Packet filtering using jpcap


Published on

Published in: Technology
1 Comment
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Packet filtering using jpcap

  1. 1. Packet Filtering using JPCAPimport*;import*;import jpcap.JpcapCaptor;import jpcap.JpcapSender;import jpcap.NetworkInterface;import jpcap.NetworkInterfaceAddress;import jpcap.packet.*;class Main{ /* variables */ JpcapCaptor captor; NetworkInterface[] list; String str,info; int x, choice;public static void main(String args[]){ new Main();}public Main(){ /* first fetch available interfaces to listen on */ list = JpcapCaptor.getDeviceList(); System.out.println("Available interfaces: "); for(x=0; x<list.length; x++) { System.out.println(x+" -> "+list[x].description); } System.out.println("-------------------------n"); choice = Integer.parseInt(getInput("Choose interface (0,1..): ")); System.out.println("Listening on interface -> "+list[choice].description); System.out.println("-------------------------n"); /*Setup device listener */ try { captor=JpcapCaptor.openDevice(list[choice], 65535, false, 20); /* listen for TCP/IP only */ captor.setFilter("ip and tcp", true);
  2. 2. } catch(IOException ioe) { ioe.printStackTrace(); } /* start listening for packets */ while (true) { Packet info = captor.getPacket(); if(info != null) System.out.println(info); }}/* get user input */public static String getInput(String q){ String input = ""; System.out.print(q); BufferedReader bufferedreader = new BufferedReader(new InputStreamReader(; try { input = bufferedreader.readLine(); } catch(IOException ioexception) { } return input; }} /*end class*/
  3. 3. OUTPUT:C:Packet CapturingjSniff>javac Main.javaC:Packet CapturingjSniff>java MainAvailable interfaces:0 -> MS Tunnel Interface Driver1 -> Realtek 10/100/1000 Ethernet NIC(Microsofts Packet Scheduler)-------------------------Choose interface (0,1..): 1Listening on interface -> Realtek 10/100/1000 Ethernet NIC (Microsofts Packet Scheduler)-------------------------1319000427:719763 />/ protocol(6) priority(0) hop(128) offset(0) ident(2203) TCP 445 > 1140 seq(2709085387) win(64592) ack 1006552375 P1319000427:720418 />/ protocol(6) priority(0) hop(128) offset(0) ident(714) TCP 1140 > 445 seq(1006552375) win(64567) ack 2709085526P1319000427:721224 />/ protocol(6) priority(0) hop(128) offset(0) ident(2204) TCP 445 > 1140 seq(2709085526) win(64452) ack 1006552515 P1319000427:721667 />/ protocol(6) priority(0) hop(128) offset(0) ident(715) TCP 1140 > 445 seq(1006552515) win(64516) ack 2709085577P1319000427:721972 />/ protocol(6) priority(0) hop(128) offset(0) ident(2205) TCP 445 > 1140 seq(2709085577) win(64389) ack 1006552578 P1319000427:722751 />/ protocol(6) priority(0) hop(128) offset(0) ident(716) TCP 1140 > 445 seq(1006552578) win(64384) ack 2709085709P1319000427:930959 />/ protocol(6) priority(0) hop(128) offset(0) ident(2206) TCP 445 > 1140 seq(2709085709) win(65535) ack 1006553370
  4. 4. ALGORITHM:JPCAPJpcap can be used to develop many kinds of network applications, including (but notlimited to): • network and protocol analyzers • network monitors • traffic loggers • traffic generators • user-level bridges and routers • network intrusion detection systems (NIDS) • network scanners • security toolsJpcap captures and sends packets independently from the host protocols (e.g., TCP/IP).This means that Jpcap does not (cannot) block, filter or manipulate the traffic generatedby other programs on the same machine: it simply "sniffs" the packets that transit on thewire. Therefore, it does not provide the appropriate support for applications like trafficshapers, QoS schedulers and personal firewalls.1. Obtain the list of network interfacesTo capture packets from a network, obtain the list of network interfaces.JpcapCaptor.getDeviceList()It returns an array of NetworkInterface objects.A NetworkInterface object contains some information about the corresponding networkinterface, such as its name, description, IP and MAC addresses, and datatlink name anddescription.2. Open a network interfaceChoose which network interface to captuer packets from, open the interface byusing JpcapCaptor.openDevice() method.JpcapCaptor.openDevice()The following piece of code illustrates how to open an network interfaceName: PurposeNetworkInterface intrface Network interface that you want to snaplen Max number of bytes to capture at once.boolean promics True if you want to open the interface in promiscuous mode, and otherwise false.
  5. 5. In promiscuous mode, you can capture packets every packet from the wire In non-promiscuous mode, you can only capture packets send and received by your to_ms Set a capture timeout value in milliseconds.3. Capture packets from the network interfaceThere are two major approaches to capture packets using a JpcapCaptor instance: using acallback method, and capturing packets one-by-one.Capturing packets one-by-onecapture packets using the JpcapCaptor.getPacket() method.getPacket() method simply returns a captured packet.getPacket() method multiple times to capture consecutive packets.4. Set capturing filterIn Jpcap, you can set a filter so that Jpcap doesnt capture unwanted packets. Forexample, if you only want to capture TCP/IPv4 packets, you can set a filter as following:The filter expression "ip and tcp" means to to "keep only the packets that are both IPv4and TCP and deliver them to the application".By properly setting a filter, you can reduce the number of packets to examine, and thuscan improve the performance of your application.