Sniffer4J Wiki
A java packet sniffer and forger that wraps pcap libs.
Status: Beta
Brought to you by:
bernardobl
Menu
▾
▴
Tutorial 4 Example 3
Example 3
Sending Icmp (IpV4 and IpV6) to the network
It is possible to easilly see this packets been sent to network with Wireshark https://www.wireshark.org/
just use the follow filter
eth.dst == 00:01:02:03:04:05
This filter will only allow packets with the above mac address.
WARNING
Be extra careful when inject synthetic packets to your network. Make sure you known what you are doing, or that you are using a completely separate network to do so.
Conflict of IP and Mac address may cause some of you servers to stop working or present odd behavior.
BE WARNED!!
Make sure there is no Mac address 00:01:02:03:05:06, or Ip address 1.2.3.4 or 2.3.4.5, if so change it accordingly
//Create a connection to pcap
//For now let's ignore maxFrameLength, since it depends on the creation
//of filter to work.
Capture cap = new Capture(0);
try {
//Let's get all the devices available in the machine for pcap
//If any error occurs it will be throw as an NetworkDeviceException
List<NetworkDevice> networkDevices = cap.getNetworkDevices();
//Assuming the first device is a valid device for capture.
//we can use it.
//Print basic info of device
//We will connect to this device to sniff packets from
NetworkDevice device = networkDevices.get(0);
System.out.println();
System.out.println(" Pcap Device Name: " + device.getName());
System.out.println("Device Description: " + device.getDescription());
//Connect to device (ignore timeout, show packets as they arrive)
cap.connect(device, -1);
Address destinationMac = Address.getMacAddress(
new byte[]{(byte)0,(byte)1,(byte)2,(byte)3,(byte)4,(byte)5});
Address sourceMac = Address.getMacAddress(
new byte[]{(byte)0,(byte)1,(byte)2,(byte)3,(byte)6,(byte)5});
System.out.println(destinationMac.isMacAddress());
//Several Packets to send
EthernetPdu eth = new EthernetPdu(destinationMac,sourceMac, EtherTypeProtocol.ARP);
Address sourceIp = Address.getIpAddress(
InetAddress.getByName("1.2.3.4").getAddress());
Address destIp = Address.getIpAddress(
InetAddress.getByName("2.3.4.5").getAddress());
IpV4Pdu ipV4 = new IpV4Pdu(sourceIp, destIp, IpProtocol.ICMP);
ipV4.setTimeToLive((byte)10);
//Ip header returned in the Icmp message
IpV4Pdu ipreturn = new IpV4Pdu(sourceIp, destIp, IpProtocol.TCP);
ipV4.setTimeToLive((byte)10);
TcpPdu tcpRetur = new TcpPdu((short) 57, (short) 44);
ipreturn.setNextPDU(tcpRetur);
IcmpDataEcho echo = new IcmpDataEcho(
(short)1234,
(short)6677,
"TEST OF ICMP ECHO".getBytes());
IcmpV4Pdu icmpV4 = new IcmpV4Pdu(
IcmpV4Protocol.ECHOREPLY,
(byte)0,
(short)0,
echo);
//# SENDING ################################
//EthernetII + Ipv4 + icmp with Echo reply
eth.setEtherType(EtherTypeProtocol.IPV4);
ipV4.setNextPDU(icmpV4);
ipV4.setTotalLength((short)(ipV4.getLength() + icmpV4.getLength()));
eth.setNextPDU(ipV4);
cap.sendFrame(eth);
//# SENDING ################################
//Icmp MASK Reply
icmpV4.setType(IcmpV4Protocol.MASKREPLY);
IcmpV4DataAddressMask mask = new IcmpV4DataAddressMask(
(short)1234,
(short)6677,
Address.getIpAddress(new byte[]{(byte)0xFF, (byte)0xFF,
(byte)0x0, (byte)0x0}));
icmpV4.setIcmpData(mask);
ipV4.setTotalLength((short)(ipV4.getLength() + icmpV4.getLength()));
cap.sendFrame(eth);
List<IcmpMultipartObject> multiObjs = new ArrayList<IcmpMultipartObject>();
IcmpMultipartObject obj1 = new IcmpMultipartObject((byte)0, (byte)0, sourceIp.getAddress());
IcmpMultipartObject obj2 = new IcmpMultipartObject((byte)13, (byte)2, destinationMac.getAddress());
multiObjs.add(obj1);
multiObjs.add(obj2);
IcmpMultipart multi = new IcmpMultipart(multiObjs);
//# SENDING ################################
//Icmp Redirect Message
IcmpV4DataRedirecMessage redirect = new IcmpV4DataRedirecMessage(sourceIp,ipreturn);
icmpV4.setType(IcmpV4Protocol.REDIRECTMESSAGE);
icmpV4.setIcmpData(redirect);
ipV4.setTotalLength((short)(ipV4.getLength() + icmpV4.getLength()));
cap.sendFrame(eth);
//# SENDING ################################
//Icmp Destination unreacheble
IcmpV4DataMultiparts header = new IcmpV4DataMultiparts(ipreturn,multi);
icmpV4.setType(IcmpV4Protocol.DESTIUNREACH);
icmpV4.setIcmpData(header);
ipV4.setTotalLength((short)(ipV4.getLength() + icmpV4.getLength()));
cap.sendFrame(eth);
//Close the Capture Device
cap.close();
}catch(NetworkDeviceException e){
System.err.println("Error in the cap.getNetworkDevices();");
e.printStackTrace();
}catch(CaptureS4JException e){
System.err.println("Error in the connection.");
e.printStackTrace();
}catch (JNIException e) {
System.err.println("Error With the Dll");
e.printStackTrace();
} catch (IllegalPduExecption e) {
System.err.println("Ops... Corrupted Pdu");
e.printStackTrace();
} catch (UnknownHostException e) {
System.err.println("Ops... This is Not an IP address");
e.printStackTrace();
} catch (NotSupportedDatalinkS4JException e) {
System.err.println("Datalink not Supported, only Ethernet");
e.printStackTrace();
}
All Icmp messages follow this pattern:
- There is an abstract class to represent the value field called Value Class
- There is a base Class (Base) with a data field to the Value Class
- Each type have a proper concrete Class of Value
- The follow diagram class give an brief idea of the concept.
