Hi mark, I get a packet from a different source than jnetpcap.
I want to create a PcapPacket from my packet that comes from different source.
I have required informations for setting the pcap packet.
If possible how can I do ?
You have to create a JMemoryPacket.
All you need to specify is the ID of the first header in the packet and the new packet will be scanned for you.
I have a method look like this:
public PcapPacket createPacket( int sourceIP,int sourcePort,
int destinationIP , int destinationPort ,
byte [] payload )
{
// What should I write here ?
}
I read the documents that you offered me but I could not do that.
Thanks for your help.
What I would suggest from the API perspective is that you start out with another packet as a template, then modify the necessary fields within various headers.
Here is a template packet (I took from one of the capture files, can use wireshark for this task) and modified a few fields, so that you can see how it can be done. You could also poke the values in directly into the hexdump string as well:
/* Template packet data */
JPacket packet =
new JMemoryPacket(JProtocol.ETHERNET_ID,
" 001801bf 6adc0025 4bb7afec 08004500 " +
" 0041a983 40004006 d69ac0a8 00342f8c " +
" ca30c3ef 008f2e80 11f52ea8 4b578018 " +
" ffffa6ea 00000101 080a152e ef03002a " +
" 2c943538 322e3430 204e4f4f 500d0a");
/* Our working headers we want to use to modify packet headers */
Ip4 ip = packet.getHeader(new Ip4());
Tcp tcp = packet.getHeader(new Tcp());
tcp.destination(80); // Change dst port to 80
/* Recalculate header checksums */
ip.checksum(ip.calculateChecksum());
tcp.checksum(tcp.calculateChecksum());
/* Rescan packet for any structural changes */
packet.scan(Ethernet.ID);
System.out.println(packet);
And this is what I get for output:
Frame: Frame: number = 2 Frame: timestamp = 2010-08-23 10:39:23.803 Frame: wire length = 79 bytes Frame: captured length = 79 bytes Frame: Eth: ******* Ethernet - "Ethernet" - offset=0 (0x0) length=14 Eth: Eth: destination = 0:18:1:bf:6a:dc Eth: .... ..0. .... .... = [0] LG bit Eth: .... ...0 .... .... = [0] IG bit Eth: source = 0:25:4b:b7:af:ec Eth: .... ..0. .... .... = [0] LG bit Eth: .... ...0 .... .... = [0] IG bit Eth: type = 0x800 (2048) [ip version 4] Eth: Ip: ******* Ip4 - "ip version 4" - offset=14 (0xE) length=20 protocol suite=NETWORK Ip: Ip: version = 4 Ip: hlen = 5 [5 * 4 = 20 bytes, No Ip Options] Ip: diffserv = 0x0 (0) Ip: 0000 00.. = [0] code point: not set Ip: .... ..0. = [0] ECN bit: not set Ip: .... ...0 = [0] ECE bit: not set Ip: length = 65 Ip: id = 0xA983 (43395) Ip: flags = 0x2 (2) Ip: 0.. = [0] reserved Ip: .1. = [1] DF: do not fragment: set Ip: ..0 = [0] MF: more fragments: not set Ip: offset = 0 Ip: ttl = 64 [time to live] Ip: type = 6 [next: Transmission Control] Ip: checksum = 0xD69A (54938) [correct] Ip: source = 192.168.0.52 Ip: destination = 47.140.202.48 Ip: Tcp: ******* Tcp offset=34 (0x22) length=32 Tcp: Tcp: source = 50159 Tcp: destination = 80 Tcp: seq = 0x2E8011F5 (780145141) Tcp: ack = 0x2EA84B57 (782781271) Tcp: hlen = 8 Tcp: reserved = 0 Tcp: flags = 0x18 (24) Tcp: 0... .... = [0] cwr: reduced (cwr) Tcp: .0.. .... = [0] ece: ECN echo flag Tcp: ..0. .... = [0] ack: urgent, out-of-band data Tcp: ...1 .... = [1] ack: acknowledgment Tcp: .... 1... = [1] ack: push current segment of data Tcp: .... .0.. = [0] ack: reset connection Tcp: .... ..0. = [0] ack: synchronize connection, startup Tcp: .... ...0 = [0] fin: closing down connection Tcp: window = 65535 Tcp: checksum = 0xA729 (42793) [correct] Tcp: urgent = 0 Tcp: Data: ******* Payload offset=66 (0x42) length=13 Data: 0042: 35 38 32 2e 34 30 20 4e 4f 4f 50 0d 0a 582.40 NOOP..
Hope that helps.
Thanks Mark. It is working.
I have a more question.
I associated protocols ( tcp,ip )
so How I will associate payload with this jpacket ?
There is no association between payload and tcp. You simply make the packet buffer a bit bigger and copy the payload right after the end of the last header into it. You can use transferTo methods to copy data around or using JBuffer write methods.
Hi mark I wrote this;
public static JPacket createPacket( int sourceIP , int sourcePort ,
int destIP , int destPort , byte [] payload )
{
JPacket packet = new JMemoryPacket( JProtocol.ETHERNET_ID ,
" 001801bf 6adc0025 4bb7afec 08004500 " +
" 0041a983 40004006 d69ac0a8 00342f8c " +
" ca30c3ef 008f2e80 11f52ea8 4b578018 " +
" ffffa6ea 00000101 080a152e ef03002a " +
" 2c943538 322e3430 204e4f4f 500d0a");
Ip4 ip = packet.getHeader(new Ip4());
Tcp tcp = packet.getHeader(new Tcp());
tcp.source( sourcePort );
tcp.destination(destPort);
int payloadStartOffset = tcp.getGapOffset();
ByteBuffer buf = ByteBuffer.allocate( payloadStartOffset + payload.length );
byte [] bytes = buf.array();
for( int i = payloadStartOffset ; i < payloadStartOffset + payload.length; ++i )
bytes[ i ] = payload[ i - payloadStartOffset ];
packet.transferFrom(bytes);
return packet;
}
It is working. But I wonder that there is something wrong ?
Maybe this needs your magic touch 
You are overriding your headers with payload. You need to transfer at an offset and put your data behind the headers. For that your packet buffer is too small. The constructor allocates memory but only for the size of the data in the hexdump string. You are on the right track with the ByteBuffer, but you need to copy the headers into the buffer first:
byte[] headers = org.jnetpcap.packet.format.FormatUtils.toByteArray(
" 001801bf 6adc0025 4bb7afec 08004500 " +
" 0041a983 40004006 d69ac0a8 00342f8c " +
" ca30c3ef 008f2e80 11f52ea8 4b578018 " +
" ffffa6ea 00000101 080a152e ef03002a " +
" 2c943538 322e3430 204e4f4f 500d0a");
byte[] buffer = new byte[payload.length + headers.length];
System.arraycopy(headers, 0, buffer, 0, headers.length);
System.arraycopy(payload, 0, buffer, headers.length, payload.length);
JPacket packet = new JMemoryPacket( JProtocol.ETHERNET_ID, buffer);
That should create a packet for you. You can also do same thing with ByteBuffers and JBuffer objects.
When I wanted the payload using tcp it returns me nothing.
Tcp tcp = packet.getHeader( new Tcp());
byte [] payload = tcp.getPayload();
System.out.println( new String( payload ) );
it prints : 582.40 NOOP
but I also added something else to packet.
what is the problem ?
Look at the debug info to see what the scanner thinks the headers are:
System.out.println(packet.toDebugString());
// Also make sure the hexdump looks OK compared to the original headers
System.out.println(packet.toHexdump());