Skip to content

Instantly share code, notes, and snippets.

@reedho

reedho/clj-net-pcap basic demo

Created March 21, 2015 01:22
Show Gist options
  • Save reedho/fe2f7b8869721024a4dc to your computer and use it in GitHub Desktop.
Save reedho/fe2f7b8869721024a4dc to your computer and use it in GitHub Desktop.
Download ZIP
Reading & parsing pcap file with Clojure clj-net-pcap
Raw
clj-net-pcap basic demo
(ns pcap.core
(:require
[clj-net-pcap.core :as pcore]
[taoensso.timbre :as timbre])
(:import
org.jnetpcap.packet.PcapPacket
org.jnetpcap.protocol.JProtocol
[org.jnetpcap.protocol.lan
Ethernet]
[org.jnetpcap.protocol.network
Icmp Ip4 Ip6]
[org.jnetpcap.protocol.tcpip
Tcp Udp]
))
(timbre/refer-timbre)
(timbre/set-config! [:shared-appender-config :spit-filename] "/tmp/__pcap.log")
(timbre/set-config! [:appenders :spit :enabled?] true)
(timbre/set-level! :trace)
(def __results__ (ref []))
(def __rawpkts__ (ref []))
(defn handler-fn [^PcapPacket pkt]
(let [eth (Ethernet.)
ip4 (Ip4.)
ip6 (Ip6.)
tcp (Tcp.)
udp (Udp.)]
(dosync
(alter __rawpkts__ conj pkt)
(alter __results__
conj
[(if (.hasHeader pkt eth) "ETH" "!ETH")
(if (.hasHeader pkt ip4) "IP4" "!IP4")
(if (.hasHeader pkt ip6) "IP6" "!IP6")
(if (.hasHeader pkt tcp) "TCP" "!TCP")
(if (.hasHeader pkt udp) "UDP" "!UDP")]))))
(pcore/process-pcap-file "/tmp/test.cap" handler-fn)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment