Introduction
In this tip, I will show you how to use Java language to capture network packages and analyze the elements of these packages. The software is based on Windows environment. So some preparation work should be finished. Check you got all the tools which are listed below:
- winpcap4.0 and jpcap6.0
- eclipse and jigloo application
- Java environment
Background
Using C++ or C to capture packages would be so complex and especially for code beginners. Another thing is that UI interfaces is more user-friendly in Java swing. This software could achieve the basic functions of Wireshark. So, it could be very interesting and useful.
Basic Capture Theory of jpcap
No matter whether you are using linux operating system or Windows, if you want to capture packages from your computer, you must control or manipulate Network Devices (Network Card). Due to this, all the packages would be processed by Network Card.
In linux system, there is a file in the linux core named "net.h", using methods in this file could capture packages.
But this could only be done if one is very familiar with codes of linux core. To make it easier, one could install "libcap
", and using the defined methods in "libcap
". The "jpcap
" works on Windows just like "libcap
" works on linux.
Functions of Jpcap
Get Network-card List
To capture data packages which flow through your network devices, the first thing is to get a list of your Network-cards. That means you need to get all network devices which could be used to capture packages. Jpcap provides a function named JpcapCaptor.getDevices()
to get the work done. And this function returns an array of NetworkInterface
object.
NetworkInterface
API contains all its information such as Name, description, IP Address and MAC Address and Name of Data Link Layer and its description.
NetworkInterface[] devices =Jpacap.getDevicesList();
for(int i=0;i<devices.length;i++){
System.out.println(devices[i].description);
System.out.pritnln(devices[i].datalink_name+"->>"+devices[i].datalink_description);
}
Access Network Interfaces
Once you got the list of devices which could be used to capture data packages, the method JpcapCaptor.openDevice()
can used to open interfaces.
Some optional parameters could be used in this method.
Object/parameters | Function/description |
Object Networkinterface | Access Network Interface |
Int Snaplen | The Maximum Bytes of Captured Package |
Boolean Prommics | Promiscuous Mode
Using Promiscuous Mode, Network Interfaces Would Capture Packages With Various Types and Sources. While Using Non-Promiscuous Mode,network Interfaces Would Only Capture Packages With Specified Source Mac Address and Destiny Mac Address. |
Int to_ms | Over Timer |
NetworkInterface[] devices =Jpacap.getDevicesList();
JpcapCaptor captor=JpcapCaptor.openDevice(devices[index],65535,false,1000);
Get Packages from Network Interfaces
There are two methods to get captured packages. One is “Callback
” and another is “One-by-one
’.
Callback
Create a class to implement PackageReceiver
API and method receivePacket()
which belongs to PackageReceiver
could get the captured packages.
Using methods JpcapCaptor.processPacket()
and JpcapCaptor.loopPacket()
could process the captured packages.
NetworkInterface[] devices=JpcapCaptor.getDeviceList();
JpcapCaptor captor=JpcapCaptor.openDevice(devices[index],65535,false,1000);
captor.loopPacket(-1, new Receiver());
class Receiver implements PacketReceiver
{
public void receivePacket(Packet p)
{
if(p instanceof TCPPacket)
{
System.out.println(p.toString()+'\n');
}
}
}
One-by-one
Use method getPacket()
to return one package from specified network interface. Putting this method in a loop can get packages constantly.
JpcapCaptor captor=JpcapCaptor.openDevice(devices[index],65535,false,1000);
for(int i=0;i<10;i++){
System.out.println(captor.getPacket());
}
captor.close();
Set Filters
Jpcap
provides a method for users to filter packages. This method named setFilter()
belongs to JpcapCaptor
object. Here is a sample is “IP and TCP packages filter”.
JpcapCaptor captor=JpcapCaptor.openDevice(devices[index],65535,false,1000);
captor.setFilter("ip and tcp",true);
Save or Read Captured Packet Information to Files
Jpcap
allows user to save captured packages to files which could be used as “tcpdump” files or “jpcap” flies. Class JpcapWriter
gets the work done. And using JpcapCaptor.openFile()
can open files.
JpcapCaptor captor=JpcapCaptor.openDevice(devices[index],65535,false,1000);
JpcapWriter writer=JpcapWriter.openDumpFile(captor,"yourfilename");
Send Packages
The methods which are used to send packages by using Jpcap
are defined in instance JpcapSender
.
NetworkInterface[] devices=JpcapCaptor.getDeviceList();
JpcapSender sender=JpcapSender.openDevice(devices[index]);
TCPPacket p=new TCPPacket(12,34,56,78,false,false,false,false,true,true,true,true,10,10);
p.setIPV4Parameter(0,false,false,false,0,false,false,false,0,1010101,100,IPPacket.IPPacket.IPPROTO_TCP,
InetAddress.getByName("www.microsoft.com"),InetAddress.getByName("www.google.com"));
p.data=("data").getBytes();
EthernetPcaket ether =new EthernetPcaket();
ether.frametype=EthernetPcaket.ETHERTYPE_IP;
ether.src_mac=new byte[]{(byte)0,(byte)1,(byte)2,(byte)3,(byte)4,(byte)5};
ether.dst_mac=new byte[]{(byte)0,(byte)6,(byte)7,(byte)8,(byte)9,(byte)10};
p.datalink=ether;
sender.sendPacket(p);
sender.close();
History
- 2015/12/20: First version