Packet Encoding

A packet template API topic. Used for creation of new packets.

Fastest way to analyse packets

I have a question and i hope to find an answer here

I work on a school project to analyse packets and extract some info (ip source, ip destination, port source, port destination...)

i supposed to get max performance (the fastest way to get this info), I know that when a packet is found (by loop methode) it calculate it's state and return a PcapPacket Object containing references on where the packet is in the native memory and its headers

My question is what is the most efficient way :

1 - in the handler, decode the packet and extract the info and send it
2 - in the handler, make a copy of the packet, send it to another thread which will extract the useful info from it
3 - (if this option is possible) in the handler, make a copy of the packet but without calculating its states, then in a different thread, calculate the states and check headers and extract info

i hope i made myself clear and thank you in advance

problem capture PlayLoad field generate BufferUnderflowException

first: sorry my english. I am capture packet of the network between two computers,(I want only playload field of TCP header). actually i use byte []array=packet.getByteArray(0,packet.size()) for extract datas from packet.

UDP Checksum is calculated wrong (JNetPCAP-1.4.r1425-1)

Hi,

I am using JNetPCAP as a traffic generator. I am creating a certain amount of different udp packets and are sending them later onto my firewall. However during the creation of the packets the checksum is either correct or omitted but it should always be correct. I do not know where the error lies. I am posting my method that I use for generating below. The source ip range is from 1.1.1.1 - 9.9.9.9

I use JNETPcap under Linux here is the relevant data:

Distribution: Ubuntu Server 15.04 vivid
uname result: Linux sender 3.19.0-25-generic #26-Ubuntu SMP Fri Jul 24 21:17:31 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
libpcap version: libpcap_1.6.2-2 (got via apt-get libpcap-dev)

public synchronized static JPacket createNormalUDPPacket(int frameLength, byte[] sourceMac, byte[] destinationMac,byte[] sourceAddress, byte[] destinationAddress, int sourcePort, int destinationPort) {

// Header length for UDP is 42
int dataLength = frameLength - 42;
JPacket packet = new JMemoryPacket(frameLength);
packet.order(ByteOrder.BIG_ENDIAN);
packet.setUShort(12, 0x0800);
packet.scan(JProtocol.ETHERNET_ID);
Ethernet ethernet = packet.getHeader(new Ethernet());
ethernet.source(sourceMac);
ethernet.destination(destinationMac);
ethernet.checksum(ethernet.calculateChecksum());


// IP v4 packet
packet.setUByte(14, 0x40 | 0x05);
packet.scan(JProtocol.ETHERNET_ID);
Ip4 ip4 = packet.getHeader(new Ip4());
ip4.type(Ip4.Ip4Type.UDP);
ip4.length(frameLength - ethernet.size());
ip4.source(sourceAddress);
ip4.destination(destinationAddress);
ip4.ttl(32);
ip4.flags(0);
ip4.offset(0);
ip4.checksum(ip4.calculateChecksum());


// UDP packet
packet.scan(JProtocol.ETHERNET_ID);

Udp udp = packet.getHeader(new Udp());
udp.setUShort(0, sourcePort);
udp.setUShort(2, destinationPort);
udp.setUShort(4, frameLength - ethernet.size() - ip4.size());
udp.setUShort(6, udp.calculateChecksum());
packet.setByteArray(42, new byte[dataLength]);
packet.scan(Ethernet.ID);

return packet;
}

Trying to create an ARP packet

Hi
I am trying to create an ARP packet, but it seems I cant set the opcode. Any help will be greatly appreciated.

Editing SIP headers

Hi,

I am using jnetpcap to change headers of SIP messages like;

sip=packet.getHeader(sip);
if(sip.fieldValue(Sip.Request.RequestUrl)!=null) {
ReqURL= sip.fieldValue(Sip.Request.RequestUrl);
sip.addField(Sip.Request.RequestUrl, ReqURL.split("@")[0]+"@"+destnIP, 1);
}

If I print the sip headers I can see my changes but when I print the packet it has still the old headers.
I cannot find any way how to add these changes to packet.
I can change the other protocols like UDP port, MAC address, destination IP etc.

Can you please help me?

thx

Syndicate content