我们经常使用Httpwatch查看HTTP的传输数据。那java能不能做到呢? 下面我们就讲一下如何通过java在windows上获取网卡的数据包,这里我们使用了开源的WinPcap,还有jNetPcap,jNetPcap是对接了WinPcap来截获网卡数据包。
如何截获网卡分3步:
1. 在自己的机器上安装WinPcap。 http://www.winpcap.org/install/default.htm
2. 下载jNetPcap, http://jnetpcap.com/download. 下载下来之后解压,里面2个重要文件jnetpcap.jar,jnetpcap.dll
3 在eclipse里新建工程,把jnetpcap.jar加入library. 然后参考如下代码实现网卡截包:
import java.util.ArrayList;
import java.util.List;
import org.jnetpcap.Pcap;
import org.jnetpcap.PcapIf;
import org.jnetpcap.packet.JPacket;
import org.jnetpcap.packet.JPacketHandler;
import org.jnetpcap.protocol.tcpip.Http;
import org.jnetpcap.protocol.tcpip.Tcp;
/**
* Capture the netword card packages
*
*/
public class App {
public static void main(String[] args) throws InterruptedException {
List<PcapIf> alldevs = new ArrayList<PcapIf>(); // Will be filled with
// NICs
StringBuilder errbuf = new StringBuilder();
int r = Pcap.findAllDevs(alldevs, errbuf);
if (r == Pcap.NOT_OK || alldevs.isEmpty()) {
System.err.printf("Can't read list of devices, error is %s",
errbuf.toString());
return;
}
for (PcapIf pif : alldevs) {
System.out.println(pif.getName());
}
PcapIf pif = alldevs.get(0);//select the device which you want to monitor
/***************************************
* open the device
***************************************/
int snaplen = 64 * 1024; // Capture all packets, no trucation
int flags = Pcap.MODE_PROMISCUOUS; // capture all packets
int timeout = 10 * 1000; // 10 seconds in millis
Pcap pcap = Pcap.openLive(pif.getName(), snaplen, flags, timeout,
errbuf);
if (pcap == null) {
System.err.printf("Error while opening device for capture: "
+ errbuf.toString());
return;
}
/*
* We have an opened the capture file now time to read packets. We use a
* Pcap.loop function to retrieve 10 packets from the file. We supply an
* annonymous handler which will receive packets as they are read from the
* offline file by libpcap. We parameterize it with a StringBuilder class.
* This allows us to pass in any type of object we need inside the our
* dispatch handler. For this example we are passing in the errorbuf object
* so we can pass back a string, if we need to. Of course in our example
* this is not strictly needed since our anonymous class can access errbuf
* object directly from the enclosing main method as that local variable is
* marked final allowing anonymous classes access to it.
*/
pcap.loop(Pcap.LOOP_INFINITE, new JPacketHandler<StringBuilder>() {
/**
* We purposely define and allocate our working tcp header (accessor)
* outside the dispatch function and thus the libpcap loop, as this type
* of object is reusable and it would be a very big waist of time and
* resources to allocate it per every dispatch of a packet. We mark it
* final since we do not plan on allocating any other instances of Tcp.
*/
final Tcp tcp = new Tcp();
/*
* Same thing for our http header
*/
final Http http = new Http();
/**
* Our custom handler that will receive all the packets libpcap will
* dispatch to us. This handler is inside a libpcap loop and will receive
* exactly 10 packets as we specified on the Pcap.loop(10, ...) line
* above.
*
* @param packet
* a packet from our capture file
* @param errbuf
* our custom user parameter which we chose to be a StringBuilder
* object, but could have chosen anything else we wanted passed
* into our handler by libpcap
*/
public void nextPacket(JPacket packet, StringBuilder errbuf) {
/*
* Here we receive 1 packet at a time from the capture file. We are
* going to check if we have a tcp packet and do something with tcp
* header. We are actually going to do this twice to show 2 different
* ways how we can check if a particular header exists in the packet and
* then get that header (peer header definition instance with memory in
* the packet) in 2 separate steps.
*/
if (packet.hasHeader(Tcp.ID)) {
/*
* Now get our tcp header definition (accessor) peered with actual
* memory that holds the tcp header within the packet.
*/
packet.getHeader(tcp);
System.out.printf("tcp.dst_port=%d%n", tcp.destination());
System.out.printf("tcp.src_port=%d%n", tcp.source());
System.out.printf("tcp.ack=%x%n", tcp.ack());
}
/*
* An easier way of checking if header exists and peering with memory
* can be done using a conveniece method JPacket.hasHeader(? extends
* JHeader). This method performs both operations at once returning a
* boolean true or false. True means that header exists in the packet
* and our tcp header difinition object is peered or false if the header
* doesn't exist and no peering was performed.
*/
if (packet.hasHeader(tcp)) {
//System.out.printf("tcp header::%s%n", tcp.toString());
}
/*
* A typical and common approach to getting headers from a packet is to
* chain them as a condition for the if statement. If we need to work
* with both tcp and http headers, for example, we place both of them on
* the command line.
*/
if (packet.hasHeader(tcp) && packet.hasHeader(http)) {
/*
* Now we are guarranteed to have both tcp and http header peered. If
* the packet only contained tcp segment even though tcp may have http
* port number, it still won't show up here since headers appear right
* at the beginning of http session.
*/
System.out.printf("http header::%s%n", http);
/*
* jNetPcap keeps track of frame numbers for us. The number is simply
* incremented with every packet scanned.
*/
}
//System.out.printf("frame #%d%n", packet.getFrameNumber());
}
}, errbuf);
/*
* Last thing to do is close the pcap handle
*/
pcap.close();
}
}
注意:
在运行以上代码之前还需要加上jvm参数,为了让jnetpcap找到jnetpcap.dll,我们在vm parameters加入以下参数:
-Djava.library.path=E:\jnetpcap
这里的E:\jnetpcap 就是jnetpcap.dll放置的目录。
相关推荐
实现了抓取的数据包从链路层到应用层的逐层包头的信息展示及分析 实现了Ethernet、IP、ARP、ICMP、UDP、TCP、HTTP七种数据包的过滤及分析 实现了源ip、目的ip、及包携带内容的关键字过滤功能 实现了基于IP+Port的...
为了能够存储从网络上抓取的数据包信息,需要通过 Java 应用程序连接 SQL Server 2000 数据库。 #### 实践步骤: 1. **安装 JDBC 驱动**:下载适用于 SQL Server 的 JDBC 驱动程序。 2. **添加驱动到项目**:将 ...
JPCAP是一个Java库,它为开发人员提供了抓取、解析和处理网络数据包的能力,适用于各种网络分析和故障排查场景。 首先,我们要理解JPCAP的基本概念。JPCAP是Java Packet CAPture的缩写,它是对libpcap库的Java封装...
4. 抓取某台机器的指定协议的所有数据包:Sniffer 工具可以对某台机器的指定协议的所有数据包进行抓取和分析。 5. 抓 TELNET 密码:Sniffer 工具可以对 TELNET 密码进行抓取和分析。 6. 抓 FTP 密码:Sniffer 工具...
描述中提到的"pcap4j 实现本地抓包以及解析DNS",意味着这个Demo程序展示了如何利用Pcap4J抓取本地网络接口的数据包,并且对其中的DNS(域名系统)流量进行解析。DNS是互联网上用于将人类可读的域名转换为IP地址的...
4. **数据包细节解析**:每个捕获的数据包都包含丰富的信息,如源和目标IP地址、端口号、时间戳、协议、长度等。Wireshark提供了一级级展开的视图,让你深入了解每一个包的结构。 5. **颜色编码**:Wireshark根据...
4. **WinPcap 4.0.1** - 系统监视程序,用于抓取网络数据包。 5. **Sun Java** - SDM运行所需的支持环境。 #### 三、步骤详解 ##### A. 准备软件 确保所有软件都已经下载并安装完毕,安装过程中按照默认选项即可。 ...
- 分析UDP数据包中的敏感信息、IP地址、端口号等关键信息。 - 通过过滤和统计,了解UDP数据包的分布情况。 ##### 9.2 TCP通信模式数据包分析 - 分析TCP数据包中的关键字段,如序列号、确认号等。 - 评估数据传输的...
- 示例:`tcpdump -n -i 网卡名 -w 输出文件名 host 192.168.42.100 and port 80`,抓取主机 `192.168.42.100` 在端口 80 上的数据包。 #### 十一、开发人员进阶技能 - **磁盘分区** - 使用 `fdisk` 工具对磁盘...