This document discusses using JPCAP to capture and filter network packets in Java. It describes obtaining a list of network interfaces, opening an interface for packet capture, capturing packets one-by-one using getPacket(), and setting a filter to only capture certain types of packets like TCP/IPv4. The key aspects are initializing JPCAP, selecting an interface, capturing packets in a loop, and applying filters to focus on relevant traffic.

1. Packet Filtering using JPCAP
import java.net.*;
import java.io.*;
import jpcap.JpcapCaptor;
import jpcap.JpcapSender;
import jpcap.NetworkInterface;
import jpcap.NetworkInterfaceAddress;
import jpcap.packet.*;
class Main
{
/* variables */
JpcapCaptor captor;
NetworkInterface[] list;
String str,info;
int x, choice;
public static void main(String args[])
{
new Main();
}
public Main()
{
/* first fetch available interfaces to listen on */
list = JpcapCaptor.getDeviceList();
System.out.println("Available interfaces: ");
for(x=0; x<list.length; x++)
{
System.out.println(x+" -> "+list[x].description);
}
System.out.println("-------------------------n");
choice = Integer.parseInt(getInput("Choose interface (0,1..): "));
System.out.println("Listening on interface -> "+list[choice].description);
System.out.println("-------------------------n");
/*Setup device listener */
try
{
captor=JpcapCaptor.openDevice(list[choice], 65535, false, 20);
/* listen for TCP/IP only */
captor.setFilter("ip and tcp", true);

2. }
catch(IOException ioe) { ioe.printStackTrace(); }
/* start listening for packets */
while (true)
{
Packet info = captor.getPacket();
if(info != null)
System.out.println(info);
}
}
/* get user input */
public static String getInput(String q)
{
String input = "";
System.out.print(q);
BufferedReader bufferedreader = new BufferedReader(new
InputStreamReader(System.in));
try
{
input = bufferedreader.readLine();
}
catch(IOException ioexception)
{
}
return input;
}
} /*end class*/

3. OUTPUT:
C:Packet CapturingjSniff>javac Main.java
C:Packet CapturingjSniff>java Main
Available interfaces:
0 -> MS Tunnel Interface Driver
1 -> Realtek 10/100/1000 Ethernet NIC
(Microsoft's Packet Scheduler)
-------------------------
Choose interface (0,1..): 1
Listening on interface -> Realtek 10/100/1000 Ethernet NIC
(Microsoft's Packet Scheduler)
-------------------------
1319000427:719763 /172.10.0.81->/172.10.0.132 protocol(6) priority(0) hop(128)
offset(0) ident(2203) TCP 445 > 1140 seq(2709085387) win(64592) ack 1006552375
P
1319000427:720418 /172.10.0.132->/172.10.0.81 protocol(6) priority(0) hop(128)
offset(0) ident(714) TCP 1140 > 445 seq(1006552375) win(64567) ack 2709085526
P
1319000427:721224 /172.10.0.81->/172.10.0.132 protocol(6) priority(0) hop(128)
offset(0) ident(2204) TCP 445 > 1140 seq(2709085526) win(64452) ack 1006552515
P
1319000427:721667 /172.10.0.132->/172.10.0.81 protocol(6) priority(0) hop(128)
offset(0) ident(715) TCP 1140 > 445 seq(1006552515) win(64516) ack 2709085577
P
1319000427:721972 /172.10.0.81->/172.10.0.132 protocol(6) priority(0) hop(128)
offset(0) ident(2205) TCP 445 > 1140 seq(2709085577) win(64389) ack 1006552578
P
1319000427:722751 /172.10.0.132->/172.10.0.81 protocol(6) priority(0) hop(128)
offset(0) ident(716) TCP 1140 > 445 seq(1006552578) win(64384) ack 2709085709
P
1319000427:930959 /172.10.0.81->/172.10.0.132 protocol(6) priority(0) hop(128)
offset(0) ident(2206) TCP 445 > 1140 seq(2709085709) win(65535) ack 1006553370

4. ALGORITHM:
JPCAP
Jpcap can be used to develop many kinds of network applications, including (but not
limited to):
• network and protocol analyzers
• network monitors
• traffic loggers
• traffic generators
• user-level bridges and routers
• network intrusion detection systems (NIDS)
• network scanners
• security tools
Jpcap captures and sends packets independently from the host protocols (e.g., TCP/IP).
This means that Jpcap does not (cannot) block, filter or manipulate the traffic generated
by other programs on the same machine: it simply "sniffs" the packets that transit on the
wire. Therefore, it does not provide the appropriate support for applications like traffic
shapers, QoS schedulers and personal firewalls.
1. Obtain the list of network interfaces
To capture packets from a network, obtain the list of network interfaces.
JpcapCaptor.getDeviceList()
It returns an array of NetworkInterface objects.
A NetworkInterface object contains some information about the corresponding network
interface, such as its name, description, IP and MAC addresses, and datatlink name and
description.
2. Open a network interface
Choose which network interface to captuer packets from, open the interface by
using JpcapCaptor.openDevice() method.
JpcapCaptor.openDevice()
The following piece of code illustrates how to open an network interface
Name: Purpose
NetworkInterface intrface Network interface that you want to open.
int snaplen Max number of bytes to capture at once.
boolean promics True if you want to open the interface in promiscuous
mode, and otherwise false.

5. In promiscuous mode, you can capture packets every
packet from the wire
In non-promiscuous mode, you can only capture packets
send and received by your host.
int to_ms Set a capture timeout value in milliseconds.
3. Capture packets from the network interface
There are two major approaches to capture packets using a JpcapCaptor instance: using a
callback method, and capturing packets one-by-one.
Capturing packets one-by-one
capture packets using the JpcapCaptor.getPacket() method.
getPacket() method simply returns a captured packet.
getPacket() method multiple times to capture consecutive packets.
4. Set capturing filter
In Jpcap, you can set a filter so that Jpcap doesn't capture unwanted packets. For
example, if you only want to capture TCP/IPv4 packets, you can set a filter as following:
The filter expression "ip and tcp" means to to "keep only the packets that are both IPv4
and TCP and deliver them to the application".
By properly setting a filter, you can reduce the number of packets to examine, and thus
can improve the performance of your application.