当前位置: 首页 > 工具软件 > rawip4j > 使用案例 >

pcap4j读取pcap抓包文件DEMO

湛文乐
2023-12-01

pcap4j依赖

  • libpcap 1.1.1     --linux下安装
  • WinPcap 4.1.2   --windows下安装wincap
  • jna 5.1.0       --依赖包
  • slf4j-api 1.7.25     --依赖包
  • logback-core 1.0.0    --依赖包
  • logback-classic 1.0.0    --依赖包

以下代码为读pcap抓包文件,过滤TCP报文(PSH)内容打印:

package org.pcap4j.sample;

import java.io.EOFException;
import java.net.Inet4Address;
import java.util.concurrent.TimeoutException;

import org.pcap4j.core.NotOpenException;
import org.pcap4j.core.PcapHandle;
import org.pcap4j.core.PcapHandle.TimestampPrecision;
import org.pcap4j.core.PcapNativeException;
import org.pcap4j.core.Pcaps;
import org.pcap4j.packet.EthernetPacket;
import org.pcap4j.packet.IpV4Packet;
import org.pcap4j.packet.Packet;
import org.pcap4j.packet.TcpPacket;
import org.pcap4j.packet.namednumber.EtherType;
import org.pcap4j.packet.namednumber.IpNumber;
import org.pcap4j.packet.namednumber.TcpPort;


@SuppressWarnings("javadoc")
public class ReadPacketFile {

    private static final int COUNT = 5000;

    private static final String PCAP_FILE_KEY = ReadPacketFile.class.getName() + ".pcapFile";
    private static final String PCAP_FILE =
            System.getProperty(PCAP_FILE_KEY, "f:/pcap_formt.pcap");

    private ReadPacketFile() {
    }

    public static void main(String[] args) throws PcapNativeException, NotOpenException {
        PcapHandle handle;
        try {
            handle = Pcaps.openOffline(PCAP_FILE);
        } catch (PcapNativeException e) {
            handle = Pcaps.openOffline(PCAP_FILE);
        }

        for (int i = 0; i < COUNT; i++) {
            try {

                Packet packet = handle.getNextPacketEx();
                if(packet == null) {
                    System.out.println("packet is null");
                    break;
                }

                // 可以直接get你想要的报文类型,只要Pcap4J库原生支持
                EthernetPacket ethernetPacket = packet.get(EthernetPacket.class); // 以太网报文
                EtherType eth_type = ethernetPacket.getHeader().getType();
                //System.out.println(i);
                if(eth_type == EtherType.IPV4)
                {

                    IpV4Packet ipv4_packet = packet.get(IpV4Packet.class);
                    IpV4Packet.IpV4Header ipV4Packet_header = ipv4_packet.getHeader();

                    if(ipV4Packet_header.getProtocol() == IpNumber.TCP)
                    {
                        TcpPacket tcp_packet = packet.get(TcpPacket.class);
                        TcpPacket.TcpHeader tcp_header = tcp_packet.getHeader();
                        if(!tcp_header.getPsh())
                        {
                            continue;
                        }
                        Inet4Address srcaddr = ipV4Packet_header.getSrcAddr();
                        Inet4Address dstaddr = ipV4Packet_header.getDstAddr();
                        TcpPort dstport = tcp_header.getDstPort();
                        TcpPort srcport = tcp_header.getSrcPort();
                        System.out.println(i);
                        System.out.println("seqno="+i+",(src ip,dst ip, src port,dst port):("+srcaddr+","+dstaddr+","+srcport+","+dstport+")");

                        String tcpdata = new String(ipv4_packet.getPayload().getRawData());
                        System.out.println("tcp data is:" + tcpdata);

                    }


                }else{

                }
                /*
                TcpPacket tcpPacket = packet.get(TcpPacket.class); // TCP报文

                IpV4Packet ipV4Packet = packet.get(IpV4Packet.class); // 直接获取IpV4报文

                System.out.println(srcAddr); // 输出源IP地址
                // 也可以通过getPayload()的方式一层一层读取
                EthernetHeader ethernetHeader = ethernetPacket.getHeader(); // 读取以太网帧头部
                IpV4Packet ipV4Packet2 = (IpV4Packet)ethernetPacket4j.getPayload(); // 注意get出来的类型,强转可能抛异常

                // 若需要解析的协议Pcap没有支持,那就需要自己实现这个报文的Java类,然后写反序列化方法了
                byte[] rawData = ethernetPacket.getRawData(); // 获取以太网的原始二进制数据
————————————————*/

                //System.out.println(packet);
            } catch (TimeoutException e) {
            } catch (EOFException e) {
                System.out.println("EOF");
                break;
            }
        }

        handle.close();
    }
}

 

 类似资料: