java 使用-Java解析从wireshark文件中获取的pcap
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31630646/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Parsing pcap taken from wireshark file using - Java
提问by MBH
I am working on converting PCAP file taken from wireshark using JAVA without using native or ready libraries.
我正在使用 JAVA 转换从 wireshark 获取的 PCAP 文件,而不使用本机或现成的库。
i converted the bytes to string directly just for checking the meaningful parts of it.
我直接将字节转换为字符串只是为了检查它的有意义的部分。
then i tried to convert it from hexadecimal to string. It was not meaningful.
然后我尝试将其从十六进制转换为字符串。这没有意义。
there is java library jNetPcapwhich is wrapping all the libpcap library native calls which is written in c.
有 java 库jNetPcap它包装了所有用 c 编写的 libpcap 库本机调用。
The following picture is captured the wireless network. so the pcap contains the same information: Source ip, destination ip, protocol, length and info
下图是无线网络拍摄的。所以 pcap 包含相同的信息:源 ip、目标 ip、协议、长度和信息
I am trying to get the same result form the pcapfile which contains the data in hexadecimal or binary:
我试图从包含十六进制或二进制数据的pcap文件中获得相同的结果:
d4c3 b2a1 0200 0400 0000 0000 0000 0000
0000 0400 0100 0000 2fd4 b355 2af8 0600
3600 0000 3600 0000 0100 5e00 0016 f409
d8ed d951 0800 46c0 0028 0000 4000 0102
4049 c0a8 0308 e000 0016 9404 0000 2200
fa02 0000 0001 0300 0000 e000 00fb 2fd4
at the end i want to get to the output to be like something like this:
最后,我想得到像这样的输出:
Any clue or suggestions where to get the packets and file format can help me alot. there maybe somebody else who already came along with this problem ?
任何从何处获取数据包和文件格式的线索或建议都可以帮助我很多。也许其他人已经遇到了这个问题?
Thank you
谢谢
采纳答案by CrazyPyro
The asker mentioned that jNetPcap is not ideal because it wraps a native library. In the time since the accepted answer, a pure Java library has emerged: https://github.com/aboutsip/pkts
提问者提到 jNetPcap 并不理想,因为它包装了一个原生库。在接受答案后的时间里,出现了一个纯 Java 库:https: //github.com/aboutsip/pkts
回答by Garry
I found this on another blog and may seems helpful to you:
我在另一个博客上找到了这个,可能对你有帮助:
you can read offline pcap file like this (all of the packets): http://jnetpcap.com/node/905
Extract necessary information and save them one by one in the Txt files.
您可以像这样读取离线 pcap 文件(所有数据包):http: //jnetpcap.com/node/905
提取必要的信息并将它们一一保存在 Txt 文件中。
in order to extract information, you can do like this: http://jnetpcap.com/tutorial/usage
为了提取信息,您可以这样做:http: //jnetpcap.com/tutorial/usage
