What is JnetPcap?
- JnetPcap is an open-source Java library.
- It is java wrapper for all libpcap library native calls.
- It can be used to capture both live as well as offline data.
- Decoding packets is a special feature of Jnetpcap.
- For processing packets, you need pcap files which can be generated by using Wireshark.
JNETPCAP Installation Steps:
- For Windows: (x64)
- Download and Install the latest stable version of JRE and JDK for Windows 64 bits.
- Download and Install the latest stable version of Eclipse for Windows 64 bit.
- Download stable release of jNetPcap (for 64 bit Windows) from http://jnetpcap.com/download.
- Extract .rar file.
- After extraction, copy its data link library (jnetpcap.dll) to the system32 folder with administrative permission.
- Now open Eclipse, create the project. right click on the project, go to properties, go to java build
path, click on Add External jars and provide the path to jnetpcap.jar.
- Write a program and run.
- For Linux: (x64)
- Prefer Ubuntu 14.04 or 16, .04 (Stable release). It contains java as default with OS installation.
- Install eclipse-full which will automatically install the latest supported java if it is not found. (from the command line or from software centre)
- Install g++ and libpcap-dev (from the command line as it does not comes in the software center if it
not an updated one). - Download stable release of jNetPcap (for 64 bit Linux) from http://jnetpcap.com/download.
- Extract .rar file.
- After extraction, copy libjnetpcap.so and libjnetpcap-pcap100.so in /usr/lib/ (as sudo).
- Now open Eclipse, create the project. right click on the project, go to properties, go to java build
path, click on Add External jars and provide the path to jnetpcap.jar. - Write a program and run.
What are pcap files?
Pcap stands for Packet Capture. It is used to capture network traffic. These pcap files can be read by applications such as tcpdump, wireshark, etc
Input: In this program, we will pass the folder name having pcap file as input.
Output: The program will count the total number of packets in each pcap file.
First we will generate three pcap files from a live network using wireshark
Folder_having_pcap_file
From the above screenshot, we can see that we have 3 pcap files inside abc folder.
On opening these pcap files we can see:
- 3.pcap
3.pcap
Total number of packets inside 3.pcap = 2330
- 2.pcap
2.pcap
Total number of packets inside 2.pcap = 3361
- 1.pcap
1.pcap
Total number of packets inside 1.pcap = 502
Now let’s deploy the above approach using java in any IDE :
source_code
Source Code
package jnt;
import java.io.File;
import org.jnetpcap.Pcap;
import org.jnetpcap.packet.JPacket;
import org.jnetpcap.packet.JPacketHandler;
public class PacketCounter {
static String folderpath
= "/home/folder_where_you_have_pcap_files";
static double count = 0;
static double globalcount = 0;
public static void main(String[] args)
{
File file = new File(folderpath);
File[] files = file.listFiles();
for (File f : files) {
String FILENAME
= folderpath + f.getName();
StringBuilder errbuf = new StringBuilder();
Pcap pcap = Pcap.openOffline(FILENAME, errbuf);
pcap.loop(-1, new JPacketHandler() {
public void nextPacket(JPacket packet,
StringBuilder errbuf)
{
count++;
}
}, errbuf);
System.out.println("File : " + f.getName()
+ " Number of Packets : "
+ count);
globalcount = globalcount + count;
count = 0;
}
System.out.println("Total Packets in folder : "
+ globalcount);
}
}
|
Output:
First Example:
Input: “/home/abc/”(Folder’s name hardcoded in the program)
Output: File : 1.pcap Number of Packets : 502.0
File : 3.pcap Number of Packets : 2330.0
File : 2.pcap Number of Packets : 3361.0
Total Packets in folder : 6193.0
Second Example:
Input: “/home/abc/”(Folder’s name hardcoded in the program)
Output: File : tcp.pcap Number of Packets : 10.0
File : http11.pcap Number of Packets : 9.0
File : to_be_evaluated.pcap Number of Packets : 100.0
File : abcd.pcapng Number of Packets : 2.0
File : ACKStormAttack.pcap Number of Packets : 63.0
Total Packets in folder : 184.0