GitHub - atanaspam/pcapj: A library that parses .pcap TCPDump files and generates the corresponding packet objects

atanaspam / pcapj Public

Notifications You must be signed in to change notification settings
Fork 1
Star 2

A library that parses .pcap TCPDump files and generates the corresponding packet objects

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 32 Commits
src/main		src/main
.gitignore		.gitignore
LICENSE.md		LICENSE.md
README		README
pom.xml		pom.xml

Repository files navigation

pcapj README

pcapj is a small java library that generates java object representations for packets
captured using tcpdump and saved to a pcap file. The program can currently obtain:
    * Timestamp
    * Source MAC Address
    * Destination MAC Address
    * Packet Size
    * Source IP Address
    * Destination IP Address
    * Source Port
    * Destination Port
    * Payload Size
    * Sequence Number
    * Acknowledgement Number
    * TCP Flags

In order to build pcapj you just need to navigate to the project directory and invoke mvn package.

HISTORY

R 0.6 - The library can now introduce patterns into the stream (PacketGenerator)
R 0.5 - The library is now thread-safe.
R 0.4 - TCP flags, extended documentation, further layout improvements.
R 0.3 - MAC address capture, SEQ and ACK nums for TCP, overall layout improved.
R 0.2 - Parsing robustness enhancements, packet timestamps.
R 0.1 - Initial release.

FUTURE WORK

Add flexible VLAN support and possibly a field in "IPPacket" that can store the captured VLAN information.
Add IPv6 support.

How to use

You can run the program from the Main class which prints the contents of each packet read.

This example shows how to use pcapj in a multi-threaded environment.

import uk.ac.gla.atanaspam.pcapj.*;

public class PacketParser extends Thread{
    private Thread t;
    private int threadId;
    private PcapParser pcapParser;

    public PacketParser(PcapParser pcapParser, int threadId){
        this.pcapParser = pcapParser;
        this.threadId = threadId;
    }

    public static void main(String[] args) {
        PcapParser pcapParser = new PcapParser();
        if(pcapParser.openFile("/Users/atanaspam/Desktop/DumpFile03.pcap") < 0){
            System.err.println("Failed to open " + args[0] + ", exiting.");
            return;
        }

        Thread[] threads = new Thread[4];
        for(int i=0; i<threads.length; i++){
            threads[i] = new PacketParser(pcapParser, i);
        }
        for(int i=0; i<threads.length; i++){
            threads[i].start();
        }


    }

    @Override
    public void run() {
        long startTime = System.currentTimeMillis();
        BasicPacket packet = pcapParser.getPacket();
        //System.out.println(packet);
        while (packet != BasicPacket.EOF) {
            if (!(packet instanceof IPPacket)) {
                packet = pcapParser.getPacket();
                continue;
            }
            System.out.println(packet);
            packet = pcapParser.getPacket();
        }
        long endTime = System.currentTimeMillis();
        //System.out.println("Execution time: " + (endTime - startTime));
        System.out.println("Thread " + threadId + " exiting after: " + (endTime - startTime));
    }

    public void start ()
    {
        System.out.println("Starting " +  "Thread " + threadId);
        if (t == null)
        {
            t = new Thread (this, String.valueOf(threadId));
            t.start ();
        }
    }

}