IPMonitor Component

Properties Methods Events Config Settings Errors

The IPMonitor class allows applications to monitor network packets on multiple platforms.

Syntax

pcapfilter.IPMonitor

Remarks

IPMonitor is a lightweight struct that allows applications to monitor network activity across multiple platforms, including Windows, Linux, and macOS. It utilizes the "libpcap" library and underlying network drivers to capture and report network packets in real-time. The struct provides the ability to capture individual network packets for detailed analysis, or collect aggregated packet statistics for monitoring network performance.

Setup

Linux and macOS Before using the struct, a libpcap-compatible network library must be installed on the system. For detailed installation instructions, please refer to the Network Filter Library section. This setup only needs to be done once. Also, permissions may need to be adjusted as described in the System Configuration in Linux and macOS instructions page to allow the application to capture packets.

Windows The struct uses the NetFilter driver (can be found in the "drivers" directory of the PCAP Filter installation) and the helper libraries included in the "pcaplibs" directory of the installation. Please refer to the Driver-specific section for details on installing the driver to the system and to the User Mode Library page for information about deploying the helper libraries.

The driver must be installed via the NetFilter struct and its Install method before the driver can be used by IPMonitor. The helper libraries (packet.dll and wpcap.dll) that match your platform must be placed next to the EXE file of your application or copied to the system directory.

Retrieving Network Adapters

The first step in using the struct is to identify the name of the network adapter that will be monitored. To retrieve the list of network adapters available on the system, call the ListAdapters method. Once the method is called, the adapters will be accessible via the Adapters property.

// Retrieve the list of network adapters available on the system ipmonitor.ListAdapters(); // Display the available adapters foreach (Adapter adapter in ipmonitor.Adapters) { Console.WriteLine($"Adapter Name: {adapter.Name}"); Console.WriteLine($"Description: {adapter.Description}"); }

Packet Filters

Before starting to monitor a network adapter, filters can be applied to capture only the packets that match certain criteria.

The Direction property can be used to specify whether to capture incoming packets, outgoing packets, or both. In addition to directionality, the Filter property can be set to a pcap filter expression string that allows for filtering based on IP addresses, protocol types, ports, and more. For more information on supported filter expressions, please see the pcap-filter(7) man page. // Only capture incoming packets ipmonitor.Direction = callback.PCAPFilter.Constants.PACKET_DIRECTION_INCOMING; // Only capture TCP packets from IP 192.168.1.1 on port 80 ipmonitor.Filter = "src host 192.168.1.1 and tcp port 80";

Operation Modes

In addition to packet filters, the struct supports multiple operation modes that determine what kind of packet information will be reported.

Capture Mode

Setting the OperationMode property to omCapture (0) will cause the struct to capture individual network packets and report them through the Packet event. // Capture individual packet information ipmonitor.OperationMode = 0;

Statistical Mode

Setting the OperationMode property to omStat (1) will instead cause the struct to collect aggregated packet statistics and report them through the Statistics event. // Report aggregated packet statistics ipmonitor.OperationMode = 1;

Monitoring an Adapter

After configuring the filters and operation mode, start monitoring the network adapter by calling the Activate method and specifying the adapter name.

// Get the name of the first adapter returned by ListAdapters() ipmonitor.ListAdapters(); string adapterToMonitor = ipmonitor.Adapters[0].Name; // Start monitoring the adapter ipmonitor.Activate(adapterToMonitor);

Retrieving Packet Information

Depending on the current OperationMode, packet information is retrieved differently. In both modes, the DoEvents method must be called to prompt the struct to fire events and report packet information.

Capture Mode:

In capture mode, calling DoEvents will cause the struct to process any packets captured by the struct and fire the Packet for each one. ipmonitor.OnPacket += (s, e) => { // Print out information about each individual packet Console.WriteLine($"Packet captured at {e.TimeStamp}"); Console.WriteLine($"Packet Size: {e.PacketSize} bytes"); };

Statistical Mode:

In statistical mode, calling DoEvents will prompt the struct to collect packet statistics and report them through the Statistics event. ipmonitor.OnStatistics += (s, e) => { // Print out packet statistics Console.WriteLine($"Statistics collected at {e.TimeStamp}"); Console.WriteLine($"Packets Captured: {e.CapturedPackets}"); Console.WriteLine($"Bytes Captured: {e.CapturedBytes}"); };

Capture Statistics

Regardless of the current OperationMode, cumulative statistics about the packets captured since monitoring began can be retrieved by calling the GetStatistics method.

long receivedPackets = 0; // The number of packets received since monitoring began
long droppedPackets = 0; // The number of packets dropped by the component since monitoring began
long adapterDroppedPackets = 0; // The number of packets dropped by the adapter since monitoring began

ipmonitor.GetStatistics(ref receivedPackets, ref droppedPackets, ref adapterDroppedPackets);

Console.WriteLine($"Packets Received: {receivedPackets}");
Console.WriteLine($"Packets Dropped: {droppedPackets}");
Console.WriteLine($"Packets Dropped by Adapter: {adapterDroppedPackets}");

Deactivating Monitoring

To stop monitoring the adapter and cease reporting packets, call the Deactivate method. ipmonitor.Deactivate();

Property List

The following is the full list of the properties of the component with short descriptions. Click on the links for further details.


Active	Indicates whether the class is active and monitoring network traffic.
AdapterCount	The number of records in the Adapter arrays.
AdapterBufferSize	Specifies the size of the kernel-level buffer associated with a capture, expressed in KB (kilobytes).
AdapterCollectStatistics	Specifies whether the class should report statistics for this adapter when the class is operating in the omStat OperationMode .
AdapterDescription	The description of the network adapter.
AdapterFriendlyName	The human-readable name of the adapter, which may be modified by a user using Windows functionality.
AdapterId	Contains the Id of the adapter.
AdapterInterfaceType	Contains the type of the adapter interface.
AdapterMACAddress	The MAC address of the adapter.
AdapterMaxPacketBytes	Defines the maximum number of bytes of a packet to pass in events.
AdapterName	The name of the adapter.
AdapterPacketTimeout	Specifies the packet buffer timeout, expressed in milliseconds, which tell the driver how long it may wait before replying with no packets, when packets are not available.
AdapterPromiscuousMode	Enables or disables the promiscuous mode on the adapter, telling the adapter to capture or skippackets that pass by, i.
AdapterWiFiMonitorMode	Enables or disables the WiFi monitoring mode on the adapter.
AdapterWiFiMonitorModeSupported	Indicates whether the WiFi monitoring mode is supported by the adapter.
Direction	Specifies the direction of packets to capture.
Filter	Specifies filter criteria used to determine which network packets are captured.
OperationMode	Specifies the mode of operation.
Tag	This property stores application-defined data specific to a particular instance of the class.

Method List

The following is the full list of the methods of the component with short descriptions. Click on the links for further details.


Activate	Starts monitoring network traffic.
Config	Sets or retrieves a configuration setting.
Deactivate	Stops monitoring network traffic.
DoEvents	Processes events from the internal message queue.
GetStatistics	Retrieves the total number of packets received and dropped since monitoring began.
ListAdapters	Retrieves the network adapters available for monitoring.

Event List

The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.


Error	This event fires if an unhandled error occurs during an event.
Packet	Fires when a network packet is captured.
Statistics	Fires to provide aggregated packet statistics.

Config Settings

The following is a list of config settings for the component with short descriptions. Click on the links for further details.


NetFilterGUID	A GUID of the NetFilter driver installation.
BuildInfo	Information about the product's build.
LicenseInfo	Information about the current license.

Active Property (IPMonitor Component)

Indicates whether the class is active and monitoring network traffic.

Syntax

func (obj *IPMonitor) Active() (bool, error)

Default Value

false

Remarks

This property reflects whether the struct is actively monitoring network traffic. It is automatically set to true after a successful call to Activate, and to false when monitoring is stopped with the Deactivate method.

This property is read-only.

Data Type

bool

AdapterCount Property (IPMonitor Component)

The number of records in the Adapter arrays.

Syntax

func (obj *IPMonitor) AdapterCount() (int32, error)

Default Value

Remarks

This property controls the size of the following arrays:

AdapterBufferSize
AdapterCollectStatistics
AdapterDescription
AdapterFriendlyName
AdapterId
AdapterInterfaceType
AdapterMACAddress
AdapterMaxPacketBytes
AdapterName
AdapterPacketTimeout
AdapterPromiscuousMode
AdapterWiFiMonitorMode
AdapterWiFiMonitorModeSupported

The array indices start at 0 and end at AdapterCount - 1.

This property is read-only.

Data Type

int32

AdapterBufferSize Property (IPMonitor Component)

Specifies the size of the kernel-level buffer associated with a capture, expressed in KB (kilobytes).

Syntax

func (obj *IPMonitor) AdapterBufferSize(AdapterIndex int32) (int32, error)
func (obj *IPMonitor) SetAdapterBufferSize(AdapterIndex int32, value int32) error

Default Value

1024

Remarks

Specifies the size of the kernel-level buffer associated with a capture, expressed in KB (kilobytes).

This field is used only by the IPMonitor struct when it is using a third-party capture driver and is ignored by NetFilter driver, which manages memory dynamically.

The default value of 0 tells libpcap to use the default value hard-coded in it. In Windows, this is 1 000 000 bytes (approx.1 megabyte); in Linux, this is 2MB.

The field corresponds to the pcap_set_buffer_size() function.

This value can be changed only when the struct is not activated (the Active property is false).

The AdapterIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AdapterCount property.

Data Type

int32

AdapterCollectStatistics Property (IPMonitor Component)

Specifies whether the class should report statistics for this adapter when the class is operating in the omStat OperationMode .

Syntax

func (obj *IPMonitor) AdapterCollectStatistics(AdapterIndex int32) (bool, error)
func (obj *IPMonitor) SetAdapterCollectStatistics(AdapterIndex int32, value bool) error

Default Value

true

Remarks

Specifies whether the struct should report statistics for this adapter when the struct is operating in the omStat OperationMode.

The AdapterIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AdapterCount property.

Data Type

bool

AdapterDescription Property (IPMonitor Component)

The description of the network adapter.

Syntax

func (obj *IPMonitor) AdapterDescription(AdapterIndex int32) (string, error)

Default Value

Remarks

The description of the network adapter.

The AdapterIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AdapterCount property.

This property is read-only.

Data Type

string

AdapterFriendlyName Property (IPMonitor Component)

The human-readable name of the adapter, which may be modified by a user using Windows functionality.

Syntax

func (obj *IPMonitor) AdapterFriendlyName(AdapterIndex int32) (string, error)

Default Value

Remarks

The human-readable name of the adapter, which may be modified by a user using Windows functionality.

The AdapterIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AdapterCount property.

This property is read-only.

Data Type

string

AdapterId Property (IPMonitor Component)

Contains the Id of the adapter.

Syntax

func (obj *IPMonitor) AdapterId(AdapterIndex int32) (int32, error)

Default Value

Remarks

Contains the Id of the adapter.

Each network adapter in the system has an Id that is used in all operations of NetFilter where an adapter is referenced by the struct or must be specified by an application.

The AdapterIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AdapterCount property.

This property is read-only.

Data Type

int32

AdapterInterfaceType Property (IPMonitor Component)

Contains the type of the adapter interface.

Syntax

func (obj *IPMonitor) AdapterInterfaceType(AdapterIndex int32) (int32, error)

Default Value

Remarks

Contains the type of the adapter interface.

This field specifies the type of the network with which the adapter works. The available values are defined by IANA.

The AdapterIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AdapterCount property.

This property is read-only.

Data Type

int32

AdapterMACAddress Property (IPMonitor Component)

The MAC address of the adapter.

Syntax

func (obj *IPMonitor) AdapterMACAddress(AdapterIndex int32) (string, error)

Default Value

Remarks

The MAC address of the adapter.

This field contains the MAC address of the adapter, if such an address exists (only some adapter types have MAC addresses).

The value may be absent or contains a MAC address in HEX-encoded form where bytes are ordered in the transmission order with each byte's HEX characters separated by a hyphen ("-").

The AdapterIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AdapterCount property.

This property is read-only.

Data Type

string

AdapterMaxPacketBytes Property (IPMonitor Component)

Defines the maximum number of bytes of a packet to pass in events.

Syntax

func (obj *IPMonitor) AdapterMaxPacketBytes(AdapterIndex int32) (int32, error)
func (obj *IPMonitor) SetAdapterMaxPacketBytes(AdapterIndex int32, value int32) error

Default Value

262144

Remarks

Defines the maximum number of bytes of a packet to pass in events.

The default value of 0 tells libpcap to set the maximum length to 262 144 bytes.

The field corresponds to the pcap_set_snaplen() function.

This value can be changed only when the struct is not activated (the Active property is false).

The AdapterIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AdapterCount property.

Data Type

int32

AdapterName Property (IPMonitor Component)

The name of the adapter.

Syntax

func (obj *IPMonitor) AdapterName(AdapterIndex int32) (string, error)

Default Value

Remarks

The name of the adapter. This value can be passed into the Activate method to start monitoring the adapter in IPMonitor or as a parameter to the AddFilterRule method when adding filtration rules in NetFilter.

The AdapterIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AdapterCount property.

This property is read-only.

Data Type

string

AdapterPacketTimeout Property (IPMonitor Component)

Specifies the packet buffer timeout, expressed in milliseconds, which tell the driver how long it may wait before replying with no packets, when packets are not available.

Syntax

func (obj *IPMonitor) AdapterPacketTimeout(AdapterIndex int32) (int32, error)
func (obj *IPMonitor) SetAdapterPacketTimeout(AdapterIndex int32, value int32) error

Default Value

1000

Remarks

Specifies the packet buffer timeout, expressed in milliseconds, which tell the driver how long it may wait before replying with no packets, when packets are not available.

This field is used only by the IPMonitor struct when it is using a third-party capture driver and is ignored by NetFilter driver, which works in the so-called "immediate mode" in libpcap terms.

The value must be specified in milliseconds. The behavior if a zero or a negative value is set is not defined by libpcap, thus, it is recommended to always set the value to a positive number. The default value is 1000 ms (one second).

For the detailed description of a packet buffer timeout, please refer to libpcap documentation.

This value can be changed only when the struct is not activated (the Active property is false).

The AdapterIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AdapterCount property.

Data Type

int32

AdapterPromiscuousMode Property (IPMonitor Component)

Enables or disables the promiscuous mode on the adapter, telling the adapter to capture or skippackets that pass by, i.

Syntax

func (obj *IPMonitor) AdapterPromiscuousMode(AdapterIndex int32) (bool, error)
func (obj *IPMonitor) SetAdapterPromiscuousMode(AdapterIndex int32, value bool) error

Default Value

false

Remarks

Enables or disables the promiscuous mode on the adapter, telling the adapter to capture or skippackets that pass by, i.e., which do not originate in the given adapter and do not have it as a destination.

For the detailed description of the promiscuous mode, please refer to libpcap documentation.

In the IPMonitor struct, the field corresponds to the pcap_set_promisc() function.

This value can be changed only when the struct is not activated (the Active property is false).

The AdapterIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AdapterCount property.

Data Type

bool

AdapterWiFiMonitorMode Property (IPMonitor Component)

Enables or disables the WiFi monitoring mode on the adapter.

Syntax

func (obj *IPMonitor) AdapterWiFiMonitorMode(AdapterIndex int32) (bool, error)
func (obj *IPMonitor) SetAdapterWiFiMonitorMode(AdapterIndex int32, value bool) error

Default Value

false

Remarks

Enables or disables the WiFi monitoring mode on the adapter.

This functionality is provided by adapters, not by the driver itself, and not all WiFi adapters support this mode. Check the AdapterWiFiMonitorModeSupported field before enabling the WiFi monitoring mode.

For the detailed description of the WiFi monitoring mode, please refer to libpcap documentation, where it is described under the "monitor mode" title.

In the IPMonitor struct, the field corresponds to the pcap_set_rfmon() function.

This value can be changed only when the struct is not activated (the Active property is false).

The AdapterIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AdapterCount property.

Data Type

bool

AdapterWiFiMonitorModeSupported Property (IPMonitor Component)

Indicates whether the WiFi monitoring mode is supported by the adapter.

Syntax

func (obj *IPMonitor) AdapterWiFiMonitorModeSupported(AdapterIndex int32) (bool, error)

Default Value

false

Remarks

Indicates whether the WiFi monitoring mode is supported by the adapter. Check this value before trying to enable the WiFi monitor mode.

This functionality is provided by adapters, not by the driver itself, and not all WiFi adapters support this mode.

For the detailed description of the WiFi monitoring mode, please refer to libpcap documentation, where it is described under the "monitor mode" title.

The AdapterIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AdapterCount property.

This property is read-only.

Data Type

bool

Direction Property (IPMonitor Component)

Specifies the direction of packets to capture.

Syntax

func (obj *IPMonitor) Direction() (int32, error)
func (obj *IPMonitor) SetDirection(value int32) error

Default Value

Remarks

The property makes it possible to capture just outgoing or just incoming packets, working as a simple filter for the network packets. The property value can be one of the following:


PACKET_DIRECTION_OUTGOING	`0x00`	Outgoing packets are processed. In the events, indicates that the packet is outgoing.
PACKET_DIRECTION_INCOMING	`0x01`	Incoming packets are processed. In the events, indicates that the packet is incoming.
PACKET_DIRECTION_ANY	`0x02`	All packets are processed.

Data Type

int32

Filter Property (IPMonitor Component)

Specifies filter criteria used to determine which network packets are captured.

Syntax

func (obj *IPMonitor) Filter() (string, error)
func (obj *IPMonitor) SetFilter(value string) error

Default Value

Remarks

This property specifies a filter expression string that determines which network packets are captured and reported. For additional filtering, the Direction property can be used to limit packet capture to incoming or outgoing traffic.

This property can be set before or after calling Activate to start monitoring. In some platforms, changing the value of this property while monitoring is active may result in some packets being dropped or reported even if they do not match the new filter rules. For more details on platform-specific behavior, please see the pcap-filter(7) man page.

Filter Expression Syntax

The filter expression follows the syntax used by libpcap. A filter takes the form of a series of conditions that specify the criteria packets must meet to be captured. Expressions can be combined using conjunctions and, or, and optionally preceded by not.

[not] condition [and|or [not] condition ... ]

For more comprehensive information on filter expressions, please refer to the pcap-filter(7) documentation. Below is a simplified overview of common filter expressions:


`src\|dst host <host>`	Captures packets to or from the specified IP address or name.
`src host <host>`	Captures packets where the source is the specified host.
`dst host <host>`	Captures packets where the destination is the specified host.
`net <network>`	Captures packets to or from the specified network.
`src net <network>`	Captures packets where the source is in the specified network.
`dst net <network>`	Captures packets where the destination is in the specified network.
`port <port>`	Captures packets to or from the specified port.
`src port <port>`	Captures packets where the source port is the specified port.
`dst port <port>`	Captures packets where the destination port is the specified port.
`ether broadcast`	Captures all Ethernet broadcast packets.
`ether multicast`	Captures all Ethernet multicast packets.
`greater <length>`	Captures packets with a length greater than or equal to the specified length (in bytes).
`less <length>`	Captures packets with a length lesser than or equal to the specified length (in bytes).
`broadcast`	Captures all broadcast packets (Ethernet and IP).
`broadcast`	Captures all multicast packets (Ethernet and IP).
`<protocol>`	Captures all packets using the specified protocol.

Example (Simple): // Only capture packets to and from IP 192.168.1.1 ipmonitor.Filter = "host 192.168.1.1";

Example (Advanced): // Only capture TCP packets from IP 192.168.1.1 on port 80 ipmonitor.Filter = "src host 192.168.1.1 and tcp port 80";

Data Type

string

OperationMode Property (IPMonitor Component)

Specifies the mode of operation.

Syntax

func (obj *IPMonitor) OperationMode() (int32, error)
func (obj *IPMonitor) SetOperationMode(value int32) error

Possible Values

0   // Capture
1   // Stat

Default Value

Remarks

This property determines the type of packet information to report when DoEvents is called. The property value can be one of the following:


`omCapture (0)` (default)	Regular cached reading and writing are performed. Individual packets are reported through the Packet event. Only those packets that match the filter criteria specified in the Filter and Direction properties will trigger the event.
`omStat (1)`	The struct does not report individual packets. Instead, it will collect packet statistics and provide aggregated packet data via the Statistics event.

Data Type

int32

Tag Property (IPMonitor Component)

This property stores application-defined data specific to a particular instance of the class.

Syntax

func (obj *IPMonitor) Tag() (int64, error)
func (obj *IPMonitor) SetTag(value int64) error

Default Value

Remarks

This property can be used to store data specific to a particular instance of the struct.

Data Type

int64

Activate Method (IPMonitor Component)

Starts monitoring network traffic.

Syntax

func (obj *IPMonitor) Activate(Adapter string) error

Remarks

This method enables monitoring network packets on a specified network adapter. To disable monitoring, call Deactivate instead.

When this method is called, the struct will begin monitoring the specified adapter for network activity. Packets will be captured and reported differently depending on the value of the OperationMode property. Once monitoring is active, the Active property will be automatically set to true.

Adapter specifies the name of the network adapter to monitor. The list of available adapters can be obtained via the ListAdapters method.

Packet Reporting

When Active is set to true, the struct will report packet information based on the value of the OperationMode property.

Config Method (IPMonitor Component)

Sets or retrieves a configuration setting.

Syntax

func (obj *IPMonitor) Config(ConfigurationString string) (string, error)

Remarks

Config is a generic method available in every struct. It is used to set and retrieve configuration settings for the struct.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the struct, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

Deactivate Method (IPMonitor Component)

Stops monitoring network traffic.

Syntax

func (obj *IPMonitor) Deactivate() error

Remarks

This method stops monitoring network traffic. Once called, the struct will cease capturing packets and the Active property will be automatically set to false.

DoEvents Method (IPMonitor Component)

Processes events from the internal message queue.

Syntax

func (obj *IPMonitor) DoEvents() error

Remarks

This method processes events from the internal message queue and fires the corresponding events based on the current OperationMode. It should be called periodically to prompt the struct to fire events and report packet information.

Capture Modes

This method behaves differently depending on the value of the OperationMode property.

When OperationMode is set to omCapture (0), calling this method while monitoring is active will prompt the struct to process any packets captured since the last call and fire the Packet event for each one. If there are no new packets to report, the method will wait for a duration specified by the field of the Adapter that is being monitored before returning.

If OperationMode is set to omStat (1), calling this method will instead tell the struct to collect packet statistics since the last call and fire the Statistics event with the aggregated data.

GetStatistics Method (IPMonitor Component)

Retrieves the total number of packets received and dropped since monitoring began.

Syntax

func (obj *IPMonitor) GetStatistics(Received *int64, Dropped *int64, AdapterDropped *int64) error

Remarks

This method provides capture statistics about the packets monitored by the struct and the underlying driver since Activate was called to start monitoring.

The Received parameter provides the number of packets received since monitoring began.

The Dropped parameter provides the number of packets that were dropped since monitoring began. Packets may be dropped if the value of the field of the Adapter that is being monitored is too small to keep all of the data, or because DoEvents was called too infrequently.

The AdapterDropped parameter provides the full number of packets that were dropped by the network adapter since monitoring began.

Platform Differences

This method is platform-dependent. It uses the underlying pcap_stats() function from the libpcap library to retrieve packet statistics, which may cause the values provided in the Received, Dropped, and AdapterDropped parameters to differ depending on the platform.

Received: On some platforms, this count may include all packets, regardless of whether they matched the filter criteria set using Filter.
Dropped: This value may not be available on all platforms.
AdapterDropped: This count might not be implemented on some platforms. If its value is 0, it could indicate either no drops or that the statistic is unavailable.

For more information regarding platform differences, please see the pcap_stats() documentation.

ListAdapters Method (IPMonitor Component)

Retrieves the network adapters available for monitoring.

Syntax

func (obj *IPMonitor) ListAdapters() error

Remarks

This method populates the Adapters collection with a list of network adapters available for monitoring. Each adapter in the collection includes a name and description provided by the network driver.

This method can be used to obtain the name of a network adapter before calling Activate to start monitoring it.

Example: // Populate the 'Adapters' collection with the list of available network adapters ipmonitor.ListAdapters(); // Start monitoring the first adapter in the collection ipmonitor.Activate(ipmonitor.Adapters[0].Name);

Error Event (IPMonitor Component)

This event fires if an unhandled error occurs during an event.

Syntax

// IPMonitorErrorEventArgs carries the IPMonitor Error event's parameters.
type IPMonitorErrorEventArgs struct {...}

func (args *IPMonitorErrorEventArgs) ErrorCode() int32
func (args *IPMonitorErrorEventArgs) Description() string
// IPMonitorErrorEvent defines the signature of the IPMonitor Error event's handler function.
type IPMonitorErrorEvent func(sender *IPMonitor, args *IPMonitorErrorEventArgs)

func (obj *IPMonitor) GetOnErrorHandler() IPMonitorErrorEvent
func (obj *IPMonitor) SetOnErrorHandler(handlerFunc IPMonitorErrorEvent)

Remarks

This event fires if an unhandled error occurs during another event. Developers can use this information to track down unhandled errors in an application's event handlers.

Packet Event (IPMonitor Component)

Fires when a network packet is captured.

Syntax

// IPMonitorPacketEventArgs carries the IPMonitor Packet event's parameters.
type IPMonitorPacketEventArgs struct {...}

func (args *IPMonitorPacketEventArgs) TimeStamp() time.Time
func (args *IPMonitorPacketEventArgs) PacketSize() int32
func (args *IPMonitorPacketEventArgs) Data() []byte
func (args *IPMonitorPacketEventArgs) DataSize() int32
// IPMonitorPacketEvent defines the signature of the IPMonitor Packet event's handler function.
type IPMonitorPacketEvent func(sender *IPMonitor, args *IPMonitorPacketEventArgs)

func (obj *IPMonitor) GetOnPacketHandler() IPMonitorPacketEvent
func (obj *IPMonitor) SetOnPacketHandler(handlerFunc IPMonitorPacketEvent)

Remarks

This event fires for each packet received from the monitored network adapter. The event will only fire if OperationMode is set to omCapture (0) and the captured packet matches the filter criteria specified in Filter and Direction. Packets are reported in the order they are received from the network adapter.

The Timestamp parameter contains the time when the packet was received by the network adapter.

The PacketSize parameter contains the total size of the packet as received by the network adapter. This represents the full byte size of the packet, which may be larger than the amount of data captured in the Data parameter.

The Data parameter contains the packet data that was captured. The amount of data captured is controlled by the field of the Adapter that is being monitored.

The DataSize parameter provides the size of the data contained in the Data parameter. This value represents how much of the packet data was actually captured and made available.

Packet Reporting

When Active is set to true, the struct will report packet information based on the value of the OperationMode property.

Statistics Event (IPMonitor Component)

Fires to provide aggregated packet statistics.

Syntax

// IPMonitorStatisticsEventArgs carries the IPMonitor Statistics event's parameters.
type IPMonitorStatisticsEventArgs struct {...}

func (args *IPMonitorStatisticsEventArgs) TimeStamp() time.Time
func (args *IPMonitorStatisticsEventArgs) CapturedPackets() int64
func (args *IPMonitorStatisticsEventArgs) CapturedBytes() int64
// IPMonitorStatisticsEvent defines the signature of the IPMonitor Statistics event's handler function.
type IPMonitorStatisticsEvent func(sender *IPMonitor, args *IPMonitorStatisticsEventArgs)

func (obj *IPMonitor) GetOnStatisticsHandler() IPMonitorStatisticsEvent
func (obj *IPMonitor) SetOnStatisticsHandler(handlerFunc IPMonitorStatisticsEvent)

Remarks

This event fires to provide aggregated packet statistics collected from the network adapter. The event will only fire if OperationMode is set to omStat (1). Calling DoEvents while monitoring is active will prompt the struct to report packet statistics and fire this event.

The TimeStamp parameter contains the time when the packet statistics were collected.

The CapturedPackets parameter contains the number of packets captured since the last time the event was fired.

The CapturedBytes parameter contains the total byte size of the packets captured since the last time the event was fired.

Packet Reporting

When Active is set to true, the struct will report packet information based on the value of the OperationMode property.

Config Settings (IPMonitor Component)

The struct accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the struct, access to these internal properties is provided through the Config method.

IPMonitor Config Settings

NetFilterGUID: A GUID of the NetFilter driver installation.

When the struct uses the NetFilter driver for Windows that comes with PCAP Filter, the application must set this Windows-only configuration setting to the same GUID that was used during the installation of the driver.

Before the driver can be used, it must be installed to the system using the Install method.

On platforms other than Windows, this setting is not used.

Base Config Settings

BuildInfo: Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

LicenseInfo: Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a struct is using. It will return the following information:

Product: The product the license is for.
Product Key: The key the license was generated from.
License Source: Where the license was found (e.g., RuntimeLicense, License File).
License Type: The type of license installed (e.g., Royalty Free, Single Server).

Trappable Errors (IPMonitor Component)