- Tutorials
- API Examples
- User Guide
- Ch 1 - The Basics
- Ch 2 - libpcap
- 2.1 - The Main libpcap API Overview
- 2.2 - Getting a List of Interfaces
- 2.3 - Opening a Network Interface for Capture
- 2.4 - Opening offline capture
- 2.5 - Setting a packet filter
- 2.6 - Reading one packet at a time
- 2.7 - Reading multiple packets with dispatch loops
- 2.8 - Dumping captured packet to an offline file
- 2.9 - Transmitting packets
- 2.10 - Close Pcap and PcapDumper handles
- Ch 3 - Packet Decoding
- Ch 4 - Internals
- Ch 5 - Protocols
- Ch 6 - Native API
Submitted by Mark B. on Fri, 04/03/2009 - 05:40
The tcp-reassembler is working. I wrote up a tiny little GUI application that displays all images found in a file full of http packets that were transmitting various images. All images span multiple TCP segments. They are seamlessly reassembled and passed over to my handler for processing. The handler creates an AWT image out of them and adds it to a SWING application.
The SWING application is very simple. It creates a single panel using BoxLayout and puts the list of images up on top of the window using regular swing List component. In the mid section of the panel it displays the image that is selected. Here is what it looks like:
And here is the entire application (minus the GUI stuff). You need the dev snapshot jnetpcap-1.3.b0001-milestone1 to run this, incase you are wondering:
package org.jnetpcap.protocol.tcpip;
import java.awt.Image;
import org.jnetpcap.packet.JPacket;
import org.jnetpcap.packet.JRegistry;
import org.jnetpcap.packet.TestUtils;
import org.jnetpcap.packet.analysis.JController;
import org.jnetpcap.protocol.application.WebImage;
import org.jnetpcap.protocol.tcpip.Http.ContentType;
import org.jnetpcap.protocol.tcpip.Http.Request;
import org.jnetpcap.protocol.tcpip.Http.Response;
/**
* @author Mark Bednarczyk
* @author Sly Technologies, Inc.
*/
public class TestWebImage
extends
TestUtils {
public static void main(String[] args) {
new TestWebImage().test1();
}
public void test1() {
/*
* This is part of our SWING application. It takes a list of images and
* labels and puts them up in 2 different areas of a panel using BoxLayout.
* When you click on any item in the list, it changes the image.
*/
final ListOfPanels swingDisplay = new ListOfPanels();
/*
* Now display our SWING application with images already in it. Remember
* these images were reconstructed from packets within the capture file.
*/
swingDisplay.init();
javax.swing.SwingUtilities.invokeLater(new Runnable() {
public void run() {
TestUtils.displayInFrame(swingDisplay);
}
});
/*
* Step 1 - add our Http handler to HttpAnalyzer. Get HttpAnalyzer from
* registry, it should already be registered.
*/
HttpAnalyzer httpAnalyzer = JRegistry.getAnalyzer(HttpAnalyzer.class);
httpAnalyzer.add(new HttpHandler() {
private WebImage web = new WebImage();
/*
* Step 2 - our handler routine.
*/
public void processHttp(Http http) {
if (http.getMessageType() != Http.MessageType.RESPONSE) {
return;
}
JPacket packet = http.getPacket(); // Packet this http belongs to
final long frame = packet.getFrameNumber();
final String cmd = http.fieldValue(Request.RequestMethod);
final String code = http.fieldValue(Response.ResponseCode);
final String ct = http.fieldValue(Response.Content_Type);
String cl = http.fieldValue(Response.Content_Length);
final int payload = http.getPayloadLength();
if ((code != null && code.equals("200") == false)) {
return; // Skip error messages
}
if (cl == null) {
cl = Integer.toString(payload);
}
/*
* Responses always have a content type, since we are looking for
* specific content that has been predefined, we can use enum constants.
* We're not interested in anything else, otherwise we'd have to use
* http.contentType() method which returns a string.
*/
ContentType type = http.contentTypeEnum();
switch (type) {
case GIF:
case PNG:
case JPEG:
/*
* WebImage header has been integrated as a core protocol.
*/
WebImage image = packet.getHeader(web);
Image img = image.getAWTImage();
/*
* Now add image to our SWING application. Label it with content
* type for now.
*/
String label = "#" + frame + " " + ct + " " + cl + " bytes";
swingDisplay.add(img, label);
break;
}
}
});
/*
* TestUtils.openLive is a short cut method used by many jUnit tests during
* testing, there others such as openOffline.
*/
openLive(JRegistry.getAnalyzer(JController.class));
}
}
You may be wondering about the new header type WebImage. Its a normal JHeader that is bound to Http("image/*"). It does provide a couple of interesting methods: getImageProducer():ImageProducer and getAWTImage():Image which can be used with any part of AWT/Swing.
The handler above, receives http headers, after they have been reassembled. The image shown in the screen capture is scaled down (the GUI application scales the images down to panel size if they are too big to fit). That particular image is well over 200KB in size and is reassembled from over 100 packets.
I am very pleased, as this is a major milestone in the development of the very complex protocol analysis framework.
»
- Mark B.'s blog
- Login or register to post comments
Printer-friendly
Send via Email
PDF Convert
Boy I'm having lots of fun capturing images directly from http traffic. I've been capturing images from live network capture and displaying them. It works great. Especially when you go to a busy site with lots of images.
You can browse the list of images captured. Some are even surprising how the webpage is composed. Also captures other stuff like javascripts and SWF objects. It would be easy to add a viewer for flash (3rd party library) to view those as well. Even animated gifs are animating. Pretty fun stuff.
And all with this simple handler:
httpAnalyzer.add(new HttpHandler() { private WebImage web = new WebImage(); /* * Step 2 - our handler routine. */ public void processHttp(Http http) { if (http.getMessageType() != Http.MessageType.RESPONSE) { return; } JPacket packet = http.getPacket(); // Packet this http belongs to final long frame = packet.getFrameNumber(); final String cmd = http.fieldValue(Request.RequestMethod); final String code = http.fieldValue(Response.ResponseCode); final String ct = http.fieldValue(Response.Content_Type); String cl = http.fieldValue(Response.Content_Length); final int payload = http.getPayloadLength(); if ((code != null && code.equals("200") == false)) { return; // Skip error messages } if (cl == null) { cl = Integer.toString(payload); } /* * Responses always have a content type, since we are looking for * specific content that has been predefined, we can use enum constants. * We're not interested in anything else, otherwise we'd have to use * http.contentType() method which returns a string. */ ContentType type = http.contentTypeEnum(); switch (type) { case GIF: case PNG: case JPEG: /* * WebImage header has been integrated as a core protocol. */ WebImage image = packet.getHeader(web); Image img = image.getAWTImage(); /* * Now add image to our SWING application. Label it with content * type for now. */ String label = "#" + frame + " " + ct + " " + cl + " bytes"; swingDisplay.add(img, label); break; } } });Checked in all the updates and code. For those of you building from source, you should be able to run this swing application. The program (TestWebImage) is under "org.jnetpcap.protocol.tcpip" package in the "tests/java1.5" source tree, not the "src/java1.5". The new WebImage header has already been integrated as a CORE protocol so you don't have to do anything.
Run it just like any other jNetPcap based app. Its not a jUnit test case so just run it out of its "main" method. You may have to tweak which live network interface you want it to open. It defaults to PcapIf at index 0 as returned from findAllDevs. That should be trivial to do though. Actually would a good enhancement to allow one to pick the interface through swing gui.
Hi, Mark,
I'm a newbie here. Can you please tell me what I need exactly to do in order to get the program working? Where can I get jNetPcap 1.2rc6, and where can I read more about "building from source" -- recompiling using ant, etc.? Currently I'm using jNetPcap 1.2rc5, and, of course, WebImage is not recognized there. Thanks, lxgreen
I'm moving things around right now, preparing the for the split I have announced. But you should be able to build from the trunk. I've been slowly writing a little bit of documentation on how to build from source here:
http://jnetpcap.com/node/216
This is a work in progress, and is really still unpublished, that's why there are no direct links, but you can take a look.
Keep in mind that the base source distribution has 3 source directories (starting from the root) once you check it out from SVN. There is the src/java1.5, tests/java1.5 and examples/java. I typically include both as source directories in my Eclipse's buildpath (actually all 3 directories). WebImage has already been moved from the initial tests area over to src/java1.5 source directory, the swing application is under tests/java1.5. All the GUI stuff is in the TestUtils class also found under tests/java1.5.
The rc6 release (per my announcement) is renamed and will be released as a Dev Snapshot jnetpcap-1.3.b0001-milestone1
Thank you, Mark.
I just did the build snapshot jnetpcap-1.3.b0001-milestone1 for win32 systems. You can download it here:
https://sourceforge.net/project/showfiles.php?group_id=164277&package_id...
Dear Mark,
you've just "saved my life" by publishing jnetpcap-1.3.b0001-milestone1!
I'm working on college project based on jNetPcap, and the Deadline is Monday. Actually, it was almost complete, except image reassembly part. But now, I've done.
Thank you very much for sharing knowledge, and OpenSource rules! Best regards, lxgreen.
>
> I'm working on college project based on jNetPcap, and the Deadline is Monday. Actually, it was almost complete, except image reassembly part. But now, I've done.
>
That is good news. I'm glad it worked out