January 2015

Converting a bytes[] to a pcap file

Hi,

I currently have java code that is reading DatagramPackets from a MulticastSocket

Code follows the below pattern -

MulticastSocket socket = new MulticastSocket(PORT);
socket.setSoTimeout(500);
socket.setInterface(InetAddress.getByName(INTERFACE));
socket.joinGroup(InetAddress.getByName(MULTICAST));

I then have a read() method which I continuously poll -

public void read() throws IOException {
byte[] buffer = new byte[65 * 1024];
DatagramPacket recv = new DatagramPacket(buffer, buffer.length);
try {
socket.receive(recv);
} catch (SocketTimeoutException ignore) {
return;
}

byte[] byteData = recv.getData();

}

I now want to load this byteData into a PcapPacket object to eventually write to a pcap file. I tried doing the following -

PcapPacket pcapPacket = new PcapPacket(byteData);

but I get an error -java.lang.IndexOutOfBoundsException: Invalid [200,1380930833,1380930633) range.

I'm completely new to Jnetpcap - so any guidance would be much appreciated.

How to get full packet in hexadecimal format

Please let me know how do we get for a packet -

Packet Payload + All headers of Packet -> in hexadecimal format (like we see in wireshark)

Please help me. Its urgent..!!

How to read full pcap file

for creating loop in jnetpcap we use-

pcap.loop(10, jpacketHandler, "jNetPcap rocks!");

This will run loop for 10 times to read 10 packets from pcap file
I want to run this loop to read pcap file till EOF (end of file).
What modification do I need to make in the loop ?

diffrentiate p2p know protocols from botnet traffic

Hi all,
have u guys heard about botnet? ya of course . what about p2p botnets?
there are new generation of botnets which use p2p network for their c&c communication system.
im doing research on how to differentiate file sharing known p2p protocol applications from botnet traffic which uses p2p protocols. which information in header or payload is only being used for p2p file sharing applications and not by botnets? what is very obvious difference in packets between those apps traffic and botnets? can it be size of packets?the time gap between data transfer?...

and some botnet p2p are using encryption like AES256 to encrypt communication between c&c and bots and among bots. is there any possibility to decrypt those data to find any evidence of their malicious activity?

any answer, would be appreciated, except spamming. u can send spam to my personal gmail email, i have special box for those Laughing out loud

thank you