Book navigation

Navigation

Home

How to decode jnetstream packets using jnetpcap decoder

Submitted by Mark B. on Wed, 09/02/2009 - 12:55

I was messing around with how we could combine jnetstream with packet decoding capabilities of jnetpcap. Here is a little routine that does exactly that. 

package org.jnetstream.example;

import java.io.File;
import java.io.IOException;
import java.nio.ByteBuffer;

import org.jnetpcap.packet.JMemoryPacket;
import org.jnetpcap.packet.PeeringException;
import org.jnetpcap.protocol.JProtocol;
import org.jnetstream.capture.Captures;
import org.jnetstream.capture.FileFormatException;
import org.jnetstream.capture.FileMode;
import org.jnetstream.capture.file.RecordIndexer;
import org.jnetstream.capture.file.pcap.PcapFile;
import org.jnetstream.capture.file.pcap.PcapRecord;

/**
 * A little test program to see what it would take to use jNetPcap to decode
 * jNetStream read packets. We take a pcap capture file, open it for read-write
 * with memory mapping so that we can peer natively with the underlying data.
 * 
 * @author Mark Bednarczyk
 * @author Sly Technologies, Inc.
 */
public class DecodeUsingJNetPcap {

	/**
	 * Entry point.
	 * 
	 * @param args
	 *          ignored
	 */
	public static void main(String[] args) {

		try {
			PcapFile pcap =
			    Captures.openFile(PcapFile.class, new File("tests/test-l2tp.pcap"),
			        FileMode.ReadWriteWithMap);

			RecordIndexer records = pcap.getRecordIndexer();

			long count = pcap.getPacketCount();

			for (long i = 1; i < count; i++) {

				PcapRecord record = records.get(i);
				ByteBuffer b = record.getRecordBuffer();

				JMemoryPacket packet = new JMemoryPacket(JProtocol.ETHERNET_ID, b);

				System.out.println(packet);
			}

			pcap.close();

		} catch (FileFormatException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		} catch (PeeringException e) {
			e.printStackTrace();
		}
	}
}

This is pretty efficient, as no copies of the data take place. jNetStream memory-maps the capture file (so kernel maps file on harddisk to memory once) and then we directly peer JMemoryPacket object with mmapped memory. Then we run a scan of the packet and dump it out to stdout using jnetpcap's packet formatter.

Notice that I chose to use an Indexer instead of a typical iterator to read the records out of the pcap file. Just a little demonstration of capabilities. Another settle point to notice is that the for loop starts with record 1 not 0. Record 0 is the main file header record. Pcap packet records start with record number 1. jNetStream is very specific about things like that. When you work with packet iterators or indexers they start with packet 0, since you are not dealing with raw records.

This isn't an endorsement of how use these 2 API together. I will be doing some comprehensive work on jnetstream to allow it to utilize jnetpcap's capabilities.

»

Who's online

There are currently 0 users and 13 guests online.

Who's new

  • plaidshirly
  • Ph.Eitt
  • examiner
  • stleary
  • dannyward138