Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

org.pcap4j.sample.Loop only shows Hex stream #20

Closed
jdrews opened this issue May 11, 2014 · 3 comments
Closed

org.pcap4j.sample.Loop only shows Hex stream #20

jdrews opened this issue May 11, 2014 · 3 comments
Labels
question

Comments

@jdrews
Copy link

jdrews commented May 11, 2014

In the example documentation for org.pcap4j.sample.Loop it shows user readable descriptions of each packet. See link below:
https://github.com/kaitoy/pcap4j/blob/master/www/sample_Loop.md

But for some reason when I run it, I get just a hex stream. Perhaps I'm doing something wrong? Thanks for your help!

Windows 8, WinPCap 4.1.3
Java 1.6.0_45

c:\git\pcap4j>java -cp C:\git\pcap4j\pcap4j-sample\target\pcap4j-sample-1.2.0-SNAPSHOT.jar;C:\git\pcap4j\pcap4j-core\target\pcap4j-core-1.2.0-SNAPSHOT.jar;C:\Users\jdrews\.m2\repository\net\java\dev\jna\jna\4.1.0\jna-4.1.0.jar;C:\Users\jdrews\.m2\repository\org\slf4j\slf4j-api\1.6.4\slf4j-api-1.6.4.jar -Dorg.pcap4j.sample.Loop.count=2 org.pcap4j.sample.Loop icmp
org.pcap4j.sample.Loop.count: 2
org.pcap4j.sample.Loop.readTimeout: 10
org.pcap4j.sample.Loop.snaplen: 65536


SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
NIF[0]: \Device\NPF_{2BF655AC-5148-4E45-880A-C347550A9016}
      : description: Realtek PCIe GBE Family Controller
NIF[1]: \Device\NPF_{6CAE8DF5-518E-4487-B7E5-130AA0E5A836}
      : description: Microsoft
      : address: /fe80:0:0:0:e5fe:a0ff:cff0:1a4c
      : address: /fe80:0:0:0:e5fe:a0ff:cff0:1a4c
NIF[2]: \Device\NPF_{6E9128D0-0819-4253-82C2-DD9477179E77}
      : description: Microsoft
      : address: /fe80:0:0:0:711e:20b9:6a71:a872
      : address: /192.168.3.35
NIF[3]: \Device\NPF_{0239C018-BC3B-493B-B3B3-5CD514F3B591}
      : description: TAP-Win32 Adapter OAS
      : address: /fe80:0:0:0:d9c9:2ac0:dae6:c0ac
      : address: /0.0.0.0
NIF[4]: \Device\NPF_{ED2111D2-D451-4B4D-84FC-026C4C223468}
      : description: Microsoft Corporation
      : address: /fe80:0:0:0:d4f6:ff3b:d8e0:d443
      : address: /0.0.0.0
NIF[5]: \Device\NPF_{740479C1-5477-4D1D-BA33-773F7763E646}
      : description: Microsoft Corporation
      : address: /10.9.8.177

Select a device number to capture packets, or enter 'q' to quit > 2
\Device\NPF_{6E9128D0-0819-4253-82C2-DD9477179E77}(Microsoft)
2014-05-11 15:42:35.418494
[data (98 bytes)]
  Hex stream: c0 18 85 c4 6d ff 00 15 5d 03 51 04 08 00 45 00 00 54 00 00 40 00 40 01 b2 e2 c0 a8 03 53 c0 a8 03 23 08 00 72 17 51 23 00 05 ab d2 6f 53 00 00 00 00 4d c7 0d 00 00 00 00 00 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37

2014-05-11 15:42:36.420863
[data (98 bytes)]
  Hex stream: c0 18 85 c4 6d ff 00 15 5d 03 51 04 08 00 45 00 00 54 00 00 40 00 40 01 b2 e2 c0 a8 03 53 c0 a8 03 23 08 00 b1 0a 51 23 00 06 ac d2 6f 53 00 00 00 00 0d d3 0d 00 00 00 00 00 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37

ps_recv: 12
ps_drop: 0
ps_ifdrop: 0
bs_capt: 0

c:\git\pcap4j>
@jdrews
Copy link
Author

jdrews commented May 11, 2014

While I have your attention, I was hoping you could help me discover how I'm doing this wrong. The below code never prints out "IpV4Packet: " or "Dot1qVlanTagPacket: ". I have a feeling the problem is closely related to the reason why sample.Loop only spits out a Hex stream. I followed the examples SendArpRequest.java and Loop.java.

While debugging, I've discovered "packet" has no IpV4Packet class. But I was pinging this computer from somewhere else, so I'm reasonably sure at least one of the packets was an IPv4 packet.

Any help you could offer would be greatly appreciated! Thanks!

/*
 * PacketAnalysis.java
 *
 * Updated: May 11, 2014
 */
package org.jdrews.netcap;

import java.io.IOException;
import java.sql.Timestamp;

import org.pcap4j.core.BpfProgram.BpfCompileMode;
import org.pcap4j.core.NotOpenException;
import org.pcap4j.core.PacketListener;
import org.pcap4j.core.PcapHandle;
import org.pcap4j.core.PcapNativeException;
import org.pcap4j.core.PcapNetworkInterface;
import org.pcap4j.core.PcapNetworkInterface.PromiscuousMode;
import org.pcap4j.core.PcapStat;
import org.pcap4j.packet.Dot1qVlanTagPacket;
import org.pcap4j.packet.IpV4Packet;
import org.pcap4j.packet.Packet;
import org.pcap4j.util.NifSelector;

import com.sun.jna.Platform;

@SuppressWarnings("javadoc")
public class PacketAnalysis
{

    private static final String COUNT_KEY
            = PacketAnalysis.class.getName() + ".count";
    private static final int COUNT
            = Integer.getInteger(COUNT_KEY, 5);

    private static final String READ_TIMEOUT_KEY
            = PacketAnalysis.class.getName() + ".readTimeout";
    private static final int READ_TIMEOUT
            = Integer.getInteger(READ_TIMEOUT_KEY, 10); // [ms]

    private static final String SNAPLEN_KEY
            = PacketAnalysis.class.getName() + ".snaplen";
    private static final int SNAPLEN
            = Integer.getInteger(SNAPLEN_KEY, 65536); // [bytes]

    public static void main(String[] args) throws PcapNativeException, NotOpenException
    {
        String filter = args.length != 0 ? args[0] : "";

        System.out.println(COUNT_KEY + ": " + COUNT);
        System.out.println(READ_TIMEOUT_KEY + ": " + READ_TIMEOUT);
        System.out.println(SNAPLEN_KEY + ": " + SNAPLEN);
        System.out.println("\n");

        PcapNetworkInterface nif;
        try
        {
            nif = new NifSelector().selectNetworkInterface();
        }
        catch (IOException e)
        {
            e.printStackTrace();
            return;
        }

        if (nif == null)
        {
            return;
        }

        System.out.println(nif.getName() + "(" + nif.getDescription() + ")");

        final PcapHandle handle
                = nif.openLive(SNAPLEN, PromiscuousMode.PROMISCUOUS, READ_TIMEOUT);

        if (filter.length() != 0)
        {
            handle.setFilter(
                    filter,
                    BpfCompileMode.OPTIMIZE
            );
        }

        PacketListener listener
                = new PacketListener()
        {
            public void gotPacket(Packet packet)
            {
                Timestamp ts = new Timestamp(handle.getTimestampInts() * 1000L);
                ts.setNanos(handle.getTimestampMicros() * 1000);
                System.out.println(ts);

                if (packet.contains(IpV4Packet.class)) {
                    IpV4Packet ipv4p = packet.get(IpV4Packet.class);
                    System.out.println("IpV4Packet: " + ipv4p);
                }

                if (packet.contains(Dot1qVlanTagPacket.class)) {
                    Dot1qVlanTagPacket dot1qp = packet.get(Dot1qVlanTagPacket.class);
                    System.out.println("Dot1qVlanTagPacket: " + dot1qp);
                }

                System.out.println("packetlength: " + packet.length());
                System.out.println(packet);
                System.out.println("=================================================");
            }
        };

        try
        {
            handle.loop(COUNT, listener);
        }
        catch (InterruptedException e)
        {
            e.printStackTrace();
        }

        PcapStat ps = handle.getStat();
        System.out.println("ps_recv: " + ps.getNumPacketsReceived());
        System.out.println("ps_drop: " + ps.getNumPacketsDropped());
        System.out.println("ps_ifdrop: " + ps.getNumPacketsDroppedByIf());
        if (Platform.isWindows())
        {
            System.out.println("bs_capt: " + ps.getNumPacketsCaptured());
        }

        handle.close();
    }
}

And the output:

org.jdrews.netcap.PacketAnalysis.count: 5
org.jdrews.netcap.PacketAnalysis.readTimeout: 10
org.jdrews.netcap.PacketAnalysis.snaplen: 65536


SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
NIF[0]: \Device\NPF_{2BF655AC-5148-4E45-880A-C347550A9016}
      : description: Realtek PCIe GBE Family Controller
NIF[1]: \Device\NPF_{6CAE8DF5-518E-4487-B7E5-130AA0E5A836}
      : description: Microsoft
      : address: /fe80:0:0:0:e5fe:a0ff:cff0:1a4c
      : address: /fe80:0:0:0:e5fe:a0ff:cff0:1a4c
NIF[2]: \Device\NPF_{6E9128D0-0819-4253-82C2-DD9477179E77}
      : description: Microsoft
      : address: /fe80:0:0:0:711e:20b9:6a71:a872
      : address: /192.168.3.35
NIF[3]: \Device\NPF_{0239C018-BC3B-493B-B3B3-5CD514F3B591}
      : description: TAP-Win32 Adapter OAS
      : address: /fe80:0:0:0:d9c9:2ac0:dae6:c0ac
      : address: /0.0.0.0
NIF[4]: \Device\NPF_{ED2111D2-D451-4B4D-84FC-026C4C223468}
      : description: Microsoft Corporation
      : address: /fe80:0:0:0:d4f6:ff3b:d8e0:d443
      : address: /0.0.0.0
NIF[5]: \Device\NPF_{740479C1-5477-4D1D-BA33-773F7763E646}
      : description: Microsoft Corporation
      : address: /10.9.8.177

Select a device number to capture packets, or enter 'q' to quit > 2
\Device\NPF_{6E9128D0-0819-4253-82C2-DD9477179E77}(Microsoft)
2014-05-11 16:11:43.209417
packetlength: 54
[data (54 bytes)]
  Hex stream: c0 18 85 c4 6d ff c0 c1 c0 7a d8 fb 08 00 45 20 00 28 d3 b3 40 00 35 06 a0 d2 44 32 c9 2c c0 a8 03 23 7f 20 c4 c1 18 80 8b 77 b6 04 75 49 50 10 3f ff 8b 83 00 00

=================================================
2014-05-11 16:11:43.212146
packetlength: 61
[data (61 bytes)]
  Hex stream: c0 18 85 c4 6d ff c0 c1 c0 7a d8 fb 08 00 45 20 00 2f ea 0b 40 00 35 06 8a 73 44 32 c9 2c c0 a8 03 23 7f 20 c4 c1 18 80 8b 77 b6 04 75 49 50 18 40 00 da 8c 00 00 65 31 74 9e b2 16 25

=================================================
2014-05-11 16:11:43.434085
packetlength: 207
[data (207 bytes)]
  Hex stream: c0 18 85 c4 6d ff c0 c1 c0 7a d8 fb 08 00 45 00 00 c1 00 00 40 00 40 11 b2 b7 c0 a8 03 01 c0 a8 03 23 00 35 fb 48 00 ad 10 29 65 4c 81 80 00 01 00 04 00 00 00 00 0c 66 6f 6f 64 61 6e 64 64 72 69 6e 6b 04 74 69 6c 65 05 61 70 70 65 78 04 62 69 6e 67 03 63 6f 6d 00 00 01 00 01 c0 0c 00 05 00 01 00 00 0c e3 00 29 08 77 69 6c 64 63 61 72 64 08 61 70 70 65 78 2d 72 66 03 6d 73 6e 03 63 6f 6d 09 65 64 67 65 73 75 69 74 65 03 6e 65 74 00 c0 3e 00 05 00 01 00 00 0d 10 00 12 05 61 31 38 35 36 02 67 32 06 61 6b 61 6d 61 69 c0 62 c0 73 00 01 00 01 00 00 00 13 00 04 17 3e 6f 40 c0 73 00 01 00 01 00 00 00 13 00 04 17 3e 6f 48

=================================================
2014-05-11 16:11:43.475627
packetlength: 66
[data (66 bytes)]
  Hex stream: c0 18 85 c4 6d ff c0 c1 c0 7a d8 fb 08 00 45 20 00 34 00 00 40 00 3a 06 f6 5a 17 3e 6f 40 c0 a8 03 23 00 50 c5 c1 d7 5c fb 2e 5f dc e2 da 80 12 39 08 10 61 00 00 02 04 05 b4 01 01 04 02 01 03 03 01

=================================================
2014-05-11 16:11:43.50824
packetlength: 54
[data (54 bytes)]
  Hex stream: c0 18 85 c4 6d ff c0 c1 c0 7a d8 fb 08 00 45 20 00 28 1c 8e 40 00 3a 06 d9 d8 17 3e 6f 40 c0 a8 03 23 00 50 c5 c1 d7 5c fb 2f 5f dc e3 96 50 10 1e 9c 6a dd 00 00

=================================================
ps_recv: 7
ps_drop: 0
ps_ifdrop: 0
bs_capt: 0

@kaitoy
Copy link
Owner

kaitoy commented May 11, 2014

You just need to add a packet factory module (i.e. pcap4j-packetfactory-propertiesbased.jar or pcap4j-packetfactory-static.jar) to class path.

@jdrews
Copy link
Author

jdrews commented May 11, 2014

That was the solution. Thanks!

@jdrews jdrews closed this as completed May 11, 2014
@kaitoy kaitoy added the question label Nov 1, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jdrews @kaitoy