Open In App

Packet Capturing using JnetPcap in Java

Improve
Improve
Like Article
Like
Save
Share
Report

What is JnetPcap?

  1. JnetPcap is an open-source Java library.
  2. It is java wrapper for all libpcap library native calls.
  3. It can be used to capture both live as well as offline data.
  4. Decoding packets is a special feature of Jnetpcap.
  5. For processing packets, you need pcap files which can be generated by using Wireshark.

JNETPCAP Installation Steps:

  • For Windows: (x64)
    1. Download and Install the latest stable version of JRE and JDK for Windows 64 bits.
    2. Download and Install the latest stable version of Eclipse for Windows 64 bit.
    3. Download stable release of jNetPcap (for 64 bit Windows) from http://jnetpcap.com/download.
    4. Extract .rar file.
    5. After extraction, copy its data link library (jnetpcap.dll) to the system32 folder with administrative permission.
    6. Now open Eclipse, create the project. right click on the project, go to properties, go to java build
    7. path, click on Add External jars and provide the path to jnetpcap.jar.

    8. Write a program and run.
  • For Linux: (x64)
    1. Prefer Ubuntu 14.04 or 16, .04 (Stable release). It contains java as default with OS installation.
    2. Install eclipse-full which will automatically install the latest supported java if it is not found. (from the command line or from software centre)
    3. Install g++ and libpcap-dev (from the command line as it does not comes in the software center if it
      not an updated one).
    4. Download stable release of jNetPcap (for 64 bit Linux) from http://jnetpcap.com/download.
    5. Extract .rar file.
    6. After extraction, copy libjnetpcap.so and libjnetpcap-pcap100.so in /usr/lib/ (as sudo).
    7. Now open Eclipse, create the project. right click on the project, go to properties, go to java build
      path, click on Add External jars and provide the path to jnetpcap.jar.
    8. Write a program and run.

What are pcap files?

Pcap stands for Packet Capture. It is used to capture network traffic. These pcap files can be read by applications such as tcpdump, wireshark, etc

Input: In this program, we will pass the folder name having pcap file as input.
Output: The program will count the total number of packets in each pcap file.

First we will generate three pcap files from a live network using wireshark

Folder_having_pcap_file

From the above screenshot, we can see that we have 3 pcap files inside abc folder.

On opening these pcap files we can see:

  1. 3.pcap

    3.pcap

    Total number of packets inside 3.pcap = 2330 
  2. 2.pcap

    2.pcap

    Total number of packets inside 2.pcap = 3361 
  3. 1.pcap

    1.pcap

    Total number of packets inside 1.pcap = 502 

    Now let’s deploy the above approach using java in any IDE :

    source_code

Source Code




// Counting the number of packets in pcap files.
  
// User defined package
package jnt;
  
import java.io.File;
import org.jnetpcap.Pcap;
import org.jnetpcap.packet.JPacket;
import org.jnetpcap.packet.JPacketHandler;
  
public class PacketCounter {
  
    // Path of the folder having pcap files
    // generated by Wireshark(change accordingly)
    static String folderpath
        = "/home/folder_where_you_have_pcap_files";
  
    static double count = 0;
    static double globalcount = 0;
  
    // main function starts here
    public static void main(String[] args)
    {
  
        // Making the object of a file
        // and giving that object address
        // of the pcap folder
        File file = new File(folderpath);
  
        // Making file array which is used
        // to access each file
        // inside the folder one-by-one
        File[] files = file.listFiles();
  
        // Accessing each file
        // one-by-one of files array
        for (File f : files) {
  
            // Getting each pcap file name
            String FILENAME
                = folderpath + f.getName();
  
            // StringBuilder is used to get
            // error messages in case
            // if any error occurs
            StringBuilder errbuf = new StringBuilder();
  
            // Making Pcap object an opening pcap file
            // in offline mode and passing pcap filename
            // and StringBuilder object to the function
            Pcap pcap = Pcap.openOffline(FILENAME, errbuf);
  
            // Here pcap object is used to start a loop
            // for capturing each  packet of an
            // each pcap file(as a pcap file can
            // have many packets) one at a time, here -1
            // indicates eof(end of file) i.e
            // until every packet is captured execute the
            // loop, we can also give some value
            // instead of -1 which will indicate the
            // number of packets to execute
            // in each pcap file
  
            pcap.loop(-1, new JPacketHandler() {
  
                // nextPacket is override function
                // of JPacketHandler( Handler which is
                // use to receive fully decoded packets)
                public void nextPacket(JPacket packet,
                                       StringBuilder errbuf)
                {
  
                    // counter to count the number of packet
                    // in each pcap file
                    count++;
                }
            }, errbuf);
  
            System.out.println("File : " + f.getName()
                               + " Number of Packets : "
                               + count);
  
            // Global counter to count the total number
            // of packets in all pcap file
            globalcount = globalcount + count;
  
            count = 0;
        }
  
        System.out.println("Total Packets in folder : "
                           + globalcount);
    }
}


Output:

First Example:
Input: “/home/abc/”(Folder’s name hardcoded in the program)
Output: File : 1.pcap Number of Packets : 502.0
File : 3.pcap Number of Packets : 2330.0
File : 2.pcap Number of Packets : 3361.0
Total Packets in folder : 6193.0

Second Example:
Input: “/home/abc/”(Folder’s name hardcoded in the program)
Output: File : tcp.pcap Number of Packets : 10.0
File : http11.pcap Number of Packets : 9.0
File : to_be_evaluated.pcap Number of Packets : 100.0
File : abcd.pcapng Number of Packets : 2.0
File : ACKStormAttack.pcap Number of Packets : 63.0
Total Packets in folder : 184.0



Last Updated : 27 Feb, 2019
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads