Shulou(Shulou.com)06/02 Report--

This article mainly explains "how to use Jpcap", interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let Xiaobian take you to learn "how to use Jpcap"!

One. Why do we need JPCAP?

Java's. net package provides APIs related to TCP and UDP transport layer protocols. Users can only operate transport layer data. If they want to directly operate the network layer {for example, write their own transport layer datagrams (write their own transport layer headers), or write their own IP packets and send them to the network}, they are powerless. The JPCAP extension compensates for this by enabling us to receive IP packets from and send IP packets to the NIC.

Two. What is Jpcap? How does JPCAP work?

Jpcap is actually not a real way to achieve control of the data link layer, but a middleware, JPCAP calls wincap/libpcap, and provides a common interface to the JAVA language, thus achieving platform independence.

Three. How to configure Jpcap(Jpcap installation)?

Jpcap download address: http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/download.html

After downloading, install directly, install, copy the generated jar file and dynamic library dll file to

%JAVA_HOME%\lib\ext\and %JAVA_HOME%\jre\bin\directories.

Because Jpcap is the wincap called, you must put dynamic libraries under jre/bin. Put the jar under ext, then you don't need to load the jar package in the project

IV. Jpcap steps

1. First, get a list of all network cards

NetworkInterface[] devices = JpcapCaptor.getDeviceList();

2. Open a catcher via the NIC. //openDevice(NetworkInterface intrface, int snaplen, boolean promics, int to_ms); JpcapCaptor captor=JpcapCaptor.openDevice(device[index], 65535, false, 20);

Meaning of each parameter:

intrface network card that needs to be monitored

snaplen *** Length of data packet captured each time (set to IP packet *** length)

promics Filter (IP packets whose Mac address is not the current NIC)

to_ms timeout

3. Capturing data with a catcher:

There are two ways:

3.1. Callback Method

3.1.1. Implement a method handler interface class PacketReceiver and register an object of that class in the catcher. (The implementation of the callback method is actually the listener model)

3.1.2. There are two ways to register a message processor (PacketReceiver) with a captor (JpCaptor

captor.processPacket(int number,PacketReceiver reciver);//1 loopPacket(int number,PacketReceiver reciver);//2

Parameter significance:

*** Parameters are the number of IP packets to be captured,-1 means always captured.

The second parameter indicates the processor to register.

Difference between processPacket() and loopPacket():

The statement given in the Tutorial is:

Usually you might want to use processPacket() because it supports timeout and non_blocking mode, while loopPacket() doesn't.

However, processPacket() and loopPacket() are clearly implemented through callback methods, callback methods use the listener model, is not the moment when a module is called uncertain, only to use it? If so, then there is no block. Here also please master pointing out.

In addition, in the test done by myself: when using loopPacket(), there will always be callbacks, but the use of processPacket() program ends directly, and it is useless to set the nonblock to flase for the catcher.

3.2. Active acquisition.

Through the catcher getPacket() can be active, a packet of data packet acquisition.

Compare:

Active acquisition, you can take the initiative to acquire it every time you need to process data packets. Then write the processing logic. But because you don't know when to generate a packet, and keep calling getPacket(), it is undoubtedly inefficient. (Active acquisition, regardless of whether there is a package, will always execute a loop to obtain)

With callback methods, we can invoke our processing logic when the required packets are generated, which is undoubtedly more elegant.

Five. What you can do with Jpcap

1. Jpcap is to grab data packets directly through the data link layer. So you can write IP packets yourself and send them directly to the data link layer.

2. Jpcap will parse the captured data packet according to a certain program, and encapsulate the data packet into a corresponding object according to the content of the data packet ().

3. Filter data packets according to the information set by the user (in fact, when parsing, discard unnecessary data directly without parsing)

4. Jpcap only reads data directly from the data link layer and sends data to the data link layer. Therefore, Jpcap cannot operate other programs to read data from the data link layer or send data to the NIC. (IP layer protocol procedure)

So we can use Jpcap:

1. Monitoring network content

2. Customize transport layer and even network layer network protocol (net package, we can only customize reference to this protocol)

In progress: ARP spoofing using Jpcap, so that IP packets for the entire subnet are sent to me, so that the entire local area network can be monitored.

At this point, I believe everyone has a deeper understanding of "how to use Jpcap," so let's actually operate it! Here is the website, more related content can enter the relevant channels for inquiry, pay attention to us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.