Menu

Tutorial 2 Example 3

Bernardo Bulgarelli Labronici

Example 3

Save Frames to .pcap file and advance info on Frame.

The Frame Class present a series of information, among them is the current datalink.
Datalink roughly speaking, is the first protocol type used by the underling Network Device, e.g. DLT_EN10MB is datalink 1 (Ethernet IEEE 802.3 Ethernet 10Mb, 100Mb, 1000Mb, and up see http://www.tcpdump.org/linktypes.html).

        //Create a connection to pcap
        //For now let's ignore maxFrameLength, since it depends on the creation
        //of filter to work.
        Capture cap = new Capture(0);

        try {


            //Let's get all the devices available in the machine for pcap
            //If any error occurs it will be throw as an NetworkDeviceException
            List<NetworkDevice> networkDevices = cap.getNetworkDevices();

            //Assuming the first device is a valid device for capture.
            //we can use it.
            //Print basic info of device
            //We will connect to this device to sniff packets from
            NetworkDevice device = networkDevices.get(0);

            System.out.println();
            System.out.println("  Pcap Device Name: " + device.getName());
            System.out.println("Device Description: " + device.getDescription());
            System.out.println();

            System.out.println();

            //Add a new adapter to the Capture Listener.
            //Datalink for all the packets in the stream will be the same, since the capture is 
            //openned for a device in a specific datalink in use
            cap.addListener(new CaptureAdapter(){


                //This function is called by Sniffer4J.Dll for each new received Frame
                @Override
                public void capture(Frame frame) {

                    //Get description for this datalink
                    String dataLinkDescription = Capture.getDataLinkDescription(frame.getDatalink());

                    System.out.println("Frame datalink :" + frame.getDatalink());
                    System.out.println("      datalink :" + dataLinkDescription);
                    System.out.println("  Capture Time :" + frame.getSeconds());
                    System.out.println("");

                }

            }); 


            //Connect to device (ignore timeout, show packets as they arrive)
            cap.connect(device, -1);

            //Show pcap version
            System.out.println("pcap Version: ");
            System.out.println(cap.getPcapVersion());

            //Save Capture packets to this file in pcap format.
            //This file can be opened later with cap.connectFile("captureTeste.pcap");
            //as shown in Example5, or any software that accepts pcap files, like wireshark
            //HAVE TO SET TO AN OPEN CAPTURE
            cap.addFileListener("captureTeste.pcap");


            //Supported datalinks for the connected Network device
            //HAVE TO SET TO AN OPEN CAPTURE
            Map<Integer, String> supportedDataLinks = cap.getSupportedDataLinks();
            Set<Entry<Integer, String>> entrySet = supportedDataLinks.entrySet();
            System.out.println("Supported Datalinks for this device:");
            for(Entry<Integer, String> entry : entrySet){

                System.out.print(" Code: " + entry.getKey());
                System.out.println(" Description: " + entry.getValue());


            }


            //Start the Capture and block until the 20 packet has been received and processed
            //by CaptureAdapter
            cap.CaptureFramesLoop(20);

            //Close the Capture Device
            cap.close();

        }catch(NetworkDeviceException e){

            System.err.println("Error in the cap.getNetworkDevices();");
            e.printStackTrace();

        }catch(CaptureS4JException e){

            System.err.println("Error in the connection.");
            e.printStackTrace();

        }catch (JNIException e) {

            System.err.println("Error With the Dll");
            e.printStackTrace();

        } catch (IOException e) {

            System.err.println("Cannot open File to Save to");
            e.printStackTrace();

        } catch (NotSupportedDatalinkS4JException e) {

            System.err.println("Datalink not Supported, only Ethernet");
            e.printStackTrace();
        }

In order to save captured Packets to a .pcap file, all you have to do is to add listener to a file

  cap.addFileListener("captureTeste.pcap");

In the example will be created the file "captureTeste.pcap". The only requirement is that the Capture Object is already connected to a device. Not in the example that the connection

    cap.connect(device, -1);

Happens before the addition of the listener.

In order to make thoroughly examination of the datalinks, we need to gather the supported datalinks of the Network device. This can be done with the command:

Map<Integer, String> supportedDataLinks = cap.getSupportedDataLinks();

Which returns a Map with the index of the datalink and its description.

Related

Wiki: Tutorial

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.