Skip to main content

Filter packets through jpcap

//Open an interface with openDevice(NetworkInterface intrface, int snaplen, boolean promics, int to_ms)

JpcapCaptor captor=JpcapCaptor.openDevice(devices[index], 65535, false, 20);

captor.setFilter("tcp && src port 6000", true);

It'll filter all the TCP packets with source port number 6000.
So, all we need to do is pass the parameters and use logical and, or operators.

Comments

  1. Hey ,
    Saw ur Jpcap topics , nicely written .

    I working on Intrusion detection software in java using Jpcap
    as my college major project .

    Can u guide me regarding it ... I have searched alot n also going through some book like Network Intrusion Detection (3rd Edition) by Northcutt etc.
    mail me at sharmavidisha88@gmail.com
    Thanks in advance :)

    ReplyDelete
  2. I hope you are done by now? If not, then do write if I can help you. You are welcome. :)

    ReplyDelete
  3. hey!
    a very helpful blog

    but just one question: how can we filter using an ip addr and port number?
    as in only capture packets that are coming from a specific ip address?

    ReplyDelete
  4. Thanks.
    captor.setFilter("IP_to_be_used", true);

    inside setfilter function, mention the IP address and it's done.

    NOTE: make sure you're connected to correct network interface.

    ReplyDelete
  5. hey,
    im working on a packet sniffer project using jpcap...jst wnted to know if these filter expressions can be set by us...in the sense dat can we filter based on a particular data or string rather than ip,port no's and protocols.
    please help..
    thanks

    ReplyDelete
  6. Hi,

    I don't think your sniffer can sniff into the details of packet like reading it's data. It can detect the nature of packets etc. I guess it doesn't provide any means to look inside the wrapper otherwise, how your packets can be secured if you can read it's content over the network itself. I hope I answered it.

    ReplyDelete
  7. ya.u r rite..this cant be done..but data can be obtained using packet.data using pcap
    anyways thanx a lot for the reply..

    ReplyDelete
  8. You can't read the data unless you have captured the packet which comes after filtering. This is the procedure followed:

    ◦Obtain the list of network interfaces
    ◦Open a network interface
    ◦Capture packets from the network interface
    ◦Set capturing filter
    ◦Save captured packets into a file
    ◦Read saved packets from a file

    So, first you need to apply a filter then capture a packet and then you can read it's data. I hope it brings more clarity.

    ReplyDelete
  9. Ya dat m aware of...i was taking it in a different wat...anyways thanx

    ReplyDelete
  10. I guess there's enough material on net to start with. The best one for newbies is:

    http://www.eden.rutgers.edu/~muscarim/jpcap/tutorial/index.html

    I hope that helps.

    ReplyDelete
  11. hey Himanshu. I am a university student working on my final yr project. I wish to have a java program that captures the total bytes sent and received. and use this information and show how much a user has used. id would really great ful if you could help me go about this. thank you

    ReplyDelete
  12. Sure Azhar. May I know what have you tried by now? I guess it's do-able using jpcap.

    ReplyDelete
  13. Hi,

    Could you please let me know how to capture HTTPS calls. I see the characters are jumbled when i capture HTTPS calls.

    ---HTTP---

    GET /a?f=2143137305&pn=aol&p=aol-pt_em&c=r&l=SKY&rand=8816242 HTTP/1.1
    Host: eu-pn2.adserver.yahoo.com
    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:30.0) Gecko/20100101 Firefox/30.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://alpo-aim.mail.aol.com/38630-616/aim-6/fr-fr/common/AdServer.aspx?name=sidepanel&screen=large
    Cookie: B=81m2qo99sglb1&b=3&s=8c
    Connection: keep-alive

    ---------- HTTPS --------------
    2014-07-21 10:56:57,560 INFO [Thread-8] HttpSniffer (NetworkDevicePacketCapture.java:47)
    - ?? ,=g??nK?}e??????+m???[r??}+??>??1 t
    ?\? ????????N? ????=,?,C??5??? ?
    t??Vs?)?;v
    ??[f?l??(?a??? ?q ]?r?Xj?@| ?c??+Y,???V ? !? 'i??g?A"?? +??(W(??? ???. 6?????N???k? ??vt??G? {l18EO??+i??L??aWa?W ?t????s&??*?Dtd(?BWkM??&??/v?hU?^$?a?@RF]?[R??A(BM?j
    ??9W???I5??)? ?eU???;???q?R?^? %???x? ?U"? Q?`?v ???Q ?? ?5?
    ------------------------------------

    --Shivaraj

    ReplyDelete
  14. Hey! Https sends the packet in encrypted form under SSL protection. That's why you see your content like this. Otherwise there would have been no difference in http and https. So, in order to decrypt that you need to break SSL.

    ReplyDelete

Post a Comment

Popular posts from this blog

VBA MAcro to generate "table of contents with hyperlinks" automatically in a ppt

VBA MAcro to generate "table of contents with hyperlinks" automatically in a ppt:



Function TableOfContent(count As Integer)
'count is the no. of slides in ppt
Dim var As Integer
Dim i As Integer, scount As Integer
Dim strSel As String, strTitle As String, strb As String, strtemp As String, str As String
Dim arr() As String
Dim index As Integer, indexcount As Integer, slidecount As Integer
Dim summary As Slide
Dim para As Integer
Dim slideOrder() As Integer


'To generate the Table of contents slide
ReDim slideOrder(count - 2)

'Collect all the IDs of the selected slides
For i = 1 To count - 2
slideOrder(i) = i + 2
Next

'Iterate over the slides in Index order
slidecount = UBound(slideOrder)
For scount = 1 To slidecount
If ActivePresentation.Slides(slideOrder(scount)).Shapes.HasTitle Then
'Build up the ToC Text
strTitle = ActivePresentation.Slides(slideOrder(scount)).Shapes("UseCase").TextFrame.TextRange.Text + ": "
str = ActivePresentation…

error in eclipse on import org.eclipse.jetty.server.Server;

When you find error in line import org.eclipse.jetty.server.Server; it means eclipse doesn't contain jetty.jar. Right click on project -> properties on left pane -> java build path right pane -> add external jar under libraries tab link it to all the jar files of jetty folder. can download jetty from : http://www.eclipse.org/jetty/downloads.php now rebuild the project.

How to do mass insert in redis

A basic and fairly easy way to do mass insert in redis:

Command to use: echo -e "$(cat redis_mass_insert.txt)" | redis-cli --pipe
Content of file "redis_mass_insert.txt": *3\r\n$5\r\nlpush\r\n$5\r\nu:m:1\r\n$5\r\nvalu1\r\n*3\r\n$5\r\nlpush\r\n$5\r\nu:m:1\r\n$7\r\nmyvalue\r\n

Result: All data transferred. Waiting for the last reply...
ERR unknown command ' *2'
ERR unknown command '$4'
ERR wrong number of arguments for 'echo' command
ERR unknown command '$20'
ERR unknown command ' A�j d�Q;yT��าก �h>'


NOTE: command line will show error but in actual the data is transferred and you can check it by entering in redis.

Here's the snapshot of the whole procedure:




To check how the command is responding: use hexdump -C
Command: echo -n $'$3\r\nset\r\n$3\r\nkey\r\n$5\r\nvalue\r\n ' | hexdump -C
whose output will be something like
00000000 24 33 0d 0a 73 65 74 0d 0a 24 33 0d 0a 6b 65 79 |$3..set..$3..key|
00000010 0d 0a…