Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / Languages / Java

Using Java Codes to Capture PIV4/IPV6 Packages

5.00/5 (1 vote)
20 Dec 2015CPOL3 min read 15.9K  
How to capture and process packages using Java language

Introduction

In this tip, I will show you how to use Java language to capture network packages and analyze the elements of these packages. The software is based on Windows environment. So some preparation work should be finished. Check you got all the tools which are listed below:

  1. winpcap4.0 and jpcap6.0
  2. eclipse and jigloo application
  3. Java environment

Background

Using C++ or C to capture packages would be so complex and especially for code beginners. Another thing is that UI interfaces is more user-friendly in Java swing. This software could achieve the basic functions of Wireshark. So, it could be very interesting and useful.

Basic Capture Theory of jpcap

No matter whether you are using linux operating system or Windows, if you want to capture packages from your computer, you must control or manipulate Network Devices (Network Card). Due to this, all the packages would be processed by Network Card.

In linux system, there is a file in the linux core named "net.h", using methods in this file could capture packages.

But this could only be done if one is very familiar with codes of linux core. To make it easier, one could install "libcap", and using the defined methods in "libcap". The "jpcap" works on Windows just like "libcap" works on linux.

Functions of Jpcap

Get Network-card List

To capture data packages which flow through your network devices, the first thing is to get a list of your Network-cards. That means you need to get all network devices which could be used to capture packages. Jpcap provides a function named JpcapCaptor.getDevices() to get the work done. And this function returns an array of NetworkInterface object.

NetworkInterface API contains all its information such as Name, description, IP Address and MAC Address and Name of Data Link Layer and its description.

Java
//Sample one: Obtain the list of network interfaces and basic information

NetworkInterface[] devices =Jpacap.getDevicesList();
for(int i=0;i<devices.length;i++){
    System.out.println(devices[i].description);
    System.out.pritnln(devices[i].datalink_name+"->>"+devices[i].datalink_description);
}

Access Network Interfaces

Once you got the list of devices which could be used to capture data packages, the method JpcapCaptor.openDevice() can used to open interfaces.

Some optional parameters could be used in this method.

Object/parameters Function/description
Object Networkinterface Access Network Interface
Int Snaplen The Maximum Bytes of Captured Package
Boolean Prommics Promiscuous Mode
Using Promiscuous Mode, Network Interfaces Would Capture Packages With Various Types and Sources. While Using Non-Promiscuous Mode,network Interfaces Would Only Capture Packages With Specified Source Mac Address and Destiny Mac Address.
Int to_ms Over Timer
Java
//Sample two: Open network devices 
NetworkInterface[] devices =Jpacap.getDevicesList();
JpcapCaptor captor=JpcapCaptor.openDevice(devices[index],65535,false,1000);

Get Packages from Network Interfaces

There are two methods to get captured packages. One is “Callback” and another is “One-by-one’.

Callback

Create a class to implement PackageReceiver API and method receivePacket() which belongs to PackageReceiver could get the captured packages.

Using methods JpcapCaptor.processPacket() and JpcapCaptor.loopPacket() could process the captured packages.

Java
NetworkInterface[] devices=JpcapCaptor.getDeviceList();
JpcapCaptor captor=JpcapCaptor.openDevice(devices[index],65535,false,1000);
        
            captor.loopPacket(-1, new Receiver());

class Receiver implements PacketReceiver
{
    public void receivePacket(Packet p)
    {
        if(p instanceof TCPPacket)
        {
            System.out.println(p.toString()+'\n');
        }
        
    }
}

One-by-one

Use method getPacket() to return one package from specified network interface. Putting this method in a loop can get packages constantly.

Java
JpcapCaptor captor=JpcapCaptor.openDevice(devices[index],65535,false,1000);

for(int i=0;i<10;i++){

   System.out.println(captor.getPacket());
}
captor.close();

Set Filters

Jpcap provides a method for users to filter packages. This method named setFilter() belongs to JpcapCaptor object. Here is a sample is “IP and TCP packages filter”.

Java
JpcapCaptor captor=JpcapCaptor.openDevice(devices[index],65535,false,1000);

captor.setFilter("ip and tcp",true);

Save or Read Captured Packet Information to Files

Jpcap allows user to save captured packages to files which could be used as “tcpdump” files or “jpcap” flies. Class JpcapWriter gets the work done. And using JpcapCaptor.openFile() can open files.

Java
JpcapCaptor captor=JpcapCaptor.openDevice(devices[index],65535,false,1000);

JpcapWriter writer=JpcapWriter.openDumpFile(captor,"yourfilename");

Send Packages

The methods which are used to send packages by using Jpcap are defined in instance JpcapSender.

Java
NetworkInterface[] devices=JpcapCaptor.getDeviceList();
JpcapSender sender=JpcapSender.openDevice(devices[index]);

//create TCP packet with specified parameters
TCPPacket p=new TCPPacket(12,34,56,78,false,false,false,false,true,true,true,true,10,10);
p.setIPV4Parameter(0,false,false,false,0,false,false,false,0,1010101,100,IPPacket.IPPacket.IPPROTO_TCP,
   InetAddress.getByName("www.microsoft.com"),InetAddress.getByName("www.google.com"));
//fill the data filed of package
p.data=("data").getBytes();

// create frames to IP package
EthernetPcaket ether =new EthernetPcaket();
ether.frametype=EthernetPcaket.ETHERTYPE_IP;
ether.src_mac=new byte[]{(byte)0,(byte)1,(byte)2,(byte)3,(byte)4,(byte)5};
ether.dst_mac=new byte[]{(byte)0,(byte)6,(byte)7,(byte)8,(byte)9,(byte)10};

//set the datalink frame of the packet p as ether
p.datalink=ether;

//send? the packet p
sender.sendPacket(p);
sender.close();

History

  • 2015/12/20: First version

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)