Protocol Analysis

Bandwith use speed

Good morning, my name is juan carlos, I'm doing my thesis in college and am using jnetpcap, not much jnetpcap so I ask comprencion take weeks looking for a concrete example, and reading about the examples and documentation, I am using JAVA with JNetpCap, I've read the documentation of jnetpcap but not understand much, I'm not very good with networking, but database if it makes me easier, the big problem I have to solve this day is that I find how to calculate the internet speed that I am using in my open device, the formula for calculating the speed I'm using is:

(totalSize / 1024) / totalTime

I have based this on an example of the documentation but I need to calculate the speed I'm using my broadband, my actual code is:

package org.jnetpcap.examples;  
import java.util.ArrayList;  
import java.util.Date;  
import java.util.List;  
  
import org.jnetpcap.Pcap;  
import org.jnetpcap.PcapIf;  
import org.jnetpcap.packet.PcapPacket;  
import org.jnetpcap.packet.PcapPacketHandler;  
  
public class PcapDumperExample {  
  
    public static void main(String[] args) {  
        List alldevs = new ArrayList(); // Will be filled with NICs  
        StringBuilder errbuf = new StringBuilder(); // For any error msgs  
        int r = Pcap.findAllDevs(alldevs, errbuf);  
        if (r == Pcap.NOT_OK || alldevs.isEmpty()) {  
            System.err.printf("Can't read list of devices, error is %s", errbuf  
                .toString());  
            return;  
        }  
  
        System.out.println("Network devices found:");  
  
        int i = 0;  
        for (PcapIf device : alldevs) {  
            String description =  
                (device.getDescription() != null) ? device.getDescription()  
                    : "No description available";  
            System.out.printf("#%d: %s [%s]\n", i++, device.getName(), description);  
        }  
  
        PcapIf device = alldevs.get(0); // We know we have atleast 1 device  

TCP Reassembly using 1.3 JnetPcap library

Hello,

I am using jnetpcap 1.3 version.

Can anybody suggest how to reassemble these TCP packets using Jnetpcap (1.3)?

I had a look at the examples but couldn't get them working. Examples I found with version 12. but it seems to be depreceted.

I am still trying with TcpReassembler.

I will try to brief my requirement and if anybody have any suggestions more welcome.

1). Read pcap packets.
2). Save to data store.
3). Retrieve packets from datastore and reassemble.

Thanks in advance.

Load without java.awt.Image References

I am working on applying jnetpcap to an existing application that uses jPCAP. jnetpcap provides a more robust and intuitively obvious interface and, very importantly, is supported. I am currently running it against the Oracle Java 7 SE Embedded for Linux (headless) and it runs fine. However, I tried to run it against the compact3 version of Java 8 SE Embedded for Linux (also headless) and it fails with JRegistry trying to parse a built-in protocol (probably HTTP) due to no java.awt.Image class available. The reason for wanting to go to Java 8 is due to the size reduction from 31 meg to 21 meg for the runtime (could be smaller but I need some features in the compact3 profile).

Is there a way to prevent JRegistry from trying to load HTTP (or whichever protocol is using the java.awt classes)? If not, how would I go about reducing the included classes so the classes using the java.awt classes are not loaded?

Thank you for a great product. I like the reduced footprint (both memory and CPU) of jnetpcap and the ability to logically define a protocol using annotations (the protocol I am decoding is in UDP packets and is complex with many subheaders and can include an encapsulated Ethernet packet which I also have working). I am decoding for database functionality so no GUI is involved or desired.

Thanks in advance.

Pete

Dns protocol header

Hi, i'm trying to write header definition for Dns. I'm following user guide and explanation provided there. I wanted to write something minimal, i.e. instead of implementing all @Fields that DNS have, implement only one. For example code looks like:

@Header(length=12)
public class Dns extends JHeader {

static{
try {
JRegistry.register(Dns.class);
} catch (Exception e) {
e.printStackTrace();
}
}

@Field(offset=0, length=12*8)
public byte[] id(){
return super.getByteArray(0, 12);
}

}

But, it looks like Dns header isn't recognized when i try to do offline pcap parsing that has DNS packets inside.

Do i need to provide full blown DNS implementation or this example should work?

----------------------------------------------------------------------------------------------
More information, i also add @Bind to UDP like this(at least this is what i understand i need to do looking at examples):

@Bind(to=Udp.class)
public static boolean bindToUdp(JPacket packet, Udp udp){
return true;//just to make as simple as possible
}

JRegistry.toDebugString() print the following(which i guess means that protocol is registered fine):
scanner[5 ] class=Udp id= 5, loaded=false direct=true , scan=false bindings=1 [Dns]
scanner[64] class=Dns id=64, loaded=true direct=false, scan=false bindings=0 [] //do i need to have [Udp]? I think i saw in example of MyHeader something like that.

When i reach the DNS packet in the handler
----------------
Eth2|IP4|UDP|DNS
----------------
packet.getState().toDebugString() prints the following:

JMemory: JMemory@437706class org.jnetpcap.packet.JPacket$State: size=304 bytes
JMemory: owner=PcapHeader.class(size=16/offset=86)
JPacket.State#002: sizeof(packet_state_t)=184
JPacket.State#002: sizeof(header_t)=40 and *3=120
JPacket.State#002: pkt_header_map[0]=0x0000000000000026
JPacket.State#002: pkt_header_map[1]=0x0000000000000000
JPacket.State#002: pkt_header_map[2]=0x0000000000000000

How do I find out the kind of hardware that communicating with the network?

I am starting my experience with JnetPcap and need to create a network scanner. Until then, all right. However, I need to select packages from mobile devices, dropping packets that come from a Desktop.

Question:
How do I find out the kind of hardware that communicating with the network?

I appreciate the help.

Syndicate content