What is JnetPcap?
- JnetPcap is an open-source Java library.
- It is java wrapper for all libpcap library native calls.
- It can be used to capture both live as well as offline data.
- Decoding packets is a special feature of Jnetpcap.
- For processing packets, you need pcap files which can be generated by using Wireshark.
JNETPCAP Installation Steps:
- For Windows: (x64)
- Download and Install the latest stable version of JRE and JDK for Windows 64 bits.
- Download and Install the latest stable version of Eclipse for Windows 64 bit.
- Download stable release of jNetPcap (for 64 bit Windows) from http://jnetpcap.com/download.
- Extract .rar file.
- After extraction, copy its data link library (jnetpcap.dll) to the system32 folder with administrative permission.
- Now open Eclipse, create the project. right click on the project, go to properties, go to java build
path, click on Add External jars and provide the path to jnetpcap.jar.
- Write a program and run.
- For Linux: (x64)
- Prefer Ubuntu 14.04 or 16, .04 (Stable release). It contains java as default with OS installation.
- Install eclipse-full which will automatically install the latest supported java if it is not found. (from the command line or from software centre)
- Install g++ and libpcap-dev (from the command line as it does not comes in the software center if it
not an updated one). - Download stable release of jNetPcap (for 64 bit Linux) from http://jnetpcap.com/download.
- Extract .rar file.
- After extraction, copy libjnetpcap.so and libjnetpcap-pcap100.so in /usr/lib/ (as sudo).
- Now open Eclipse, create the project. right click on the project, go to properties, go to java build
path, click on Add External jars and provide the path to jnetpcap.jar. - Write a program and run.
What are pcap files?
Pcap stands for Packet Capture. It is used to capture network traffic. These pcap files can be read by applications such as tcpdump, wireshark, etc
Input: In this program, we will pass the folder name having pcap file as input.
Output: The program will count the total number of packets in each pcap file.
First we will generate three pcap files from a live network using wireshark
From the above screenshot, we can see that we have 3 pcap files inside abc folder.
On opening these pcap files we can see:
- 3.pcap
Total number of packets inside 3.pcap = 2330
- 2.pcap
Total number of packets inside 2.pcap = 3361
- 1.pcap
Total number of packets inside 1.pcap = 502
Now let’s deploy the above approach using java in any IDE :
Source Code
// Counting the number of packets in pcap files. // User defined package package jnt; import java.io.File; import org.jnetpcap.Pcap; import org.jnetpcap.packet.JPacket; import org.jnetpcap.packet.JPacketHandler; public class PacketCounter { // Path of the folder having pcap files // generated by Wireshark(change accordingly) static String folderpath = "/home/folder_where_you_have_pcap_files" ; static double count = 0 ; static double globalcount = 0 ; // main function starts here public static void main(String[] args) { // Making the object of a file // and giving that object address // of the pcap folder File file = new File(folderpath); // Making file array which is used // to access each file // inside the folder one-by-one File[] files = file.listFiles(); // Accessing each file // one-by-one of files array for (File f : files) { // Getting each pcap file name String FILENAME = folderpath + f.getName(); // StringBuilder is used to get // error messages in case // if any error occurs StringBuilder errbuf = new StringBuilder(); // Making Pcap object an opening pcap file // in offline mode and passing pcap filename // and StringBuilder object to the function Pcap pcap = Pcap.openOffline(FILENAME, errbuf); // Here pcap object is used to start a loop // for capturing each packet of an // each pcap file(as a pcap file can // have many packets) one at a time, here -1 // indicates eof(end of file) i.e // until every packet is captured execute the // loop, we can also give some value // instead of -1 which will indicate the // number of packets to execute // in each pcap file pcap.loop(- 1 , new JPacketHandler() { // nextPacket is override function // of JPacketHandler( Handler which is // use to receive fully decoded packets) public void nextPacket(JPacket packet, StringBuilder errbuf) { // counter to count the number of packet // in each pcap file count++; } }, errbuf); System.out.println( "File : " + f.getName() + " Number of Packets : " + count); // Global counter to count the total number // of packets in all pcap file globalcount = globalcount + count; count = 0 ; } System.out.println( "Total Packets in folder : " + globalcount); } } |
Output:
First Example:
Input: “/home/abc/”(Folder’s name hardcoded in the program)
Output: File : 1.pcap Number of Packets : 502.0
File : 3.pcap Number of Packets : 2330.0
File : 2.pcap Number of Packets : 3361.0
Total Packets in folder : 6193.0Second Example:
Input: “/home/abc/”(Folder’s name hardcoded in the program)
Output: File : tcp.pcap Number of Packets : 10.0
File : http11.pcap Number of Packets : 9.0
File : to_be_evaluated.pcap Number of Packets : 100.0
File : abcd.pcapng Number of Packets : 2.0
File : ACKStormAttack.pcap Number of Packets : 63.0
Total Packets in folder : 184.0