úÎ lg’X      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVW non-portable experimental7nickburlett@mac.com, dominic.steinitz@blueyonder.co.uk NDatalink types. 8This covers all of the datalink types defined in bpf.h. * Types defined on your system may vary.  Aironet (Cisco) 802.11 wireless !Intersil Prism II wireless chips  Cisco IOS OpenBSD's pflog OpenBSD's old ipfilter  Acorn Econet Apple LocalTalk Linux cooked sockets OpenBSD loopback device IEEE 802.11 wireless  Cisco HDLC PPP over ethernet (PPP over serial with HDLC encapsulation Linux classical IP over ATM BSD OS point-to-point protocol BSD OS serial line IP raw IP LLC SNAP encapsulated ATM FDDI Point-to-point protocol Serial line IP ARCNET IEEE 802 networks Chaos Proteon ProNET Token Ring amateur radio AX.25 $original 3 Mbit per second ethernet (10 Mbit per second (or faster) ethernet no link layer encapsulation >the type of the callback function passed to dispatch or loop. =The network address record. Both the address and mask are in  network byte order. !IPv4 network address " IPv4 netmask #=The socket address record. Note that this is not the same as @ SockAddr from Network.Sockets. (That is a Haskell version of E struct sockaddr_in. This is the real struct sockaddr from the BSD  network stack.) %-an address family exported by Network.Socket 'The address structure )interface address * network mask +broadcast address ,*address of peer, of a point-to-point link -The interface structure /the interface name 0&interface description string (if any) 1-address families supported by this interface 5packets received 6packets dropped by libpcap 7!packets dropped by the interface :timestamp (seconds) ;timestamp (microseconds) <#number of bytes present in capture =number of bytes on the wire >savefile descriptor ?packet capture descriptor @(Compiled Berkeley Packet Filter program AopenOffline opens a "savefile"% for reading. The file foramt is the # as used for tcpdump. The string "-" is a synonym for stdin. B@openLive is used to get a packet descriptor that can be used to F look at packates on the network. The arguments are the device name, C the snapshot legnth (in bytes), the promiscuity of the interface 7 (True == promiscuous) and a timeout in milliseconds. Using "any"> as the device name will capture packets from all interfaces. $ On some systems, reading from the "any" device is incompatible with K setting the interfaces into promiscuous mode. In that case, only packets I whose link layer addresses match those of the interfaces are captured. CDopenDead is used to get a packet capture descriptor without opening L a file or device. It is typically used to test packet filter compilation I by setFilter. The arguments are the linktype and the snapshot length. DopenDump opens a "savefile"* for writing. This savefile is written to K by the dump function. The arguments are a raw packet capture descriptor  and the filename, with "-" as a synonym for stdout. EFSet a filter on the specified packet capture descriptor. Valid filter * strings are those accepted by tcpdump. FFCompile a filter for use by another program using the Berkeley Packet  Filter library. G=lookupDev returns the name of a device suitable for use with E openLive and lookupNet. If you only have one interface, it is the 0 function of choice. If not, see findAllDevs. H?findAllDevs returns a list of all the network devices that can A be opened by openLive. It returns only those devices that the D calling process has sufficient privileges to open, so it may not $ find every device on the system. I@Return the network address and mask for the specified interface 3 name. Only valid for IPv4. For other protocols, B use findAllDevs and search the Address list for the associated  network mask. J?Set a packet capture descriptor into non-blocking mode, if the D second argument is True, otherwise put it in blocking mode. Note K that the packet capture descripto must have been obtaine from openLive. KBReturn the blocking status of the packet capture descriptor. Ture H indicates that the descriptor is non-blocking. Descriptors referring 5 savefiles opened by openDump always reutre False. LBCollect and process packets. The arguments are the packet capture 2 descriptor, the count and a callback function. HThe count is the maximum number of packets to process before returning. I A count of -1 means process all of the packets received in one buffer I (if a live capture) or all of the packets in a savefile (if offline). ?The callback function is passed two arguments, a packet header C record and a pointer to the packet data (Ptr Word8). THe header C record contains the number of bytes captured, whcih can be used - to marshal the data into a list or array. MDSimilar to dispatch, but loop until the number of packets specified D by the second argument are read. A negative value loops forever. IIt does not return when a live read tiemout occurs. Use dispatch instead % if you wnat to specify a timeout. N>Read the next packet (by calling dispatch with a count of 1). O>Write the packet data given by the second and third arguments C to a savefile opened by openDead. dump is designed so it can be C easily used as a default callback function by dispatch or loop. PEReturns the datalink type associated with the given pcap descriptor. Q4Sets the datalink type for a given pcap descriptor. RDList all the datalink types supported by a pcap descriptor. Entries ? from the resulting list are valid arguments to setDatalink. S>Returns the number of packets received, the number of packets B dropped by the packet filter and the number of packets dropped > by the interface (before processing by the packet filter). T%Major version number of the library. U%Minor version number of the library. V;isSwapped is True if the current savefile uses a different 1 byte order than the one native to the system. W;The snapshot length that was used in the call to openLive. X  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWX?>@ -./012'()*+,#$%& !"89:;<=34567ABCDEFGHIJKPQRLMNOSTUVWX   !" !"#$%&$%&'()*+,()*+,-./012./01234567456789:;<=9:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWX      !!"#$$%&''()*+,,-./011234556789:;<=>?@ABCDEFGHIJKLMNOPQRSTpcap-0.2 Network.PcapLinkDLT_AIRONET_HEADERDLT_PRISM_HEADER DLT_CISCO_IOS DLT_PFLOG DLT_IPFILTER DLT_ECONET DLT_LTALK DLT_LINUX_SLLDLT_LOOPDLT_IEEE802_11 DLT_C_HDLC DLT_PPP_ETHERDLT_PPP_SERIAL DLT_ATM_CLIP DLT_PPP_BSDOSDLT_SLIP_BSDOSDLT_RAWDLT_ATM_RFC1483DLT_FDDIDLT_PPPDLT_SLIP DLT_ARCNET DLT_IEEE802 DLT_CHAOS DLT_PRONETDLT_AX25 DLT_EN3MB DLT_EN10MBDLT_NULLCallbackNetworknetAddrnetMaskSockAddrsockAddrFamily sockAddrAddrPcapAddrifAddrifMaskifBcastifPeer InterfaceifName ifDescription ifAddressesifFlags StatisticsrecvdropifdropPktHdrsecuseccaplenlenPdumpPcap BpfProgram openOfflineopenLiveopenDeadopenDump setFilter compileFilter lookupDev findAllDevs lookupNet setNonBlock getNonBlockdispatchloopnextdumpdatalink setDatalink listDatalinks statistics majorVersion minorVersion isSwapped snapshotLen