Created
February 14, 2023 18:55
-
-
Save gilberto-009199/93205778ecac29d3ba39649609a62632 to your computer and use it in GitHub Desktop.
Capture packet in device network JAVA using jnetpcap
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main; | |
import org.jnetpcap.Pcap; | |
// Lib = https://sourceforge.net/projects/jnetpcap/files/jnetpcap/Latest/ | |
// Tutorial = https://www.geeksforgeeks.org/packet-capturing-using-jnetpcap-in-java/ | |
import org.jnetpcap.PcapIf; | |
import org.jnetpcap.packet.JPacket; | |
import org.jnetpcap.packet.JPacketHandler; | |
import org.jnetpcap.protocol.tcpip.Http; | |
import org.jnetpcap.protocol.tcpip.Tcp; | |
import java.util.ArrayList; | |
import java.util.List; | |
public class Main { | |
public static void main(String... args){ | |
/* 2.0 | |
String javaLibraryPath = System.getProperty(Pcap.LibraryPolicy.SYSTEM_PROPERTY_JAVA_LIBRARY_PATH); | |
String libpcapFile = System.getProperty(Pcap.LibraryPolicy.SYSTEM_PROPERTY_LIBPCAP_FILE); | |
String libpcapFilename = System.getProperty(Pcap.LibraryPolicy.SYSTEM_PROPERTY_LIBPCAP_FILENAME); | |
String libpcapNames = System.getProperty(Pcap.LibraryPolicy.SYSTEM_PROPERTY_LIBPCAP_NAMES, | |
"npcap,wpcap,pcap"); | |
String soExtensions = System.getProperty(Pcap.LibraryPolicy.SYSTEM_PROPERTY_SO_EXTENSIONS, | |
"so,dylib"); | |
System.out.println("}> " + javaLibraryPath); | |
System.out.println("}> " + libpcapFile); | |
System.out.println("}> " + libpcapFilename); | |
System.out.println("}> " + libpcapNames); | |
System.out.println("}> " + soExtensions); | |
*/ | |
List<PcapIf> alldevs = new ArrayList<>(); | |
StringBuilder error = new StringBuilder(); | |
int r = Pcap.findAllDevs(alldevs,error); | |
if (r != Pcap.OK) { | |
System.err.println("Can't read list of devices"); | |
System.err.println(error); | |
throw new RuntimeException(error.toString()); | |
} | |
// empty | |
if (alldevs.isEmpty()) { | |
return; | |
} | |
System.out.println("Network devices found:"); | |
int i = 0; | |
for (PcapIf device : alldevs) { | |
String description = (device.getDescription() != null) ? device.getName() : "No description available"; | |
System.out.printf("#%d: %s [%s]\n", i++, device.getAddresses(), description); | |
} | |
int snaplen = 64 * 1024; | |
int flags = Pcap.MODE_PROMISCUOUS; | |
int timeout = 10 * 1000; | |
Pcap pcap = Pcap.openLive(alldevs.get(9).getName(), snaplen, flags, timeout, error); | |
if (pcap == null) { | |
System.out.println("Pcap: Can't open "); | |
return; | |
} | |
JPacketHandler<String> handler = new JPacketHandler<String>() { | |
// Defining the action that will be performed each time a packet is | |
// read for the file. | |
@Override | |
public void nextPacket(JPacket packet, String user) { | |
System.out.println("Receve Packet! "+ packet.toString()); | |
Tcp tcp = new Tcp(); | |
Http http = new Http(); | |
if (packet.hasHeader(Tcp.ID)) { | |
/* | |
* Now get our tcp header definition (accessor) peered with actual | |
* memory that holds the tcp header within the packet. | |
*/ | |
packet.getHeader(tcp); | |
System.out.printf("tcp.dst_port=%d%n", tcp.destination()); | |
System.out.printf("tcp.src_port=%d%n", tcp.source()); | |
System.out.printf("tcp.ack=%x%n", tcp.ack()); | |
} | |
/* | |
* An easier way of checking if header exists and peering with memory | |
* can be done using a conveniece method JPacket.hasHeader(? extends | |
* JHeader). This method performs both operations at once returning a | |
* boolean true or false. True means that header exists in the packet | |
* and our tcp header difinition object is peered or false if the header | |
* doesn't exist and no peering was performed. | |
*/ | |
if (packet.hasHeader(tcp)) { | |
System.out.printf("tcp header::%s%n", tcp.toString()); | |
} | |
/* | |
* A typical and common approach to getting headers from a packet is to | |
* chain them as a condition for the if statement. If we need to work | |
* with both tcp and http headers, for example, we place both of them on | |
* the command line. | |
*/ | |
if (packet.hasHeader(tcp) && packet.hasHeader(http)) { | |
/* | |
* Now we are guarranteed to have both tcp and http header peered. If | |
* the packet only contained tcp segment even though tcp may have http | |
* port number, it still won't show up here since headers appear right | |
* at the beginning of http session. | |
*/ | |
System.out.printf("http header::%s%n", http); | |
/* | |
* jNetPcap keeps track of frame numbers for us. The number is simply | |
* incremented with every packet scanned. | |
*/ | |
} | |
System.out.printf("frame #%d%n", packet.getFrameNumber()); | |
} | |
}; | |
pcap.loop(-1, handler, null); | |
pcap.close(); | |
/* | |
* filter | |
* | |
PcapBpfProgram program = new PcapBpfProgram(); | |
String expr = "dst port 68 or 67"; | |
int optimize = 0; | |
int netmask = 0xFFFFFF00; | |
if (pcap.compile(program, expr, optimize, netmask) != Pcap.OK) { | |
s_logger.debug("Pcap: can't compile BPF"); | |
return null; | |
} | |
if (pcap.setFilter(program) != Pcap.OK) { | |
s_logger.debug("Pcap: Can't set filter"); | |
return null; | |
} | |
*/ | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment