TCP/IP Jnetpcap java數據抓包 小demo

jpcap java用於數據抓包的另外一大jar包，因爲年久失修（不更新）折騰了一下，就被我遺棄了，改用了Jnetpcap，網上資料比較少，基本只能從官網獲取一下資料。

 

參考資料：Jnetpcap官網  http://www.jnetpcap.com/?q=examples

 

啓動數據捕獲，修改下須要捕獲的網卡就可

import java.util.ArrayList;
import java.util.Date;
import java.util.List;

import org.jnetpcap.Pcap;
import org.jnetpcap.PcapIf;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.packet.PcapPacketHandler;
import org.jnetpcap.packet.format.FormatUtils;
import org.jnetpcap.protocol.lan.Ethernet;
import org.jnetpcap.protocol.network.Ip4;

public class Test {
    public static void main(String[] args) {
        List<PcapIf> alldevs = new ArrayList<PcapIf>(); // Will be filled with
                                                        // NICs
        StringBuilder errbuf = new StringBuilder(); // For any error msgs

        /***************************************************************************
         * First get a list of devices on this system
         **************************************************************************/
        int r = Pcap.findAllDevs(alldevs, errbuf);
        if (r == Pcap.NOT_OK || alldevs.isEmpty()) {
            System.err.printf("Can't read list of devices, error is %s",
                    errbuf.toString());
            return;
        }

        System.out.println("Network devices found:");

        // 迭代找到的全部網卡
        int i = 0;
        for (PcapIf device : alldevs) {
            String description = (device.getDescription() != null) ? device
                    .getDescription() : "No description available";
            System.out.printf("#%d: %s [%s]\n", i++, device.getName(),
                    description);
        }

        PcapIf device = alldevs.get(2); // We know we have at least 1 device 選擇監聽那個網卡
        System.out.printf("\nChoosing '%s' on your behalf:\n",
                (device.getDescription() != null) ? device.getDescription()
                        : device.getName());

        /***************************************************************************
         * Second we open up the selected device
         **************************************************************************/
        // 截取長度不超過數據報max65535
        int snaplen = 64 * 1024; // Capture all packets, no trucation 截斷
        // 混雜模式
        int flags = Pcap.MODE_PROMISCUOUS; // capture all packets
        int timeout = 10 * 1000; // 10 seconds in millis
        Pcap pcap = Pcap.openLive(device.getName(), snaplen, flags, timeout,
                errbuf);

        if (pcap == null) {
            System.err.printf("Error while opening device for capture: "
                    + errbuf.toString());
            return;
        }

        /***************************************************************************
         * Third we create a packet handler which will receive packets from the
         * libpcap loop.
         **************************************************************************/
            
        //PacketHandler處理
        
        /***************************************************************************
         * Fourth we enter the loop and tell it to capture 10 packets. The loop
         * method does a mapping of pcap.datalink() DLT value to JProtocol ID,
         * which is needed by JScanner. The scanner scans the packet buffer and
         * decodes the headers. The mapping is done automatically, although a
         * variation on the loop method exists that allows the programmer to
         * sepecify exactly which protocol ID to use as the data link type for
         * this pcap interface.
         **************************************************************************/
        pcap.loop(-1, new PacketHandler<String>(), "jNetPcap rocks!");

        /***************************************************************************
         * Last thing to do is close the pcap handle
         **************************************************************************/
        pcap.close();
    }
}

 

捕獲的數據處理，設置過濾規則

import java.util.Date;

import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.packet.PcapPacketHandler;
import org.jnetpcap.protocol.lan.Ethernet;
import org.jnetpcap.protocol.network.Ip4;
import org.jnetpcap.protocol.tcpip.Http;
import org.jnetpcap.protocol.tcpip.Tcp;
import org.jnetpcap.protocol.tcpip.Udp;

public class PacketHandler<T> implements PcapPacketHandler<T> {

    @Override
    public void nextPacket(PcapPacket packet, T user) {

        Http http = new Http();
        if (!packet.hasHeader(http)) {
            return;
        }
        // System.out.printf("Received packet at %s caplen=%-4d len=%-4d %s\n",
        // new Date(packet.getCaptureHeader().timestampInMillis()), packet
        // .getCaptureHeader().caplen(), // Length
        // // actually
        // // captured
        // packet.getCaptureHeader().wirelen(), // Original
        // // length
        // user // User supplied object
        // );
        String contend = packet.toString();
        if (contend.contains("DDDDD")&&contend.contains("upass")) {
            System.out.println(contend);
        }
        // }
        // System.out.println( http.getPacket().toString());

        // System.out.println(contend);

        // String hexdump=packet.toHexdump(packet.size(), false, true,
        // false);

        // byte[] data = FormatUtils.toByteArray(hexdump);

        Ethernet eth = new Ethernet(); // Preallocate our ethernet
                                        // header
        Ip4 ip = new Ip4(); // Preallocat IP version 4 header

        Tcp tcp = new Tcp();

        Udp udp = new Udp();

        // Http http=new Http();
        // if (packet.hasHeader(eth)) {
        // System.out.printf("ethernet.type=%X\n", eth.type());
        // }
        //
        // if (packet.hasHeader(ip)) {
        // System.out.printf("ip.version=%d\n", ip.version());
        // }

    }
}

 

不足之處：截取的數據包數據是像sniff那樣，以後就查不到如何只獲取右邊編碼後的數據了