Menu

Tutorial 2 Example 4

Bernardo Bulgarelli Labronici

Example 4

Capture a Single Raw Frame, and a Single Parsed Frame.
Capturing Frame by Frame

        //Create a connection to pcap
        //For now let's ignore maxFrameLength, since it depends on the creation
        //of filter to work.
        Capture cap = new Capture(0);

        try {


            //Let's get all the devices available in the machine for pcap
            //If any error occurs it will be throw as an NetworkDeviceException
            List<NetworkDevice> networkDevices = cap.getNetworkDevices();

            //Assuming the first device is a valid device for capture.
            //we can use it.
            //Print basic info of device
            //We will connect to this device to sniff packets from
            NetworkDevice device = networkDevices.get(0);

            System.out.println();
            System.out.println("  Pcap Device Name: " + device.getName());
            System.out.println("Device Description: " + device.getDescription());
            System.out.println();

            //####################################
            //There is no Adapter added, because we will not use callback function

            //Connect to device (wait FOREVER until at least one packet arrive)
            cap.connect(device, 0);

            System.out.println("Raw Data");
            //Empty header
            CaptureHeader header = new CaptureHeader();

            //Capture a raw frame
            ByteBuffer streamRaw = cap.CaptureNextExFrameRaw(header);

            System.out.println("capture length: " + header.getCaptureLength());
            System.out.println("Stream length: " + streamRaw.capacity());

            System.out.println();
            System.out.println("Parsed Data");
            Frame frame = cap.CaptureNextExFrame();

            System.out.println("capture length: " + header.getCaptureLength());

            EthernetPdu eth = frame.getPduByClass(EthernetPdu.class);
            if(eth != null)
                System.out.println("Protocol encapsulated by Ethernet: " + eth.getEtherType().getName());

            //Close the Capture Device
            cap.close();

        }catch(NetworkDeviceException e){

            System.err.println("Error in the cap.getNetworkDevices();");
            e.printStackTrace();

        }catch(CaptureS4JException e){

            System.err.println("Error in the connection.");
            e.printStackTrace();

        }catch (JNIException e) {

            System.err.println("Error With the Dll");
            e.printStackTrace();

        } catch (NotSupportedDatalinkS4JException e) {

            System.err.println("Datalink not Supported, only Ethernet");
            e.printStackTrace();
        }

You can capture Frame by Frame with the functions

  • cap.CaptureNextExFrameRaw(header);
  • cap.CaptureNextExFrame();

The function CaptureNextExFrameRaw(header) received an empty CaptureHeader Object that will be populated with this capture information’s

            //Empty header
            CaptureHeader header = new CaptureHeader();

            //Capture a raw frame
            ByteBuffer streamRaw = cap.CaptureNextExFrameRaw(header);

The function CaptureNextExFrame() don't need such object since its information will be inside Frame object itself.

This two functions allow the capture of one frame at a time, without callback functions.

Warning If you decide to use this function, be aware that it will be your application responsibility to read the packets from the Network Device before the Operational System flushes them out, otherwise you may lose some packets.

Related

Wiki: Tutorial

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.