It all sounds Geek to me! [Gautam Arora]

Thursday, April 21, 2005

A Simple Packet Sniffer using Java

This document will help you make your very own small and simple packet sniffer using Java or in more explanatory terms, using the ‘waseda’ JPcap library.

We will develop a simple command-line packet sniffer application on the Windows platform using the WinPcap packet capture library (you can alternatively use libpcap for UNIX based machines).

The document will flow in the given style:

  • Definitions
  • Installing JPcap in Windows (which requires WinPcap installation)
  • Writing a Packet Sniffer

Definitions:


Packet Sniffing: is the process of capturing network traffic and inspecting it closely to determine what is happening on the network. A sniffer analyzes the data packets of common protocols and displays the network traffic in human-readable format.


Libcap: a system-independent interface for user-level packet capture. Libpcap provides a set of functions independent from the hardware and the operating system that an application can use to capture packets from a network.

TcpDump: uses the functions exported by libpcap to capture packets, set packet filters and communicate with the network adapter.


Winpcap: is an architecture that adds to the operating systems of the Win32 family

the ability to capture the data of a network using the network adapter of the machine (or in other terms, the libpcap for Windows).


WinDump: is the TcpDump for Windows from user point of view ( The kernel part is Windows specific and it is very different according to various Windows flavors).


JPcap: is a Java class package which enables to capture and send IP packets from Java application. This package uses libpcap and Raw Socket API.

P.S. Raw sockets and ICMP aren't available in Java natively, and this is where Jpcap comes to the rescue!

Installation:

1) Download and install Javatm2 Platform, Standard Edition (J2SEtm) JRE or SDK. java.sun.com/download


2) Download and install the latest WinPcap.

from http://winpcap.polito.it/install/default.htm

WinPcap 3.0 download: Windows 95/98/ME/NT/2000/XP WinPcap auto-installer (driver +DLLs)

P.S. Using the auto-installer will save you the effort of compiling it yourself

3) a. Download and extract the latest Jpcap. i.e. Jpcap ver.0.4 (Released on 4/1/03) jpcap-0.4.zip from http://netresearch.ics.uci.edu/kfujii/jpcap/doc/index.html

b. Copy "lib\Jpcap.dll" into "[JRE directory]\bin" or "[JRE directory]\lib\ext\x86"

c. Copy "lib\jpcap.jar" into "[JRE directory]\lib\ext"

d. If you installed J2SE SDK, you also need to copy "lib\jpcap.jar" into "[SDK directory]\jre\lib\ext".

Note: [JRE directory] is usually "C:\Program Files\Java\j2re*".
[SDK directory] is usually "C:\j2sdk*".


Writing a packet sniffer

// 1.Import the jpcap library \\

import jpcap.*;

// 2.Create a class called JSniffer that’s implements JpcapHandler

// (This interface is used to define a method to analyze the captured packets,

// which is used in Jpcap.handlePacket()) \\

class JSniffer implements JpcapHandler

{

// 3.The handlePacket() method is called everytime a packet is captured

// and the parameter is the packet to be analyzed \\

*/

public void handlePacket(Packet packet)

{

System.out.println(packet);

}

// 4.The main comes now! \\

public static void main(String[] args) throws java.io.IOException

{

// 5.The getDeviceDescription() is a static method of class Jpcap

// and can be called using the class name itself!

// It returns the description of the interfaces which is saved in lists[] \\

String[] lists=Jpcap.getDeviceDescription();

System.out.println("\n\t\t***My Simple Network Sniffer***\n");

System.out.println("Start capturing on "+lists[0]);

// 6.The openDevice() is a static method of Jpcap class

// and returns an instance of this class.

// The parameters are in the following order:

// (i)device (ii)snaplen (iii)promisc (iv)to_ms \\

Jpcap jpcap=Jpcap.openDevice(Jpcap.getDeviceList()[0],1000,false,20);

// 7.We use the instance returned by the openDevice() methos to capture packets

// using loopPacket() that captures the specified number of packets consecutively

// The parameter list is: (i)count (ii)a Jpcap handler \\

jpcap.loopPacket(-1,new JSniffer());

}

}

  • Save the above file as JSniffer.java
  • Now go to the console window and move to the above directory where you have saved JSniffer.java
  • # javac Jsniffer.java
  • #java JSniffer

That’s it!

Your sniffer should now be able to sniff all packets on your network, if you are connected to one!

If you are not connected to a network, you could try ping-ing, telnet-ing or ftp-ing to local host to create a few packets that could be sniffed by the sniffer.

Next time, we will make a Simple Port Scanner!

12 comments:

Anonymous said...

do you have a ping program that works with your sniffer?

Anonymous said...

it would greatly help our thesis?
thanks so much men...
im a geek also but i cannot find a way to do the ping program...

how long did it took you to finish the sniffer program?

Arun Reginald said...

I had been trying to download JPCAP and WinPCAP, but couldn't. The links must have had moved from their original locations. Can you help me find the right addresses to where the libraries might still be available? It would be grateful of you to contact me one-on-one using e-mail communications. Thanks.

Pushkar Paranjpe said...

Great Work !
I'll be tryin it out soon. :)

uiyui said...

Day night,gold für wow the moon or on world of warcraft gold the tree,cheap wow gold Hao Jie pouring down the moonlight, as if accompanied by Xiaotu Feifei enter sweet dreams. In the dream, a dream Feifei about his sister to the moon night. Will open the door,wow gold kaufen go down the moon sister.mesos Xiaochanzouxia take is that they did not see the moon sister. At that time, anchored at the tree on the moon sister saw Xiaochan, they yelled loudly: "Feifei, Feifei, I tree, the tree, I." Xiaochan sit at the moon to his sister, who Daizhaoxiaochan came wow geld to the beautiful pond. Only, water,maple story mesos everywhere in the lush leaves and beautiful flowers.maple story items A frog squatting lotus leaf, see Xiaochan, surprised and said: "Xiaochan,wow gold farmen you can even sit on the moon. You simply It's amazing!maple story money I am sure that you are the first animals to the moon by the animal. good,wow leveling I envy you!Maple Story Accounts "Xiaotu listening, happy to smile. Then, with the moon sister Xiaotu to its home.powerlevel Only, the moon sister's home stars are everywhere. The eyes of a star a Zha Zha,world of warcraft power leveling like Xiaotu greeted the arrival of a mouth, like: "Xiaochan, Hello, we at the Moon Palace waiting for your arrival."maple story powerleveling Xiaotu listened

Anonymous said...

This howto is out of date, but in little changes it still works. Heres my repaired version that works on JRE 6

// 1.Import the jpcap library \\

import jpcap.*;
import jpcap.packet.Packet;
import jpcap.PacketReceiver;


// 2.Create a class called JSniffer that’s implements JpcapHandler

// (This interface is used to define a method to analyze the captured packets,



class JSniffer1 implements PacketReceiver

{

// 3.The handlePacket() method is called everytime a packet is captured

// and the parameter is the packet to be analyzed \\


public void receivePacket(Packet packet) {
System.out.println(packet);

}


// 4.The main comes now! \\


public static void main(String[] args) throws java.io.IOException

{

// 5.The getDeviceDescription() is a static method of class Jpcap

// and can be called using the class name itself!

// It returns the description of the interfaces which is saved in lists[] \\

NetworkInterface[] lists=jpcap.JpcapCaptor.getDeviceList();

//Jpcap.getDeviceDescription();

System.out.println("\n\t\t***My Simple Network Sniffer***\n");

System.out.println("Found following devices:");
for(NetworkInterface s: lists)
{
System.out.println("Name: " + s.name +" Description: " + s.description);

}



// 6.The openDevice() is a static method of Jpcap class

// and returns an instance of this class.

// The parameters are in the following order:

// (i)device (ii)snaplen (iii)promisc (iv)to_ms \\

JpcapCaptor jpcap=JpcapCaptor.openDevice(JpcapCaptor.getDeviceList()[1],1000,false,20);

// 7.We use the instance returned by the openDevice() methos to capture packets

// using loopPacket() that captures the specified number of packets consecutively

// The parameter list is: (i)count (ii)a Jpcap handler \\

jpcap.loopPacket(-1,new JSniffer1());

}


}

So only some method names have changed. I also added list of your network devices so u can change the number what u want your sniffer to use (getDeviceList()[1]) <---- this

Books In Order said...

I was looking to get someone to develop a working code for me. Would you be able to help at all?

Helen Neely

Sanyo HD Video Camera said...

I used this sniffer code a while ago and was blown away at how effective it was. Not sure many people still use it.

Will give it a spin again soon.

Pathan said...
This comment has been removed by the author.
Pathan said...

First of all thanx a lot Gautam for such nice blog ,

well i have one problem ,

i tried using jpcap library capturing a packet , i am getting like this :

Received packet :1282603371:451380 /10.10.2.60->/10.255.255.255 protocol(17) priority(0) hop(128) offset(0) ident(13480) UDP 137 > 137

actually what i want is by pinging my machine from any other machine in the LAN , whatever ICMP packets get transmitted , i want to capture those packets only and want to separate all its fields.

And please explain fields in above output .

i am using windows OS and java technology

pradnya said...

I am also using jpcap for capturing packets. But when i use loopback() or processPacket()method it gives error. it looks something like....
jpcap.loopPacket(-1,new CapturePacket());
cast the CapturePacket object to PacketReciever and altough i do it... I get the runtime error "nullpointerexception"
And also i cant get the content or payload of the packet which i want for my project purpose....
please help me out.... it is really important for me to get out of it...

Suzen said...

what do you mean by:

Now go to the console window and move to the above directory where you have saved JSniffer.java
# javac Jsniffer.java
#java JSniffer

Thank you. :)