API

Dumping without having a Pcap open

Hey there ,

if have the following code implemented in my project :

public void dump(String dummy , String filename , PcapPacketArrayList packets){

StringBuilder errbuf = new StringBuilder();
Pcap pcap = Pcap.openOffline(dummy,errbuf);

PcapDumper dump = pcap.dumpOpen(filename);

PcapPacketHandler dumper = new PcapPacketHandler(){

public void nextPacket(PcapPacket packet, PcapDumper user) {

for(int ctr = 0; ctr < packets.size(); ctr++){
user.dump(packets.get(ctr).getCaptureHeader(), packets.get(ctr));
}
}
};

pcap.loop(1, dumper , dump);
pcap.close();
dump.close();

}

What it does : it takes some parameters (like a list with packets and a dummy pcap filename) opens the dummy with openoffline , opens a dump on that pcap , and in the handler just iterates through the list , adding all packets to the dump to create a new pcapfile .

My question is : is there another way than to use a dummy pcap file, like using just a dumper to straight add the packets out of a list ? i couldnt come up with another idea on how to conveniently write a new pcap file out of stored packets , maybe you can give me a hint ?

Fyi : the dummy file consists of just one random packet i picked up with wireshark , just to be able to get into a "next packet" handler

Ethical Hacking.

... i am trying to use jNetPcap for a spoofed SSH Dictionary hacks & more.

thanks.

> [ details: http://paco-knife-tarot.blogspot.com/2015/12/dictionary-ssh-hack.html ];

my best hacking trick so far is an a uncoordinated (yet) attack on 2 ports: SSH & HTTP.

> [ details: http://paco-knife-tarot.blogspot.com/2016/02/danger-level-confirmed-hack... ].

Performance -- Offline PCAP file reading

I want to know, if any performance test has been done for this API? And if yes, what are the results

I am looking for an API that can:
1. Parse 1 million packets per second
2. On each packet
a. Parse GTP-C, and GTP-U headers
b. Parse TCP headers
c. Parse WebSession (HTTP, HTTPs)

Want to know, if that is possible using this API or not?

Can we attempt parallel reads (Multi Threaded)? Any Limits?

I just need to know amount/size of traffic, what are optimal settings for least impact on the liunx box?

Hi, nice project, thank you.

I'm tacking amount of network traffic on linux box ubuntu 15.10 w/ your v1.4.
I accumulate like this using your sample code:
ByteBufferHandler handler = new ByteBufferHandler() {
public void nextPacket(PcapHeader header, ByteBuffer arg, Object usr) {
byteRate.delta(header.wirelen()); // in bytes

My question is what are optimal settings for low impact on linux and network. Here I'm using your sample code:
Pcap pcap = Pcap.openLive(dev_name, 128, Pcap.MODE_NON_PROMISCUOUS, 500, errbuf);
PcapBpfProgram prg = new PcapBpfProgram();
if (pcap.compile(prg, "len < 65535", 0, Innocent == Pcap.ERROR) {

Is 128 a good buffer?
Is "len < 65535" a good filter?
Should it optimize?

I only need amount of traffic per second or 2, and I record that to a local file.
Not sure what are best values, I googled for pcap settings that are optimal and no joy (as I'm Java developer).
Cheers,
Vic
apakau.com

openOffline Method to access from Android Internal Storage

Hi everyone,

I am using JnetPcap library to extract the packets from a Mobile Wireshark application required for Android project analysis. I have to capture the IP address from the pcap file and display the same on the Google Maps.

I am facing an issue reading the Internal Storage of the Android phone using the openOffline method... Can this method be used for Android Internal Storage File Directory ?? The same code is working if the directory path is specified in Windows OS running on a PC....

Any inputs would be highly appreciated...

Please find below the code for the same.

package appprofiler.appprofilerv1;

/**
* Created by soory_000 on 11/30/2015.
*/

import android.os.Environment;

import java.io.File;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.jnetpcap.Pcap;
import org.jnetpcap.nio.JMemory;
import org.jnetpcap.packet.JFlow;
import org.jnetpcap.packet.JFlowKey;
import org.jnetpcap.packet.JFlowMap;
import org.jnetpcap.packet.JPacket;
import org.jnetpcap.packet.JPacketHandler;
import org.jnetpcap.packet.JScanner;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.protocol.network.Ip4;
import org.jnetpcap.protocol.tcpip.Http;
import org.jnetpcap.protocol.tcpip.Tcp;

public class IPExtract {
final static List ipaddress = new ArrayList();
private static String FILENAME;

public IPExtract(String Filename) {
this.FILENAME = Filename;
}

public static void main(String[] args) {
final StringBuilder errbuf = new StringBuilder();
final Pcap pcap = Pcap.openOffline(FILENAME, errbuf); // While trying to debug I am getting a Library error
if (pcap == null) {
System.err.println(errbuf);
return;
}

Syndicate content