Creating PcapPacket

9 replies [Last post]
emin
Offline
Joined: 06/18/2010

Hi mark, I get a packet from a different source than jnetpcap.

I want to create a PcapPacket from my packet that comes from different source.

I have required informations for setting the pcap packet.

If possible how can I do ?

Mark Bednarczyk
Offline
Joined: 03/22/2008
You have to create a

You have to create a JMemoryPacket.

All you need to specify is the ID of the first header in the packet and the new packet will be scanned for you.

Sly Technologies, Inc.
Main website: http://slytechs.com
Customer portal: http://support.slytechs.com

Come see Sly Technologies at
Ethernet Technology Summit in Santa Clara, Ca
Booth #309 April 29 - May 1, 2014

emin
Offline
Joined: 06/18/2010
I have a method look like

I have a method look like this:


public PcapPacket createPacket( int sourceIP,int sourcePort,
int destinationIP , int destinationPort ,
byte [] payload )
{

// What should I write here ?

}

I read the documents that you offered me but I could not do that.
Thanks for your help.

Mark Bednarczyk
Offline
Joined: 03/22/2008
What I would suggest

What I would suggest from the API perspective is that you start out with another packet as a template, then modify the necessary fields within various headers.

Here is a template packet (I took from one of the capture files, can use wireshark for this task) and modified a few fields, so that you can see how it can be done. You could also poke the values in directly into the hexdump string as well:

                /* Template packet data */
		JPacket packet =
		    new JMemoryPacket(JProtocol.ETHERNET_ID,
		        " 001801bf 6adc0025 4bb7afec 08004500 " +
		        " 0041a983 40004006 d69ac0a8 00342f8c " +
		        " ca30c3ef 008f2e80 11f52ea8 4b578018 " +
		        " ffffa6ea 00000101 080a152e ef03002a " +
		        " 2c943538 322e3430 204e4f4f 500d0a");

                /* Our working headers we want to use to modify packet headers */
		Ip4 ip = packet.getHeader(new Ip4());
		Tcp tcp = packet.getHeader(new Tcp());
		
		tcp.destination(80); // Change dst port to 80

                /* Recalculate header checksums */
		ip.checksum(ip.calculateChecksum());
		tcp.checksum(tcp.calculateChecksum());

                /* Rescan packet for any structural changes */
		packet.scan(Ethernet.ID);
		
		System.out.println(packet);

And this is what I get for output:

Frame:
Frame:          number = 2
Frame:       timestamp = 2010-08-23 10:39:23.803
Frame:     wire length = 79 bytes
Frame: captured length = 79 bytes
Frame:
Eth:  ******* Ethernet - "Ethernet" - offset=0 (0x0) length=14 
Eth: 
Eth:      destination = 0:18:1:bf:6a:dc
Eth:                    .... ..0. .... .... = [0] LG bit
Eth:                    .... ...0 .... .... = [0] IG bit
Eth:           source = 0:25:4b:b7:af:ec
Eth:                    .... ..0. .... .... = [0] LG bit
Eth:                    .... ...0 .... .... = [0] IG bit
Eth:             type = 0x800 (2048) [ip version 4]
Eth: 
Ip:  ******* Ip4 - "ip version 4" - offset=14 (0xE) length=20 protocol suite=NETWORK
Ip: 
Ip:          version = 4
Ip:             hlen = 5 [5 * 4 = 20 bytes, No Ip Options]
Ip:         diffserv = 0x0 (0)
Ip:                    0000 00.. = [0] code point: not set
Ip:                    .... ..0. = [0] ECN bit: not set
Ip:                    .... ...0 = [0] ECE bit: not set
Ip:           length = 65
Ip:               id = 0xA983 (43395)
Ip:            flags = 0x2 (2)
Ip:                    0.. = [0] reserved
Ip:                    .1. = [1] DF: do not fragment: set
Ip:                    ..0 = [0] MF: more fragments: not set
Ip:           offset = 0
Ip:              ttl = 64 [time to live]
Ip:             type = 6 [next: Transmission Control]
Ip:         checksum = 0xD69A (54938) [correct]
Ip:           source = 192.168.0.52
Ip:      destination = 47.140.202.48
Ip: 
Tcp:  ******* Tcp offset=34 (0x22) length=32 
Tcp: 
Tcp:           source = 50159
Tcp:      destination = 80
Tcp:              seq = 0x2E8011F5 (780145141)
Tcp:              ack = 0x2EA84B57 (782781271)
Tcp:             hlen = 8
Tcp:         reserved = 0
Tcp:            flags = 0x18 (24)
Tcp:                    0... .... = [0] cwr: reduced (cwr)
Tcp:                    .0.. .... = [0] ece: ECN echo flag
Tcp:                    ..0. .... = [0] ack: urgent, out-of-band data
Tcp:                    ...1 .... = [1] ack: acknowledgment
Tcp:                    .... 1... = [1] ack: push current segment of data
Tcp:                    .... .0.. = [0] ack: reset connection
Tcp:                    .... ..0. = [0] ack: synchronize connection, startup
Tcp:                    .... ...0 = [0] fin: closing down connection
Tcp:           window = 65535
Tcp:         checksum = 0xA729 (42793) [correct]
Tcp:           urgent = 0
Tcp: 
Data:  ******* Payload offset=66 (0x42) length=13 
Data: 
0042: 35 38 32 2e  34 30 20 4e  4f 4f 50 0d  0a             582.40 NOOP..   

Hope that helps.

Sly Technologies, Inc.
Main website: http://slytechs.com
Customer portal: http://support.slytechs.com

Come see Sly Technologies at
Ethernet Technology Summit in Santa Clara, Ca
Booth #309 April 29 - May 1, 2014

emin
Offline
Joined: 06/18/2010
Thanks Mark. It is

Thanks Mark. It is working.
I have a more question.
I associated protocols ( tcp,ip )
so How I will associate payload with this jpacket ?

Mark Bednarczyk
Offline
Joined: 03/22/2008
There is no association

There is no association between payload and tcp. You simply make the packet buffer a bit bigger and copy the payload right after the end of the last header into it. You can use transferTo methods to copy data around or using JBuffer write methods.

Sly Technologies, Inc.
Main website: http://slytechs.com
Customer portal: http://support.slytechs.com

Come see Sly Technologies at
Ethernet Technology Summit in Santa Clara, Ca
Booth #309 April 29 - May 1, 2014

emin
Offline
Joined: 06/18/2010
Hi mark I wrote

Hi mark I wrote this;


public static JPacket createPacket( int sourceIP , int sourcePort ,
                                   int destIP , int destPort , byte [] payload )
{

     JPacket packet = new JMemoryPacket( JProtocol.ETHERNET_ID ,
             " 001801bf 6adc0025 4bb7afec 08004500 " +
             " 0041a983 40004006 d69ac0a8 00342f8c " +
             " ca30c3ef 008f2e80 11f52ea8 4b578018 " +
             " ffffa6ea 00000101 080a152e ef03002a " +
             " 2c943538 322e3430 204e4f4f 500d0a");



     Ip4 ip = packet.getHeader(new Ip4());
     Tcp tcp = packet.getHeader(new Tcp());
     tcp.source( sourcePort );
     tcp.destination(destPort);

     int payloadStartOffset = tcp.getGapOffset();


     ByteBuffer buf = ByteBuffer.allocate( payloadStartOffset + payload.length );

     byte [] bytes = buf.array();

     for( int i = payloadStartOffset ; i < payloadStartOffset + payload.length; ++i )
          bytes[ i ] = payload[ i - payloadStartOffset ];

     packet.transferFrom(bytes);

     return packet;

}


It is working. But I wonder that there is something wrong ?
Maybe this needs your magic touch Smile

Mark Bednarczyk
Offline
Joined: 03/22/2008
You are overriding your

You are overriding your headers with payload. You need to transfer at an offset and put your data behind the headers. For that your packet buffer is too small. The constructor allocates memory but only for the size of the data in the hexdump string. You are on the right track with the ByteBuffer, but you need to copy the headers into the buffer first:

byte[] headers = org.jnetpcap.packet.format.FormatUtils.toByteArray(
             " 001801bf 6adc0025 4bb7afec 08004500 " +
             " 0041a983 40004006 d69ac0a8 00342f8c " +
             " ca30c3ef 008f2e80 11f52ea8 4b578018 " +
             " ffffa6ea 00000101 080a152e ef03002a " +
             " 2c943538 322e3430 204e4f4f 500d0a");
byte[] buffer = new byte[payload.length + headers.length];
System.arraycopy(headers, 0, buffer, 0, headers.length);
System.arraycopy(payload, 0, buffer, headers.length, payload.length);

JPacket packet = new JMemoryPacket( JProtocol.ETHERNET_ID, buffer);

That should create a packet for you. You can also do same thing with ByteBuffers and JBuffer objects.

Sly Technologies, Inc.
Main website: http://slytechs.com
Customer portal: http://support.slytechs.com

Come see Sly Technologies at
Ethernet Technology Summit in Santa Clara, Ca
Booth #309 April 29 - May 1, 2014

emin
Offline
Joined: 06/18/2010
When I wanted the payload

When I wanted the payload using tcp it returns me nothing.

Tcp tcp = packet.getHeader( new Tcp());

byte [] payload = tcp.getPayload();

System.out.println( new String( payload ) );

it prints : 582.40 NOOP
but I also added something else to packet.

what is the problem ?

Mark Bednarczyk
Offline
Joined: 03/22/2008
Look at the debug info to

Look at the debug info to see what the scanner thinks the headers are:


System.out.println(packet.toDebugString());

// Also make sure the hexdump looks OK compared to the original headers

System.out.println(packet.toHexdump());

Sly Technologies, Inc.
Main website: http://slytechs.com
Customer portal: http://support.slytechs.com

Come see Sly Technologies at
Ethernet Technology Summit in Santa Clara, Ca
Booth #309 April 29 - May 1, 2014

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.