Hi, I'm iterating though a capture file... for each packet I'd like to be able to output the best guess protocol in human presentable format.
Right now I'm doing this:
int lastID = packet.getHeaderIdByIndex(packet.getHeaderCount()-1);
String clazz = JRegistry.lookupClass(lastID).getName();
And parsing the result to try and find something like UDP, TCP, HTTP, etc. I think my method here is a little silly but can't find a better way at the moment. I'd just like a call that will work for any packet, w/o having to instantiate each type of header and then ask the packet if it has that type of header.
Any suggestions? Thanks in advance.
Hi ,
i need tcp reassembler i searched forum i saw something but that is a little complicated
can you explain this ? how to use?
and can we use this reassembler for all protocol include protocols that i wrote ?
may be a short article will be too much helpful for me ?
thanks
Hi All!!
i was looking for the Trhead http://jnetpcap.com/node/195, and i try to use the code showed there but unsucessfuly.. the program read the flows and make the "AU" files, but there are not audible ... y decode wih wireshark and i cant to get the audio file..
u cant help me to idetify what im doing wrong?
thank u 
This is my code...
package com.tpmex.jsniffer;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ArrayBlockingQueue;
import java.util.concurrent.BlockingQueue;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.jnetpcap.Pcap;
import org.jnetpcap.PcapBpfProgram;
import org.jnetpcap.PcapTask;
import org.jnetpcap.packet.JPacket;
import org.jnetpcap.packet.JRegistry;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.packet.PcapPacketHandler;
import org.jnetpcap.protocol.voip.Rtp;
import org.jnetpcap.protocol.voip.Sdp;
import org.jnetpcap.protocol.voip.Sip;
import org.jnetpcap.protocol.voip.SipHandler;
/**
* @author Mark Bednarczyk
* @author Sly Technologies, Inc.
*/
public class decode {
public static void main(String[] args) {
try {
new decode().SKIP_testRtpAudioExtract();
} catch (IOException ex) {
Logger.getLogger(decode.class.getName()).log(Level.SEVERE, null, ex);
}
}
public static Iterable getIterable(final String file) {
return new Iterable() {
public Iterator iterator() {
return getPcapPacketIterator(file, 0, Integer.MAX_VALUE);
}
};
}
public static Iterator getPcapPacketIterator(final String file,
final int start, final int end) {
return getPcapPacketIterator(file, start, end, null);
}
Exception in thread "main" java.lang.UnsatisfiedLinkError: no jnetpcap in java.library.path
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1734)
at java.lang.Runtime.loadLibrary0(Runtime.java:823)
at java.lang.System.loadLibrary(System.java:1028)
at org.jnetpcap.Pcap.
at com.kiki88.pcap.GetListInterfaces.getDevs(GetListInterfaces.java:20)
at com.kiki88.pcap.GetListInterfaces.main(GetListInterfaces.java:26)
[root@localhost ~]# ls -l /usr/lib/libjnet*
-rw-r--r-- 1 root root 897056 06-26 12:51 /usr/lib/libjnetpcap.so.1.4.b0004
[root@localhost ~]# ls -l /usr/lib/libpcap*
lrwxrwxrwx 1 root root 16 06-26 01:17 /usr/lib/libpcap.so.0 -> libpcap.so.0.9.4
lrwxrwxrwx 1 root root 16 06-26 01:17 /usr/lib/libpcap.so.0.9 -> libpcap.so.0.9.4
-rwxr-xr-x 1 root root 168544 01-27 06:41 /usr/lib/libpcap.so.0.9.4
Solution, my English not, want to be helped.
I am using centOS5.5.
please help me,Mark B
The pseudo code below demonstrates how we are attempting to use JNETPCAP.
package testparser;
import org.jnetpcap.Pcap;
import org.jnetpcap.nio.JMemory;
import org.jnetpcap.packet.Payload;
import org.jnetpcap.packet.PcapPacket;
public class Parser {
PcapPacket m_packet;
byte[] m_data;
public final void parse(String filename)
{
long packetcount = 0;
try
{
System.out.println("Parsing file " + filename);
StringBuilder errbuf = new StringBuilder();
for (long i=0;i<20;i++)
{
Pcap pcap = Pcap.openOffline(filename,errbuf);
if (pcap == null)
{
System.err.println("Unable to open file");
return;
}
while(true)
{
m_packet = new PcapPacket(JMemory.POINTER);
if (pcap.nextEx(m_packet) != Pcap.NEXT_EX_OK)
{
break;
}
Payload payload = new Payload();
if (m_packet.hasHeader(payload))
{
m_data = payload.getByteArray(0,payload.size());
}
else
{
break;
}
packetcount++;
// parse the bytes referenced by m_data here
m_data = null;
m_packet = null;
}
}
}
catch (Exception e)
{
System.err.println(e);
}
System.out.println("Processed " + packetcount + " packets.");
}
}
After opening the .PCAP file, we:
(a) navigate to each packet in turn with the class PcapPacket;
(
peer the packet payload with the class Payload
(c) retrieve the payload data bytes with the method Payload.getByteArray()
We profiled the attached Java code in NetBeans 6.5 with default JVM options. In our test run we processed 6579160 packets.
Hi,
I followed the below discussion
http://jnetpcap.org/node/195/
I got .au file but its not playing in Windows media player.
I know that getPayload() method will return undecoded packets, how to decode that packet and how will get ".au" audio file from that Payload raw data.
Can you please help me for the same.
Regards,
Gomathi.K
Hello,
I am interested in using jnetpcap. I do most of my development on OS X and I understand from searching the forums that support may be on the way, but not here yet.
Actually, I just want to read a capture file for now. I'm not intending to do any live captures... at least initially. Does this offline functionality still rely on native code? I tried to test by running NextExExample but it blew up with an unsatisfied link error- but I'm not sure if this is because the parsing functionality is actually handled by native code, or perhaps it is just because how where/how the native libraries are referenced.
Thanks!
Brian
Hej,
i recently stumbled upon this marvellous library and now i plan to build
an analysis tool which will be based on jNetPcap. This tool should
analyse and capture live traffic like Wireshark but with a slightly different focus.
(I don't want to build a second protocol dissector but focus more on the flow and session analysis.)
One requirement for this tool would be a relatively small memory footprint
but with the possibility to see the content of every captured packet on demand.
I.e. i don't want to store all the packets in the memory but nevertheless need fast access on every captured packet.
Now i wonder if there is any best practice how to achieve that.
The two possible solutions i encountered:
Receive, analyze every packet and then:
1. Store every packet immediately on the disc with the PcapDumper.dump() method and read this dump on demand (e.g. with the jNetStream-API) !?
or
2. Store the packets immediately on a DB and read on demand from the DB.
(-> this approach leads to further questions, like which DB to use, relational, OR, OO etc. )
Are there any other solutions? Has somebody tried something like this already?
I'm very happy for every feedback, hint, proposal, critique ...
Best regards
Philipp
Hi,
How to decode and get the .au audio file from undecoded packtes which i got from getPayload() method.
Regards,
Gomathi.K