_type_t network) noexcept
file_header_t(const file_header_t&) = delete
file_header_t &operator=(const file_header_t&) = delete
file_header_t(file_header_t&&) = default
file_header_t &operator=(file_header_t&&) = default
pcap_variant_t variant() const noexcept

Retrieve the type of pcap file this is. This is also the magic number for the file

void variant(const pcap_variant_t variant) noexcept

Set the type of pcap file this is. This is also the magic number for the file

version_t version() const noexcept

Retrieve the pcap file version.

void version(const version_t version) noexcept

Set the pcap file version.

std::int32_t timezone_offset() const noexcept

Retrieve the offset for the timezone in seconds relative to GMT.

void timezone_offset(const std::int32_t tz_offset) noexcept

Set the offset for the timezone in seconds relative to GMT.

std::uint32_t timestamp_accuracy() const noexcept

Retrieve the accuracy of the timestamps

void timestamp_accuracy(const std::uint32_t ts_accuracy) noexcept

Set the accuracy of the timestamps

std::uint32_t max_packet_length() const noexcept

Retrieve the maximum length a packet can be in this pcap file.

void max_packet_length(const std::uint32_t length) noexcept

Set the maximum length a packet can be in this pcap file.

link_type_t link_type() const noexcept

Retrieve the link type for the packets that this pcap file contain.

void link_type(const link_type_t type) noexcept

Set the link type for the packets that this pcap file contain.