Packet Capturing using JnetPcap in Java

What is JnetPcap?

  1. JnetPcap is an open-source Java library.
  2. It is java wrapper for all libpcap library native calls.
  3. It can be used to capture both live as well as offline data.
  4. Decoding packets is a special feature of Jnetpcap.
  5. For processing packets, you need pcap files which can be generated by using Wireshark.

JNETPCAP Installation Steps:

  • For Windows: (x64)
    1. Download and Install the latest stable version of JRE and JDK for Windows 64 bits.
    2. Download and Install the latest stable version of Eclipse for Windows 64 bit.
    3. Download stable release of jNetPcap (for 64 bit Windows) from http://jnetpcap.com/download.
    4. Extract .rar file.
    5. After extraction, copy its data link library (jnetpcap.dll) to the system32 folder with administrative permission.
    6. Now open Eclipse, create the project. right click on the project, go to properties, go to java build
    7. path, click on Add External jars and provide the path to jnetpcap.jar.

    8. Write a program and run.
  • For Linux: (x64)
    1. Prefer Ubuntu 14.04 or 16, .04 (Stable release). It contains java as default with OS installation.
    2. Install eclipse-full which will automatically install the latest supported java if it is not found. (from the command line or from software centre)
    3. Install g++ and libpcap-dev (from the command line as it does not comes in the software center if it
      not an updated one).
    4. Download stable release of jNetPcap (for 64 bit Linux) from http://jnetpcap.com/download.
    5. Extract .rar file.
    6. After extraction, copy libjnetpcap.so and libjnetpcap-pcap100.so in /usr/lib/ (as sudo).
    7. Now open Eclipse, create the project. right click on the project, go to properties, go to java build
      path, click on Add External jars and provide the path to jnetpcap.jar.
    8. Write a program and run.

What are pcap files?

Pcap stands for Packet Capture. It is used to capture network traffic. These pcap files can be read by applications such as tcpdump, wireshark, etc

Input: In this program, we will pass the folder name having pcap file as input.
Output: The program will count the total number of packets in each pcap file.



First we will generate three pcap files from a live network using wireshark

Folder_having_pcap_file

From the above screenshot, we can see that we have 3 pcap files inside abc folder.

On opening these pcap files we can see:

  1. 3.pcap

    3.pcap

    Total number of packets inside 3.pcap = 2330 
  2. 2.pcap

    2.pcap

    Total number of packets inside 2.pcap = 3361 
  3. 1.pcap

    1.pcap

    Total number of packets inside 1.pcap = 502 

    Now let’s deploy the above approach using java in any IDE :

    source_code

Source Code

filter_none

edit
close

play_arrow

link
brightness_4
code

// Counting the number of packets in pcap files.
  
// User defined package
package jnt;
  
import java.io.File;
import org.jnetpcap.Pcap;
import org.jnetpcap.packet.JPacket;
import org.jnetpcap.packet.JPacketHandler;
  
public class PacketCounter {
  
    // Path of the folder having pcap files
    // generated by Wireshark(change accordingly)
    static String folderpath
        = "/home/folder_where_you_have_pcap_files";
  
    static double count = 0;
    static double globalcount = 0;
  
    // main function starts here
    public static void main(String[] args)
    {
  
        // Making the object of a file
        // and giving that object address
        // of the pcap folder
        File file = new File(folderpath);
  
        // Making file array which is used
        // to access each file
        // inside the folder one-by-one
        File[] files = file.listFiles();
  
        // Accessing each file
        // one-by-one of files array
        for (File f : files) {
  
            // Getting each pcap file name
            String FILENAME
                = folderpath + f.getName();
  
            // StringBuilder is used to get
            // error messages in case
            // if any error occurs
            StringBuilder errbuf = new StringBuilder();
  
            // Making Pcap object an opening pcap file
            // in offline mode and passing pcap filename
            // and StringBuilder object to the function
            Pcap pcap = Pcap.openOffline(FILENAME, errbuf);
  
            // Here pcap object is used to start a loop
            // for capturing each  packet of an
            // each pcap file(as a pcap file can
            // have many packets) one at a time, here -1
            // indicates eof(end of file) i.e
            // until every packet is captured execute the
            // loop, we can also give some value
            // instead of -1 which will indicate the
            // number of packets to execute
            // in each pcap file
  
            pcap.loop(-1, new JPacketHandler() {
  
                // nextPacket is override function
                // of JPacketHandler( Handler which is
                // use to receive fully decoded packets)
                public void nextPacket(JPacket packet,
                                       StringBuilder errbuf)
                {
  
                    // counter to count the number of packet
                    // in each pcap file
                    count++;
                }
            }, errbuf);
  
            System.out.println("File : " + f.getName()
                               + " Number of Packets : "
                               + count);
  
            // Global counter to count the total number
            // of packets in all pcap file
            globalcount = globalcount + count;
  
            count = 0;
        }
  
        System.out.println("Total Packets in folder : "
                           + globalcount);
    }
}

chevron_right


Output:

First Example:
Input: “/home/abc/”(Folder’s name hardcoded in the program)
Output: File : 1.pcap Number of Packets : 502.0
File : 3.pcap Number of Packets : 2330.0
File : 2.pcap Number of Packets : 3361.0
Total Packets in folder : 6193.0

Second Example:
Input: “/home/abc/”(Folder’s name hardcoded in the program)
Output: File : tcp.pcap Number of Packets : 10.0
File : http11.pcap Number of Packets : 9.0
File : to_be_evaluated.pcap Number of Packets : 100.0
File : abcd.pcapng Number of Packets : 2.0
File : ACKStormAttack.pcap Number of Packets : 63.0
Total Packets in folder : 184.0



My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.




Article Tags :
Practice Tags :


Be the First to upvote.


Please write to us at contribute@geeksforgeeks.org to report any issue with the above content.