pcap4j依賴
- libpcap 1.1.1 --linux下安裝
- WinPcap 4.1.2 --windows下安裝wincap
- jna 5.1.0 --依賴包
- slf4j-api 1.7.25 --依賴包
- logback-core 1.0.0 --依賴包
- logback-classic 1.0.0 --依賴包
以下代碼爲讀pcap抓包文件,過濾TCP報文(PSH)內容打印:
package org.pcap4j.sample;
import java.io.EOFException;
import java.net.Inet4Address;
import java.util.concurrent.TimeoutException;
import org.pcap4j.core.NotOpenException;
import org.pcap4j.core.PcapHandle;
import org.pcap4j.core.PcapHandle.TimestampPrecision;
import org.pcap4j.core.PcapNativeException;
import org.pcap4j.core.Pcaps;
import org.pcap4j.packet.EthernetPacket;
import org.pcap4j.packet.IpV4Packet;
import org.pcap4j.packet.Packet;
import org.pcap4j.packet.TcpPacket;
import org.pcap4j.packet.namednumber.EtherType;
import org.pcap4j.packet.namednumber.IpNumber;
import org.pcap4j.packet.namednumber.TcpPort;
@SuppressWarnings("javadoc")
public class ReadPacketFile {
private static final int COUNT = 5000;
private static final String PCAP_FILE_KEY = ReadPacketFile.class.getName() + ".pcapFile";
private static final String PCAP_FILE =
System.getProperty(PCAP_FILE_KEY, "f:/pcap_formt.pcap");
private ReadPacketFile() {
}
public static void main(String[] args) throws PcapNativeException, NotOpenException {
PcapHandle handle;
try {
handle = Pcaps.openOffline(PCAP_FILE);
} catch (PcapNativeException e) {
handle = Pcaps.openOffline(PCAP_FILE);
}
for (int i = 0; i < COUNT; i++) {
try {
Packet packet = handle.getNextPacketEx();
if(packet == null) {
System.out.println("packet is null");
break;
}
// 可以直接get你想要的報文類型,只要Pcap4J庫原生支持
EthernetPacket ethernetPacket = packet.get(EthernetPacket.class); // 以太網報文
EtherType eth_type = ethernetPacket.getHeader().getType();
//System.out.println(i);
if(eth_type == EtherType.IPV4)
{
IpV4Packet ipv4_packet = packet.get(IpV4Packet.class);
IpV4Packet.IpV4Header ipV4Packet_header = ipv4_packet.getHeader();
if(ipV4Packet_header.getProtocol() == IpNumber.TCP)
{
TcpPacket tcp_packet = packet.get(TcpPacket.class);
TcpPacket.TcpHeader tcp_header = tcp_packet.getHeader();
if(!tcp_header.getPsh())
{
continue;
}
Inet4Address srcaddr = ipV4Packet_header.getSrcAddr();
Inet4Address dstaddr = ipV4Packet_header.getDstAddr();
TcpPort dstport = tcp_header.getDstPort();
TcpPort srcport = tcp_header.getSrcPort();
System.out.println(i);
System.out.println("seqno="+i+",(src ip,dst ip, src port,dst port):("+srcaddr+","+dstaddr+","+srcport+","+dstport+")");
String tcpdata = new String(ipv4_packet.getPayload().getRawData());
System.out.println("tcp data is:" + tcpdata);
}
}else{
}
/*
TcpPacket tcpPacket = packet.get(TcpPacket.class); // TCP報文
IpV4Packet ipV4Packet = packet.get(IpV4Packet.class); // 直接獲取IpV4報文
System.out.println(srcAddr); // 輸出源IP地址
// 也可以通過getPayload()的方式一層一層讀取
EthernetHeader ethernetHeader = ethernetPacket.getHeader(); // 讀取以太網幀頭部
IpV4Packet ipV4Packet2 = (IpV4Packet)ethernetPacket4j.getPayload(); // 注意get出來的類型,強轉可能拋異常
// 若需要解析的協議Pcap沒有支持,那就需要自己實現這個報文的Java類,然後寫反序列化方法了
byte[] rawData = ethernetPacket.getRawData(); // 獲取以太網的原始二進制數據
————————————————*/
//System.out.println(packet);
} catch (TimeoutException e) {
} catch (EOFException e) {
System.out.println("EOF");
break;
}
}
handle.close();
}
}