Introduction
In this tip, I will show you how to use Java language to capture network packages and analyze the elements of these packages. The software is based on Windows environment. So some preparation work should be finished. Check you got all the tools which are listed below:
- winpcap4.0 and jpcap6.0
- eclipse and jigloo application
- Java environment
Background
Using C++ or C to capture packages would be so complex and especially for code beginners. Another thing is that UI interfaces is more user-friendly in Java swing. This software could achieve the basic functions of Wireshark. So, it could be very interesting and useful.
Basic Capture Theory of jpcap
No matter whether you are using linux operating system or Windows, if you want to capture packages from your computer, you must control or manipulate Network Devices (Network Card). Due to this, all the packages would be processed by Network Card.
In linux system, there is a file in the linux core named "net.h", using methods in this file could capture packages.
But this could only be done if one is very familiar with codes of linux core. To make it easier, one could install "
libcap", and using the defined methods in "libcap". The "jpcap" works on Windows just like "libcap" works on linux.Functions of Jpcap
Get Network-card List
To capture data packages which flow through your network devices, the first thing is to get a list of your Network-cards. That means you need to get all network devices which could be used to capture packages. Jpcap provides a function named
JpcapCaptor.getDevices() to get the work done. And this function returns an array of NetworkInterface object.NetworkInterface API contains all its information such as Name, description, IP Address and MAC Address and Name of Data Link Layer and its description.
de
//Sample one: Obtain the list of network interfaces and basic information
NetworkInterface[] devices =Jpacap.getDevicesList();
for(int i=0;i<devices.length;i++){
System.out.println(devices[i].description);
System.out.pritnln(devices[i].datalink_name+"->>"+devices[i].datalink_description);
}
Access Network Interfaces
Once you got the list of devices which could be used to capture data packages, the method
JpcapCaptor.openDevice() can used to open interfaces.
Some optional parameters could be used in this method.
| Object/parameters | Function/description |
| ObjectNetworkinterface | Access Network Interface |
| Int Snaplen | The Maximum Bytes of Captured Package |
| Boolean Prommics | Promiscuous Mode Using Promiscuous Mode, Network Interfaces Would Capture Packages With Various Types and Sources. While Using Non-Promiscuous Mode,network Interfaces Would Only Capture Packages With Specified Source Mac Address and Destiny Mac Address. |
| Int to_ms | Over Timer |
ode
//Sample two: Open network devices
NetworkInterface[] devices =Jpacap.getDevicesList();
JpcapCaptor captor=JpcapCaptor.openDevice(devices[index],65535,false,1000);
Get Packages from Network Interfaces
There are two methods to get captured packages. One is “
Callback” and another is “One-by-one’.Callback
Create a class to implement
PackageReceiver API and method receivePacket() which belongs toPackageReceiver could get the captured packages.
Using methods
JpcapCaptor.processPacket() and JpcapCaptor.loopPacket() could process the captured packages.
Hide Copy Code
NetworkInterface[] devices=JpcapCaptor.getDeviceList();
JpcapCaptor captor=JpcapCaptor.openDevice(devices[index],65535,false,1000);
captor.loopPacket(-1, new Receiver());
class Receiver implements PacketReceiver
{
public void receivePacket(Packet p)
{
if(p instanceof TCPPacket)
{
System.out.println(p.toString()+'\n');
}
}
}
One-by-one
Use method
getPacket() to return one package from specified network interface. Putting this method in a loop can get packages constantly.JpcapCaptor captor=JpcapCaptor.openDevice(devices[index],65535,false,1000);
for(int i=0;i<10;i++){
System.out.println(captor.getPacket());
}
captor.close();
Set Filters
Jpcap provides a method for users to filter packages. This method named setFilter() belongs toJpcapCaptor object. Here is a sample is “IP and TCP packages filter”.
de
JpcapCaptor captor=JpcapCaptor.openDevice(devices[index],65535,false,1000);
captor.setFilter("ip and tcp",true);
Save or Read Captured Packet Information to Files
Jpcap allows user to save captured packages to files which could be used as “tcpdump” files or “jpcap” flies. ClassJpcapWriter gets the work done. And using JpcapCaptor.openFile() can open files.
Hide Copy Code
JpcapCaptor captor=JpcapCaptor.openDevice(devices[index],65535,false,1000);
JpcapWriter writer=JpcapWriter.openDumpFile(captor,"yourfilename");
Send Packages
The methods which are used to send packages by using
Jpcap are defined in instance JpcapSender.
de
NetworkInterface[] devices=JpcapCaptor.getDeviceList();
JpcapSender sender=JpcapSender.openDevice(devices[index]);
//create TCP packet with specified parameters
TCPPacket p=new TCPPacket(12,34,56,78,false,false,false,false,true,true,true,true,10,10);
p.setIPV4Parameter(0,false,false,false,0,false,false,false,0,1010101,100,IPPacket.IPPacket.IPPROTO_TCP,
InetAddress.getByName("www.microsoft.com"),InetAddress.getByName("www.google.com"));
//fill the data filed of package
p.data=("data").getBytes();
// create frames to IP package
EthernetPcaket ether =new EthernetPcaket();
ether.frametype=EthernetPcaket.ETHERTYPE_IP;
ether.src_mac=new byte[]{(byte)0,(byte)1,(byte)2,(byte)3,(byte)4,(byte)5};
ether.dst_mac=new byte[]{(byte)0,(byte)6,(byte)7,(byte)8,(byte)9,(byte)10};
//set the datalink frame of the packet p as ether
p.datalink=ether;
//send? the packet p
sender.sendPacket(p);
sender.close();
No comments:
Post a Comment