Skip to main content

Filter packets through jpcap

//Open an interface with openDevice(NetworkInterface intrface, int snaplen, boolean promics, int to_ms)

JpcapCaptor captor=JpcapCaptor.openDevice(devices[index], 65535, false, 20);

captor.setFilter("tcp && src port 6000", true);

It'll filter all the TCP packets with source port number 6000.
So, all we need to do is pass the parameters and use logical and, or operators.

Comments

  1. Hey ,
    Saw ur Jpcap topics , nicely written .

    I working on Intrusion detection software in java using Jpcap
    as my college major project .

    Can u guide me regarding it ... I have searched alot n also going through some book like Network Intrusion Detection (3rd Edition) by Northcutt etc.
    mail me at sharmavidisha88@gmail.com
    Thanks in advance :)

    ReplyDelete
  2. I hope you are done by now? If not, then do write if I can help you. You are welcome. :)

    ReplyDelete
  3. hey!
    a very helpful blog

    but just one question: how can we filter using an ip addr and port number?
    as in only capture packets that are coming from a specific ip address?

    ReplyDelete
  4. Thanks.
    captor.setFilter("IP_to_be_used", true);

    inside setfilter function, mention the IP address and it's done.

    NOTE: make sure you're connected to correct network interface.

    ReplyDelete
  5. hey,
    im working on a packet sniffer project using jpcap...jst wnted to know if these filter expressions can be set by us...in the sense dat can we filter based on a particular data or string rather than ip,port no's and protocols.
    please help..
    thanks

    ReplyDelete
  6. Hi,

    I don't think your sniffer can sniff into the details of packet like reading it's data. It can detect the nature of packets etc. I guess it doesn't provide any means to look inside the wrapper otherwise, how your packets can be secured if you can read it's content over the network itself. I hope I answered it.

    ReplyDelete
  7. ya.u r rite..this cant be done..but data can be obtained using packet.data using pcap
    anyways thanx a lot for the reply..

    ReplyDelete
  8. You can't read the data unless you have captured the packet which comes after filtering. This is the procedure followed:

    ◦Obtain the list of network interfaces
    ◦Open a network interface
    ◦Capture packets from the network interface
    ◦Set capturing filter
    ◦Save captured packets into a file
    ◦Read saved packets from a file

    So, first you need to apply a filter then capture a packet and then you can read it's data. I hope it brings more clarity.

    ReplyDelete
  9. Ya dat m aware of...i was taking it in a different wat...anyways thanx

    ReplyDelete
  10. I guess there's enough material on net to start with. The best one for newbies is:

    http://www.eden.rutgers.edu/~muscarim/jpcap/tutorial/index.html

    I hope that helps.

    ReplyDelete
  11. hey Himanshu. I am a university student working on my final yr project. I wish to have a java program that captures the total bytes sent and received. and use this information and show how much a user has used. id would really great ful if you could help me go about this. thank you

    ReplyDelete
  12. Sure Azhar. May I know what have you tried by now? I guess it's do-able using jpcap.

    ReplyDelete
  13. Hi,

    Could you please let me know how to capture HTTPS calls. I see the characters are jumbled when i capture HTTPS calls.

    ---HTTP---

    GET /a?f=2143137305&pn=aol&p=aol-pt_em&c=r&l=SKY&rand=8816242 HTTP/1.1
    Host: eu-pn2.adserver.yahoo.com
    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:30.0) Gecko/20100101 Firefox/30.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://alpo-aim.mail.aol.com/38630-616/aim-6/fr-fr/common/AdServer.aspx?name=sidepanel&screen=large
    Cookie: B=81m2qo99sglb1&b=3&s=8c
    Connection: keep-alive

    ---------- HTTPS --------------
    2014-07-21 10:56:57,560 INFO [Thread-8] HttpSniffer (NetworkDevicePacketCapture.java:47)
    - ?? ,=g??nK?}e??????+m???[r??}+??>??1 t
    ?\? ????????N? ????=,?,C??5??? ?
    t??Vs?)?;v
    ??[f?l??(?a??? ?q ]?r?Xj?@| ?c??+Y,???V ? !? 'i??g?A"?? +??(W(??? ???. 6?????N???k? ??vt??G? {l18EO??+i??L??aWa?W ?t????s&??*?Dtd(?BWkM??&??/v?hU?^$?a?@RF]?[R??A(BM?j
    ??9W???I5??)? ?eU???;???q?R?^? %???x? ?U"? Q?`?v ???Q ?? ?5?
    ------------------------------------

    --Shivaraj

    ReplyDelete
  14. Hey! Https sends the packet in encrypted form under SSL protection. That's why you see your content like this. Otherwise there would have been no difference in http and https. So, in order to decrypt that you need to break SSL.

    ReplyDelete

Post a Comment

Popular posts from this blog

VBA MAcro to generate "table of contents with hyperlinks" automatically in a ppt

VBA MAcro to generate "table of contents with hyperlinks" automatically in a ppt: Function TableOfContent(count As Integer) 'count is the no. of slides in ppt Dim var As Integer Dim i As Integer, scount As Integer Dim strSel As String, strTitle As String, strb As String, strtemp As String, str As String Dim arr() As String Dim index As Integer, indexcount As Integer, slidecount As Integer Dim summary As Slide Dim para As Integer Dim slideOrder() As Integer 'To generate the Table of contents slide ReDim slideOrder(count - 2) 'Collect all the IDs of the selected slides For i = 1 To count - 2 slideOrder(i) = i + 2 Next 'Iterate over the slides in Index order slidecount = UBound(slideOrder) For scount = 1 To slidecount If ActivePresentation.Slides(slideOrder(scount)).Shapes.HasTitle Then 'Build up the ToC Text strTitle = ActivePresentation.Slides(slideOrder(scount)).Shapes("UseCase").TextFrame.TextRange.Text + ": &qu

redis server went away

It feels really awkward to see " redis: uncaught exception: Redis server went away " when it was working and suddenly this message bumps up. I faced the same situation while accessing php redis but I guess it's more generic one, more related to redis. So, here are possible solutions that I am able to find and highlighting the one which really did work for me. 1. /usr/sbin/setsebool httpd_can_network_connect=1 By default, SELinux does not allow Apache to make socket connections. So, enable the connection. 2. Try to stop the redis server and restart it again. either of these two should work: a) redis-cli b) redis server 3. There might be issues with switch, try to use different switch.