Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Jnetpcap, preparing UDP/TCP/IP/ICMP packet

Tags:

java

jnetpcap

Recently, I'm using Jnetpcap to send/receive raw packet over network.

Jnetpcap provides sending packets by Pcap.sendPacket(). This method gets raw buffer or bytes to send.

On the other hand, there is org.jnetpcap.protocol.* classes which wraps protocol headers, and we can use them to decode captured packets.

When I use below code to make a Ip4 packet, It causes NullPointerException:

import org.jnetpcap.protocol.network.Ip4;

public class Test {

    public static void main(String[] args) {

        Ip4 ip4 = new Ip4();

        ip4.ttl(10);

    }
}

Error:

Exception in thread "main" java.lang.NullPointerException
    at org.jnetpcap.nio.JBuffer.check(Unknown Source)
    at org.jnetpcap.nio.JBuffer.setUByte(Unknown Source)
    at org.jnetpcap.protocol.network.Ip4.ttl(Unknown Source)
    at jaeger.Test.main(Test.java:17)

How can I build that packet and then send it by Pcap.sendPacket()?

Note: I'm really not interested in preparing packets byte by byte... C/C++ libpcap and Jpcap have working functionality, but I want use Jnetpcap!

like image 258
masoud Avatar asked Nov 15 '11 18:11

masoud


2 Answers

1) The code throws an exception because the wrapper classes only work using previously allocated buffers, due the fact that the primary purpose of the library is to analyze buffers of captured packets. So, it's necessary to allocate a buffer before using them.

2) The packets must be builded supplying all necessary bytes. But code can be written so that only a few bytes are really necessary (see above).

3) sendPacket expects an entire packet, a full Ethernet frame. So, Ethernet, IP, TCP headers and Payload must be written to a buffer.

4) The main idea, to allow you to use wrapper classes, is to allocate a buffer and then left the library scan it to discover headers, but a minimum of information (bytes) must be provided.

JMemoryPacket packet = new JMemoryPacket(packetSize);
packet.order(ByteOrder.BIG_ENDIAN); 

Ethernet frame needs a protocol type (0x0800) at position 12:

packet.setUShort(12, 0x0800);
packet.scan(JProtocol.ETHERNET_ID); 

After scan, an Ethernet instance can be retrieved and setters used:

Ethernet ethernet = packet.getHeader( new Ethernet() );  
ethernet.destination(...);
...

IP4 header needs version (0x04) and size (0x05) at position 14:

packet.setUByte(14, 0x40 | 0x05);
packet.scan(JProtocol.ETHERNET_ID);  

Ip4 ip4 = packet.getHeader( new Ip4() );
ip4.type(0x06); //TCP
ip4.length( packetSize - ethernet.size() );
ip4.ttl(...);  
...

TCP header needs size (0x50):

packet.setUByte(46, 0x50);
packet.scan(JProtocol.ETHERNET_ID);  

Tcp tcp = packet.getHeader( new Tcp() );  
tcp.seq(...); 
...

So, Payload:

Payload payload = packet.getHeader( new Payload() );
payload.set...(...);
...

And finally:

pcap.sendPacket( ByteBuffer.wrap( packet.getByteArray(0, packet.size() )  );

5) All necessary bytes can be written at one time to avoid so many calls to the scan method.

like image 58
Juan Mellado Avatar answered Nov 12 '22 18:11

Juan Mellado


Are you facing a problem of how to write subheders on jNetPcap? Yes, the JNetPcap takes in bytes for sending, but the content can be filled with subheaders with that help I gave. If you then want to send some data inside the packet, many Java types have a toBytes() function or similar.

edit:
API of that specific Icmp class is here. Similarly can be done to the other classes on the given link. Just open Google and give "Icmp class reference jnetpcap" or whatever for other header types.

edit2:
Easier way to create an ICMP packet is through ICMPPacket class which has a simple constructor for ICMP packet where the headers are created in a single Constructor call. According to the class reference it makes the following:

Extends an IP packet, adding an ICMP header and ICMP data payload.

like image 1
mico Avatar answered Nov 12 '22 18:11

mico