Protocol Analysis

jnetpcap for ip and tcp reassembly

I am trying to reassemble packets sent from a tun interface on linux. The code in IpReassemblyExample.java looks like a good reference for me. For TCP packets do I need to do similar reassembly -could not find the source file. Also, are there any caveats when reassembling packets from tun interface ?

openOffline Method to access from Android Internal Storage

Hi everyone,

I am using JnetPcap library to extract the packets from a Mobile Wireshark application required for Android project analysis. I have to capture the IP address from the pcap file and display the same on the Google Maps.

I am facing an issue reading the Internal Storage of the Android phone using the openOffline method... Can this method be used for Android Internal Storage File Directory ?? The same code is working if the directory path is specified in Windows OS running on a PC....

Any inputs would be highly appreciated...

Please find below the code for the same.

package appprofiler.appprofilerv1;

/**
* Created by soory_000 on 11/30/2015.
*/

import android.os.Environment;

import java.io.File;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.jnetpcap.Pcap;
import org.jnetpcap.nio.JMemory;
import org.jnetpcap.packet.JFlow;
import org.jnetpcap.packet.JFlowKey;
import org.jnetpcap.packet.JFlowMap;
import org.jnetpcap.packet.JPacket;
import org.jnetpcap.packet.JPacketHandler;
import org.jnetpcap.packet.JScanner;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.protocol.network.Ip4;
import org.jnetpcap.protocol.tcpip.Http;
import org.jnetpcap.protocol.tcpip.Tcp;

public class IPExtract {
final static List ipaddress = new ArrayList();
private static String FILENAME;

public IPExtract(String Filename) {
this.FILENAME = Filename;
}

public static void main(String[] args) {
final StringBuilder errbuf = new StringBuilder();
final Pcap pcap = Pcap.openOffline(FILENAME, errbuf); // While trying to debug I am getting a Library error
if (pcap == null) {
System.err.println(errbuf);
return;
}

extract smtp, dns and ftp headers from pcap file

dear all
hello
i have a pcap file and i want to read the smtp,ftp and dns headers in human readable format. for http i ca do it in this way:
if (packet.hasHeader(http)) {
Http h = packet.getHeader(http);
String s = new String(h.getHeader());
System.out.println(s);
}

output is like this:

GET /show.aspx?s=4&u=635202019766428367 HTTP/1.1
Host: ads.goldiran.ir
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1

for other application layer protocols how can i do it??
could anyone please help me?
thanks a lot

Love myself

Let us not forget the fact that they actually started the fight themselves. I never want to make it a habit when it started out so simple. - Green Water Technologies

Stone cold

I have lost all cause of loving. I feel like my heart is stone cold. It doesn't even feel anymore. I am trying to be happy for you but I just can't. - Dennis Wong YOR Health

Syndicate content