(bytes-seq->pcap! packets
{:keys [out linktype snaplen]
:or {linktype DLT_EN10MB snaplen 65536}})Write a sequence of packet bytes to a PCAP file.
packets: sequence of byte-array or
{:bytes <ba> :sec <long> :usec <long>}
opts: {:out "out.pcap" :linktype DLT_* :snaplen 65536}
Write a sequence of packet bytes to a PCAP file.
packets: sequence of `byte-array` or
`{:bytes <ba> :sec <long> :usec <long>}`
opts: {:out "out.pcap" :linktype DLT_* :snaplen 65536}(capture->pcap {:keys [device filter max snaplen promiscuous? timeout-ms
max-time-ms idle-max-ms]
:or {max 100
snaplen 65536
promiscuous? true
timeout-ms 10
max-time-ms 10000
idle-max-ms 3000}}
out)Capture live packets and save them to out.pcap. opts: {:device "en0" :filter "tcp port 80" ; optional :max 100 ; stop when captured count reaches this value :snaplen 65536 :promiscuous? true :timeout-ms 10 ; pcap_next_ex timeout :max-time-ms 10000 ; wall-clock max duration (ms) :idle-max-ms 3000} ; continuous idle max (ms)
Capture live packets and save them to out.pcap.
opts:
{:device "en0"
:filter "tcp port 80" ; optional
:max 100 ; stop when captured count reaches this value
:snaplen 65536
:promiscuous? true
:timeout-ms 10 ; pcap_next_ex timeout
:max-time-ms 10000 ; wall-clock max duration (ms)
:idle-max-ms 3000} ; continuous idle max (ms)(capture->seq
{:keys [device path filter snaplen promiscuous? timeout-ms max max-time-ms
idle-max-ms queue-cap on-error error-mode stop?]
:or {snaplen 65536 promiscuous? true timeout-ms 10 error-mode :throw}})High-level API that returns packets as a lazy sequence. opts:
Returns a lazy seq of packet maps.
High-level API that returns packets as a lazy sequence.
opts:
- live: {:device "en1" :filter "tcp" :snaplen 65536 :promiscuous? true :timeout-ms 10}
- offline: {:path "sample.pcap" :filter "..."}
- shared stop conditions (safe defaults when omitted):
:max <int> ; max packet count (default 100)
:max-time-ms <int> ; max elapsed time (default 10000)
:idle-max-ms <int> ; max continuous idle time (default 3000)
- internal queue:
:queue-cap <int> ; producer -> consumer buffer (default 1024)
- error handling:
:on-error (fn [throwable]) ; optional callback on background thread errors
:error-mode :throw|:pass ; default :throw, :pass skips background errors
- stop hook:
:stop? (fn [pkt] boolean) ; stop immediately when true (breakloop!)
Returns a lazy seq of packet maps.(list-devices)Return a simple list of available devices. On macOS, fills missing descriptions using networksetup.
Return a simple list of available devices. On macOS, fills missing descriptions using networksetup. - skips entries with blank names - applies fallback when description is blank
(lookupnet dev)Resolve network address/mask for device dev.
Success: {:net int :mask int}
Failure: throws ex-info with :phase :lookupnet.
Resolve network address/mask for device `dev`.
Success: {:net int :mask int}
Failure: throws ex-info with :phase :lookupnet.(loop! pcap handler)Poll pcap_next_ex.
handler receives maps like {:ts-sec :ts-usec :caplen :len :bytes}.
Terminates when rc<0 (EOF/error).
Poll `pcap_next_ex`.
`handler` receives maps like {:ts-sec :ts-usec :caplen :len :bytes}.
Terminates when rc<0 (EOF/error).(loop-for-ms! pcap duration-ms handler)(loop-for-ms! pcap duration-ms handler {:keys [idle-max-ms timeout-ms]})Stop after duration-ms elapsed (wall-clock). Options: {:idle-max-ms <ms> :timeout-ms <ms>} Example: (loop-for-ms! h 3000 handler) (loop-for-ms! h 3000 handler {:idle-max-ms 1000 :timeout-ms 50})
Stop after duration-ms elapsed (wall-clock).
Options: {:idle-max-ms <ms> :timeout-ms <ms>}
Example: (loop-for-ms! h 3000 handler)
(loop-for-ms! h 3000 handler {:idle-max-ms 1000 :timeout-ms 50})(loop-n! pcap n handler)(loop-n! pcap n handler {:keys [idle-max-ms timeout-ms]})Process up to n packets via pcap_next_ex, then stop. Options: {:idle-max-ms <ms> :timeout-ms <ms>} Example: (loop-n! h 10 handler) ; default behavior (loop-n! h 10 handler {:idle-max-ms 3000 :timeout-ms 100})
Process up to n packets via pcap_next_ex, then stop.
Options: {:idle-max-ms <ms> :timeout-ms <ms>}
Example: (loop-n! h 10 handler) ; default behavior
(loop-n! h 10 handler {:idle-max-ms 3000 :timeout-ms 100})(loop-n-or-ms! pcap {:keys [n ms idle-max-ms timeout-ms stop?]} handler)Stop when either n packets are processed or duration-ms is reached. conf: {:n <long> :ms <long> :idle-max-ms <ms-optional> :timeout-ms <ms-optional> :stop? <fn-optional>}
Stop when either n packets are processed or duration-ms is reached.
conf: {:n <long> :ms <long> :idle-max-ms <ms-optional> :timeout-ms <ms-optional> :stop? <fn-optional>}(open-dead)(open-dead linktype snaplen)Create a dead pcap handle for generation/writing.
linktype uses DLT_* constants. Default snaplen is 65536.
Create a dead pcap handle for generation/writing. `linktype` uses DLT_* constants. Default snaplen is 65536.
(open-live {:keys [device snaplen promiscuous? timeout-ms netmask]
:or {snaplen 65536 promiscuous? true timeout-ms 10}
:as opts})(rc->status rc)Classify pcap_next_ex return code. 1 => :packet, 0 => :timeout, -2 => :eof, anything else => :error.
Classify pcap_next_ex return code. 1 => :packet, 0 => :timeout, -2 => :eof, anything else => :error.
(rc->status-detail rc)Return a map {:rc rc :status <kw> :summary <string|nil>} that is convenient for logging when pcap_next_ex finishes with EOF (-2) or an error (-1/others).
Return a map {:rc rc :status <kw> :summary <string|nil>} that is convenient for
logging when pcap_next_ex finishes with EOF (-2) or an error (-1/others).(run-live-for-ms! opts duration-ms handler)(run-live-for-ms! {:keys [device filter snaplen promiscuous? timeout-ms]
:or {snaplen 65536 promiscuous? true timeout-ms 10}}
duration-ms
handler
{:keys [idle-max-ms]})Open live capture, optionally apply BPF, process for duration-ms, then close. Additional option: {:idle-max-ms <ms>} Example: (run-live-for-ms! {:device "en1" :timeout-ms 50} 5000 handler {:idle-max-ms 1000})
Open live capture, optionally apply BPF, process for duration-ms, then close.
Additional option: {:idle-max-ms <ms>}
Example: (run-live-for-ms! {:device "en1" :timeout-ms 50}
5000
handler
{:idle-max-ms 1000})(run-live-for-ms-summary! opts duration-ms handler)(run-live-for-ms-summary! opts duration-ms handler loop-opts)Run run-live-for-ms! and return a summary map. Example: (run-live-for-ms-summary! {:device "en0" :filter "tcp" :timeout-ms 50} 3000 (fn [_]) {:idle-max-ms 1000})
Run run-live-for-ms! and return a summary map.
Example: (run-live-for-ms-summary! {:device "en0" :filter "tcp" :timeout-ms 50} 3000 (fn [_]) {:idle-max-ms 1000})(run-live-n! opts n handler)(run-live-n! {:keys [device filter snaplen promiscuous? timeout-ms]
:or {snaplen 65536 promiscuous? true timeout-ms 10}}
n
handler
{:keys [idle-max-ms]})Open live capture, optionally apply BPF, process n packets, then close. Additional option: :idle-max-ms (:timeout-ms is shared with open-live) Example: (run-live-n! {:device "en1" :filter "tcp" :timeout-ms 100} 50 handler {:idle-max-ms 3000})
Open live capture, optionally apply BPF, process n packets, then close.
Additional option: :idle-max-ms (:timeout-ms is shared with open-live)
Example: (run-live-n! {:device "en1" :filter "tcp" :timeout-ms 100}
50
handler
{:idle-max-ms 3000})(run-live-n-summary! opts n handler)(run-live-n-summary! opts n handler loop-opts)Run run-live-n! and return a summary map. Example: (run-live-n-summary! {:device "en0" :filter "udp" :timeout-ms 50} 100 (fn [_]) {:idle-max-ms 3000})
Run run-live-n! and return a summary map.
Example: (run-live-n-summary! {:device "en0" :filter "udp" :timeout-ms 50} 100 (fn [_]) {:idle-max-ms 3000})(set-bpf! pcap expr)Apply BPF with optimize=1 and netmask=0 (unknown). Returns true.
Apply BPF with optimize=1 and netmask=0 (unknown). Returns true.
(set-bpf-on-device! pcap dev expr)Lookup device netmask for dev and apply BPF via set-bpf-with-netmask!.
Returns true.
Lookup device netmask for `dev` and apply BPF via set-bpf-with-netmask!. Returns true.
(set-bpf-with-netmask! pcap expr netmask)Apply BPF with optimize=1 and explicit netmask. Returns true.
Apply BPF with optimize=1 and explicit netmask. Returns true.
(vlan-tag->str {:keys [tpid vid pcp dei]})Render VLAN tag map {:tpid .. :vid .. :pcp .. :dei ..} as a display string.
Render VLAN tag map {:tpid .. :vid .. :pcp .. :dei ..} as a display string.
(with-dumper [sym open-expr] & body)Example: (with-dumper [d (open-dumper h "out.pcap")] (dump! d hdr data))
Example: (with-dumper [d (open-dumper h "out.pcap")] (dump! d hdr data))
(with-live [sym opts] & body)Example: (with-live [h {:device "en0" :filter "tcp"}] (loop-n! h 10 prn))
Example: (with-live [h {:device "en0" :filter "tcp"}]
(loop-n! h 10 prn))(with-offline [sym open-expr] & body)Example: (with-offline [h (open-offline "dev/resources/fixtures/sample.pcap")] (loop-for-ms! h 2000 prn)) (with-offline [h (open-offline "dev/resources/fixtures/sample.pcap" {:filter "udp"})] (loop-n! h 50 prn))
Example:
(with-offline [h (open-offline "dev/resources/fixtures/sample.pcap")]
(loop-for-ms! h 2000 prn))
(with-offline [h (open-offline "dev/resources/fixtures/sample.pcap" {:filter "udp"})]
(loop-n! h 50 prn))(with-pcap [sym open-expr] & body)Example: (with-pcap [h (open-live {:device "en0"})] (loop-n! h 10 prn))
Example: (with-pcap [h (open-live {:device "en0"})]
(loop-n! h 10 prn))cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |