Read the packet capture obtained by tcpdump in Java

I want to read the result of packet capture with tcpdump, but I want to read it with some program instead of checking it with Wireshark. I was able to load it using a Java library called pkts, so make a note of what I did.

The command that captured

I want to get a list of communication destination domains from the first SYN packet and DNS response of the TCP handshake, so I set the filter as follows

#Extract packets that meet any of the following conditions
# -The SYN flag is set and the ACK flag is not set.
# -Source port is 53(DNS)
sudo tcpdump -s 0 -i en0 -nn -w tcpdump.pcap \('(tcp[tcpflags] & tcp-syn)' != 0 and '(tcp[tcpflags] & tcp-ack) ==0'\) or src port 53

How to read in Java

I used a Java library called pkts. Some of the simple implementation examples are as follows.

final Pcap pcap = Pcap.openStream("tcpdump.pcap");
pcap.loop(new PacketHandler() {
  @Override
  public boolean nextPacket(Packet packet) throws IOException {
    if (packet.hasProtocol(Protocol.UDP)) {
      System.out.println(packet.getPacket(Protocol.UDP).getPayload());
    }
  }  
}

In the case of IPv4 or UDP, the information of the header part can be acquired by acquiring the packet.

if (packet.hasProtocol(Protocol.IPv4)) {
  IPv4Packet ipv4Packet = (IPv4Packet) packet.getPacket(Protocol.IPv4);
  String srcIP = ipv4Packet.getSourceIP();
  String dstIP = ipv4Packet.getDestinationIP();
}

If you want to read the contents of Payload, you can get it as a byte array by the following method.

UDPPacket udpPacket = (UDPPacket) packet.getPacket(Protocol.UDP);
Buffer buffer = udpPacket.getPayload();
byte[] bytes = buffer.getArray();

The part to be parsed as a DNS packet needs to be written by yourself with reference to the DNS packet format. In the case of DNS, it is a little troublesome because the domain part and the number of responses are variable. Here is a very crude implementation that aims to read only in characters without worrying about the format.

Referenced link

Recommended Posts

Read the packet capture obtained by tcpdump in Java
[Java] Read the file in src / main / resources
[Java] Judgment by entering characters in the terminal
Read JSON in Java
[Java] Integer information of characters in a text file acquired by the read () method
Read binary files in Java 1
Read standard input in Java
Read binary files in Java 2
Correct the character code in Java and read from the URL
Access the network interface in Java
Guess the character code in Java
Easily read text files in Java (Java 11 & Java 7)
Read Java properties file in C #
Specify the java location in eclipse.ini
Read CSV in Java (Super CSV Annotation)
Unzip the zip file in Java
Parsing the COTOHA API in Java
Call the super method in Java
Web application structure by Java and processing flow in the presentation layer
[Java] The story that the expected array was not obtained by the String.split method.
Get the result of POST in Java
Duplicate Map sorted by key in Java
Java reference to understand in the figure
Try using the Stream API in Java
Call the Windows Notification API in Java
I tried the new era in Java
[Java] Use cryptography in the standard library
Organized memo in the head (Java --Array)
Try calling the CORBA service in Java 11+
What is the main method in Java?
Read Felica using RC-S380 (PaSoRi) in Java
Read xlsx file in Java with Selenium
How to get the date in java
The story received by Java SE11 silver
The story of writing Java in Emacs
Console input in Java (understanding the mechanism)
Sort by multiple fields in the class
[Java] Various methods to acquire the value stored in List by iterative processing
[Java] Rewrite the functions created by myself in the past from java.io.File with NIO.2.
Parse the date and time string formatted by the C asctime function in Java
Provisional memo when the name of the method parameter of the Java class cannot be obtained by reflection in the Eclipse plug-in project.
Regarding the transient modifier and serialization in Java
Read the file line by line VS read at once
Preventing mistakes in the Logger name by copying
The story of low-level string comparison in Java
[Java] Handling of JavaBeans in the method chain
About the confusion seen in startup Java servers
The story of making ordinary Othello in Java
Read a string in a PDF file with Java
About the idea of anonymous classes in Java
ChatWork4j for using the ChatWork API in Java
A story about the JDK in the Java 11 era
Organized memo in the head (Java --Control syntax)
The intersection type introduced in Java 10 is amazing (?)
The story of learning Java in the first programming
Measure the size of a folder in Java
Feel the passage of time even in Java
Organized memo in the head (Java --instance edition)
Capture and save from selenium installation in Java
Add, read, and delete Excel comments in Java
Organized memo in the head (Java --Data type)