Packet Decoding

How to decode undecoded packet which we get from getPayload method from PcapPacket?

Hi,

How to decode and get the .au audio file from undecoded packtes which i got from getPayload() method.

Regards,
Gomathi.K

New to packet capture analysis

Hi,

I am new to packet capturing and analysis and I am trying to use jnetpcap libraries with java code to open file.pcap which was captures by wire shark.

I used the code below, but I don't think that I am on the right track. My requirement is to load the pcap file and convert it to byte[].

      System.out.println("In MAIN");
        StringBuilder sb = new StringBuilder();

        int snaplen = 64 * 1024;           // Capture all packets, no trucation
        int flags = Pcap.MODE_PROMISCUOUS; // capture all packets
        int timeout = 10 * 1000;           // 10 seconds in millis

        Pcap pcap=null;

        try {
            pcap = Pcap.openOffline("C:\\myFile.pcap", sb);

        } catch (Exception e) {
            e.printStackTrace();
        }
        System.out.println("After pcap openOffline");

        if (pcap == null) {
            System.out.println("pcap == null");
            return;
        }
        System.out.println("pcap.src: " + sb.toString());
        
    }

Any help will be appreciated and I will continue to look through the tutorials.

Thanks.

Multiple interface Packet order

Hi everyone,

I listen 2 interface and add all packets to queue (FIFO). When I retrieve from queue, packets are not time based ordered (Packets ordered for same interface). I check my thesis using snoop and wireshark (timestamp value). Is there any way to packets arrived to time ordered not depends on interfaces.
I get packets using PcapPacketHandler class nextPacket functions.

Thanks.

thread safety

Hi,

I use JController.nextPacket and AbstractMessageHeader.decodeHeader() in a multithreaded environment, but it is unstable at times.

I just wanted to know whether the inQ, outQ used in JController and AbstractMessageHeader is thread safe or not.

Thanks,
Ujjwal

Getting header information from existing Pcap file (offline)

Hi,
I am new to jNetPcap and I am trying to read an existing Pcap file and do the following:

1) "Parse" the different protocol headers (IP, UDP, RTP) and extract the information to store it in another variable. I have seen the NextEx example and it has helped me with this. However, I still have some issues with the RTP header. Depending on the Pcap file I provide, the "packet.hasHeader(rtp)" will return false even if there really is an RTP header present. Any ideas of how I can fix this or bypass this error? The reason I need the RTP is because I want its payload (in fact I only want RTP packets from the Pcap file). If there's another way to get the payload from such a packet and store it as a string, that would be perfect for me.

2) I want to store the IP, UDP and RTP headers as a (hex) string in their original form. For example:
45b800c8660b00007e112d3ec00a58e7c00a62e7520c296800b443f98000497f000d32209b470000ffffffffff...

My problem is that the JHeader.toString() method gives this information with TOO MUCH detail. Is there a simpler method that I can use to only get the header as a simple string?

Thanks for your help