December 2015

Why my customize protocol is only binded to tcp port 80?

Why my customize protocol is only binded to TCP port 80? Our project need to decode https(SSL/TLS) packets, as follow to the chapter 5 of user guide I wrote my own JHeader: TLS, code is here:
@Header(length = 5, name = "TLS", nicname = "TLS Record Header") // , suite = ProtocolSuite.TCP_IP)
public class TLS extends JHeader {

public static int TLS_RECORD_HEAD_LENGTH = 5;

@Bind(to = Tcp.class, intValue = { 443 })
public static boolean bindToTcp(JPacket packet, Tcp tcp) {
System.out.println("bind is called" + tcp.source() + " " + tcp.destination());
return (tcp.hasPayload() && (tcp.source() == 443 || tcp.destination() == 443));
}

@Field(offset = 0, length = 8)
public int contentType() {
return super.getByte(0);
}

@Dynamic(Field.Property.DESCRIPTION)
public String contentTypeDescription() {
String ret = "";
int b = contentType();
switch (b) {
case 21:
ret = "Alert"; // 警告协议(alert): 21
break;
case 22:
ret = "Handshacke";// 握手协议(handshake): 22
break;
case 20:
ret = "Change cipher specification";// 改变密码格式协议(change_cipher_spec): 20
break;
case 23:
ret = "Application data";// 应用数据协议(application_data): 23
break;
default:
break;
}
return ret;
}

@Field(offset = 8, length = 8 * 2)
public int version() {
return super.getUShort(1);
}

@Dynamic(Field.Property.DESCRIPTION)
public String versionDescription() {
String ret = "";
int v = version();
switch (v) {
case 0x301:
ret = "TLS 1.0";
break;
case 0x303:
ret = "TLS 1.2";
default:
break;
}
return ret;
}

@Field(offset = 24, length = 2 * 8)
public int length() {
return super.getUShort( 3);
}
}
According to the logging, it is registered successfully, but no TLS header was captured by PCAP. but if I open the same file from wireshark, I can see many TLS packets. so I added a debugging logging at the bind function "bindToTcp" and here is the logs I got:

I just need to know amount/size of traffic, what are optimal settings for least impact on the liunx box?

Hi, nice project, thank you.

I'm tacking amount of network traffic on linux box ubuntu 15.10 w/ your v1.4.
I accumulate like this using your sample code:
ByteBufferHandler handler = new ByteBufferHandler() {
public void nextPacket(PcapHeader header, ByteBuffer arg, Object usr) {
byteRate.delta(header.wirelen()); // in bytes

My question is what are optimal settings for low impact on linux and network. Here I'm using your sample code:
Pcap pcap = Pcap.openLive(dev_name, 128, Pcap.MODE_NON_PROMISCUOUS, 500, errbuf);
PcapBpfProgram prg = new PcapBpfProgram();
if (pcap.compile(prg, "len < 65535", 0, Innocent == Pcap.ERROR) {

Is 128 a good buffer?
Is "len < 65535" a good filter?
Should it optimize?

I only need amount of traffic per second or 2, and I record that to a local file.
Not sure what are best values, I googled for pcap settings that are optimal and no joy (as I'm Java developer).
Cheers,
Vic
apakau.com

openOffline Method to access from Android Internal Storage

Hi everyone,

I am using JnetPcap library to extract the packets from a Mobile Wireshark application required for Android project analysis. I have to capture the IP address from the pcap file and display the same on the Google Maps.

I am facing an issue reading the Internal Storage of the Android phone using the openOffline method... Can this method be used for Android Internal Storage File Directory ?? The same code is working if the directory path is specified in Windows OS running on a PC....

Any inputs would be highly appreciated...

Please find below the code for the same.

package appprofiler.appprofilerv1;

/**
* Created by soory_000 on 11/30/2015.
*/

import android.os.Environment;

import java.io.File;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.jnetpcap.Pcap;
import org.jnetpcap.nio.JMemory;
import org.jnetpcap.packet.JFlow;
import org.jnetpcap.packet.JFlowKey;
import org.jnetpcap.packet.JFlowMap;
import org.jnetpcap.packet.JPacket;
import org.jnetpcap.packet.JPacketHandler;
import org.jnetpcap.packet.JScanner;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.protocol.network.Ip4;
import org.jnetpcap.protocol.tcpip.Http;
import org.jnetpcap.protocol.tcpip.Tcp;

public class IPExtract {
final static List ipaddress = new ArrayList();
private static String FILENAME;

public IPExtract(String Filename) {
this.FILENAME = Filename;
}

public static void main(String[] args) {
final StringBuilder errbuf = new StringBuilder();
final Pcap pcap = Pcap.openOffline(FILENAME, errbuf); // While trying to debug I am getting a Library error
if (pcap == null) {
System.err.println(errbuf);
return;
}

Is jNetPcap depended on winpcap?

HI Team, I am creating a packet content filter in jNetPcap as a part of my college project. As of now my doubt is if jNetPcap can directly capture an IP Packet or does it completely depend on winpcap.

Please try and answer at the earliest.

Thank you