Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Parsing pcap taken from wireshark file using - Java

Tags:

java

wireshark

tcpdump

pcap

I am working on converting PCAP file taken from wireshark using JAVA without using native or ready libraries.

i converted the bytes to string directly just for checking the meaningful parts of it.

then i tried to convert it from hexadecimal to string. It was not meaningful.

there is java library jNetPcap which is wrapping all the libpcap library native calls which is written in c.

The following picture is captured the wireless network. so the pcap contains the same information: Source ip, destination ip, protocol, length and info

Wireshark picture

I am trying to get the same result form the pcap file which contains the data in hexadecimal or binary:

d4c3 b2a1 0200 0400 0000 0000 0000 0000
0000 0400 0100 0000 2fd4 b355 2af8 0600
3600 0000 3600 0000 0100 5e00 0016 f409
d8ed d951 0800 46c0 0028 0000 4000 0102
4049 c0a8 0308 e000 0016 9404 0000 2200
fa02 0000 0001 0300 0000 e000 00fb 2fd4

at the end i want to get to the output to be like something like this:

Output

Any clue or suggestions where to get the packets and file format can help me alot. there maybe somebody else who already came along with this problem ?

Thank you

like image 362
MBH Avatar asked Jul 25 '15 20:07

MBH

People also ask

How do I read a pcap file?

Right-click the PCAP icon for the event and select More Options > View PCAP Information. Double-click the event that you want to investigate, and then select PCAP Data > View PCAP Information from the event details toolbar.

How do I read a pcap file in Wireshark?

PCAP analysis. To load a PCAP file in Wireshark, open Wireshark and in the menu bar, click 'File', then click 'Open' and navigate to the file's location, then click 'Open. ' In our analysis of the PCAP file, we will try three analysis techniques to find any indicators of malicious activity.

How can I read pcap files without Wireshark?

To get them, visit the Wireshark Download page. pcap format was originally created for tcpdump, not Wireshark, so it's older than Wireshark. There are other programs, such as tcpdump and other programs that use libpcap to read files, and recent versions of Microsoft Network Monitor, that can read pcap files.

2 Answers

I found this on another blog and may seems helpful to you:

  1. you can read offline pcap file like this (all of the packets): http://jnetpcap.com/node/905

  2. Extract necessary information and save them one by one in the Txt files.

in order to extract information, you can do like this: http://jnetpcap.com/tutorial/usage

like image 151
Garry Avatar answered Oct 11 '22 08:10

Garry

The asker mentioned that jNetPcap is not ideal because it wraps a native library. In the time since the accepted answer, a pure Java library has emerged: https://github.com/aboutsip/pkts

like image 31
CrazyPyro Avatar answered Oct 11 '22 09:10

CrazyPyro
Sign in to Comment

Related questions

How to use versions-maven-plugin to set child module versions?
java 8u31 plugin causes signed applets to load much slower
Database connections not closed after idle-timeout in wildfly Datasource
Inconsistency in Java 8 method signatures
Reading a progressively encoded 9000x9000 JPEG in Java takes 1 minute
Constants and properties in java
Why does restricting GC to 1 thread increase performance?
Get the Latitude and Longitude of a position clicked on a maps forge 0.5.1 MapView
Should Iterator or Iterable be used when exposing internal collection items?
Why does Java 8 apply annotations differently to derived classes?
File Excel From Apache POI Cant Open by Ms Excel (corrupt)
Get SSLContext for default system truststore in Java(JSEE)
Jersey REST Client - Treat Custom MediaType as MediaType.APPLICATION_JSON
Bad Swing UI scaling on high resolution (MS Surface)
How to set additional Class-Path entries in manifest with onejar Maven plugin?
Java raytracing float vs double
Spring Data one to many mapping
Writing .ics iCal file using java
How is the following Java code useful, in the realm of autonomic computing?
Strange error on list initialization

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!