java sniffer_用Java来实现的Sniffer
【摘要】
没有办法, 不得不做啊, 还得靠这个东西混学分呢。
老师给的例子是用VC写的, 说心里话, 俺对VC不感兴趣, 所以就想用Java来实现。
但是java是无法直接访问raw socket的, 所以如果要实现sniffer的功能的话, 只能通过jni调用本地的接口, 实际上还是要用VC来写。 不过从网上搜了搜, 发现已经有前人做过了,所以俺就省事儿了, 直接拿过来用吧。
看到有两个地方介绍的, 一个是
【全文】
没有办法, 不得不做啊, 还得靠这个东西混学分呢。
老师给的例子是用VC写的, 说心里话, 俺对VC不感兴趣, 所以就想用Java来实现。
但是java是无法直接访问raw socket的, 所以如果要实现sniffer的功能的话, 只能通过jni调用本地的接口, 实际上还是要用VC来写。 不过从网上搜了搜, 发现已经有前人做过了,所以俺就省事儿了, 直接拿过来用吧。
看到有两个地方介绍的, 一个是:
http://www.savarese.org/software/rocksaw/, 不过这个实现的功能有限。 而且不可以抓取数据包, 不过可以发送ICMP消息了, 这个功能在Java中是没法直接实现的。但是如果修改一下它给的c源文件, 应该就可以了。主要是它没有将网卡设置为“混杂模式”(这是我们老师这么称呼的)。
另外一个就是JPCAP了, 这个功能就强大的多了, 不过使用之前需要先安装WinPCap, 好像装其他的sniffer的时候, 也是需要这个软件的, 估计是需要它的DLL文件吧。JPCAP的下载地址是:http://www.sf.net/projects/jpcap。参照了CSDN上面yanqlv的文章,http://blog.csdn.net/yanqlv/archive/2005/12/08/547402.aspx。 俺的这个作业也就基本上做完了, 就剩下报告了 ^_^.
下面给出俺的源代码, 有兴趣的可以试着运行一下, 现在只解析出来了TCP, TDP和ARP的数据包, 其他的没有做。 实际上所有的数据都已经抓到了, 因为所有的数据是从以太网帧里面解析的。
import net.sourceforge.jpcap.capture.CaptureDeviceLookupException;
import net.sourceforge.jpcap.capture.CaptureDeviceOpenException;
import net.sourceforge.jpcap.capture.CapturePacketException;
import net.sourceforge.jpcap.capture.PacketCapture;
import net.sourceforge.jpcap.capture.RawPacketListener;
import net.sourceforge.jpcap.net.RawPacket;
public class Sniffer implements RawPacketListener {
private PacketCapture pcap;
public static int MAC_ADDRESS_WIDTH = 6;
public static int PROTOCOL_TYPE_WIDTH = 2;
public static int DEST_MAC_POS = 0;
public static int SRC_MAC_POS = DEST_MAC_POS + MAC_ADDRESS_WIDTH;
public static int ETH_FRAME_HEADER_LEN = MAC_ADDRESS_WIDTH * 2 + PROTOCOL_TYPE_WIDTH;
public static int ARP = 0x0806;
public static int IP = 0x0800;
public static int TCP = 0x06;
public static int UDP = 0x11;
public static int LOOPBACK = 0x9000;
public String INFO;
public byte[] RAW_DATA;
public int TCP_PACKET_COUNT;
public int UDP_PACKET_COUNT;
public int ARP_PACKET_COUNT;
public Sniffer() {
pcap = new PacketCapture();
try {
String[] devices = PacketCapture.lookupDevices();
pcap.open(devices[4].split("\\\n")[0], true);
pcap.addRawPacketListener(this);
pcap.capture(-1);
} catch (CaptureDeviceOpenException e) {
e.printStackTrace();
} catch (CapturePacketException e) {
e.printStackTrace();
} catch (CaptureDeviceLookupException e) {
e.printStackTrace();
}
}
// 解析以太网帧 public void rawPacketArrived(RawPacket rawPacket) {
RAW_DATA = rawPacket.getData();
int type = getInt(RAW_DATA, MAC_ADDRESS_WIDTH * 2, PROTOCOL_TYPE_WIDTH);
switch (type) {
case 0x0806: // ARP parseARP();
break;
case 0x0800: // IP parseIP();
break;
}
System.out.println(INFO);
}
public void parseIP() {
StringBuffer sb = new StringBuffer();
byte b1 = RAW_DATA[ETH_FRAME_HEADER_LEN];
byte dsf = RAW_DATA[ETH_FRAME_HEADER_LEN + 1];
String totalLength = byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN + 2, 2);
String identification = byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN + 4, 2);
String flags = byte2HexString(RAW_DATA[ETH_FRAME_HEADER_LEN + 6]);
String frameOffset = byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN + 6, 2);
String ttl = byte2HexString(RAW_DATA[ETH_FRAME_HEADER_LEN + 8]);
byte ptype = RAW_DATA[ETH_FRAME_HEADER_LEN + 9];
String cksum = byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN + 10, 2);
String SOURCE = getIPAddress(RAW_DATA, ETH_FRAME_HEADER_LEN + 12);
String DESTINATION = getIPAddress(RAW_DATA, ETH_FRAME_HEADER_LEN + 16);
sb.append("IP Version:" + (b1 >> 4));
sb.append(",Header Length:" + (b1 & 0x0F) * 4 + " bytes");
sb.append(",DSF: " + byte2HexString(dsf));
sb.append(",Total Length: 0x" + totalLength);
sb.append(",Identification 0x: " + identification);
sb.append(",Flags: 0x" + flags);
sb.append(",Frame Offset: 0x" + frameOffset);
sb.append(",TTL: 0x" + ttl);
sb.append(",Protocol Type: 0x" + byte2HexString(ptype));
sb.append(",Header Check Sum: 0x" + cksum);
sb.append(",Source:" + SOURCE);
sb.append(",Destination:" + DESTINATION);
sb.append("\n\t");
if(ptype == 0x06){ // TCP PACKET TCP_PACKET_COUNT ++;
String sport = byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN + 20, 2);
String dport = byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN + 22, 2);
String seqNum = byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN + 24, 4);
String ackNum = byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN + 28, 4);
String headerLen = byte2HexString(RAW_DATA[ETH_FRAME_HEADER_LEN + 32]);
String tcpFlags = byte2HexString(RAW_DATA[ETH_FRAME_HEADER_LEN + 33]);
String windowSize = byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN + 34, 2);
String tcpCkSum = byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN + 36, 2);
String data = byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN + 40, RAW_DATA.length - ETH_FRAME_HEADER_LEN - 40);
sb.append("[TCP Segmentaion]Source Port: 0x" + sport);
sb.append(",Destination Port: 0x" + dport);
sb.append(",Sequence number: 0x" + seqNum);
sb.append(",Acknowledgment number: 0x" + ackNum);
sb.append(",Header length: 0x" + (headerLen));
sb.append(",Flags: 0x" + (tcpFlags));
sb.append(",Window size: 0x" + windowSize);
sb.append(",Check sum: 0x" + tcpCkSum);
sb.append(",Data: 0x" + data);
}else if(ptype == 0x11){ // UDP PACKET UDP_PACKET_COUNT ++;
String sport = byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN + 20, 2);
String dport = byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN + 22, 2);
String len = byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN + 24, 2);
String udpCkSum = byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN + 26, 2);
String data = byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN + 28, RAW_DATA.length - ETH_FRAME_HEADER_LEN - 28);
sb.append("[UDP Segmentaion]Source Port: 0x" + sport);
sb.append(",Destination Port: 0x" + dport);
sb.append(",Length: 0x" + len);
sb.append(",Check sum: 0x" + udpCkSum);
sb.append(",Data: 0x" + data);
}
INFO = sb.toString();
}
public void parseARP() {
ARP_PACKET_COUNT ++;
// if (getInt(RAW_DATA, 0, 3) == 0x00FFFFFF && getInt(RAW_DATA, 3, 3) == 0x00FFFFFF)
// DESTINATION = "Broadcast";
StringBuffer sb = new StringBuffer();
sb.append("Hardware Type:");
sb.append(byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN, 2));
sb.append(",Protocol Type:");
sb.append(byte2HexString(RAW_DATA, ETH_FRAME_HEADER_LEN + 2, 2));
sb.append(",Hardware Size:");
sb.append(getInt(RAW_DATA, ETH_FRAME_HEADER_LEN + 4, 1));
sb.append(",Protocol Size:");
sb.append(getInt(RAW_DATA, ETH_FRAME_HEADER_LEN + 5, 1));
sb.append(",Operation Code:");
int opcode = getInt(RAW_DATA, ETH_FRAME_HEADER_LEN + 6, 2);
sb.append(opcode == 0x0001 ? "[Request]0x0001" : "[Response]0x0002");
sb.append(",Sender MAC:");
sb.append(getMACAddress(RAW_DATA, ETH_FRAME_HEADER_LEN + 8));
sb.append(",Sender IP:");
sb.append(getIPAddress(RAW_DATA, ETH_FRAME_HEADER_LEN + 14));
sb.append(",Target MAC:");
sb.append(getMACAddress(RAW_DATA, ETH_FRAME_HEADER_LEN + 18));
sb.append(",Target IP:");
sb.append(getIPAddress(RAW_DATA, ETH_FRAME_HEADER_LEN + 24));
INFO = sb.toString();
}
public String getFactoryName(int id) {
String name = null;
switch (id) {
case 0x00096B:
name = "Ibm";
break;
case 0x000B5F:
name = "Cisco";
break;
case 0x0015E9:
name = "D-Link";
break;
default:
byte b1 = (byte) (id >> 16);
byte b2 = (byte) (id >> 8);
byte b3 = (byte) id;
name = byte2HexString(b1) + ":" + byte2HexString(b2) + ":"
+ byte2HexString(b3);
break;
}
return name;
}
public int getInt(byte[] bs, int pos, int len) {
int value = 0;
for (int i = 0; i
value |= (bs[pos + len - i - 1] <
return value;
}
public String byte2HexString(byte b) {
return "" + byte2Char((byte) (b >> 4)) + byte2Char(b);
}
public String byte2HexString(byte[] b, int pos, int len) {
StringBuffer sb = new StringBuffer();
for (int i = 0; i
sb.append(byte2HexString(b[pos + i]));
return sb.toString();
}
public char byte2Char(byte b) {
char c = (char) (b & 0xf); // mask low nibble return (c > 9 ? (char) (c - 10 + ‘A‘) : (char) (c + ‘0‘));
}
public String getMACAddress(byte[] b, int pos) {
return getFactoryName(getInt(b, pos, 3)) + "_"
+ byte2HexString(b[pos + 3]) + ":" + byte2HexString(b[pos + 4])
+ ":" + byte2HexString(b[pos + 5]);
}
public String getIPAddress(byte[] b, int pos) {
int WIDTH = 4;
int address = getInt(b, pos, WIDTH);
StringBuffer sa = new StringBuffer();
for (int i = 0; i
sa.append(0xff & address >> 24);
address <<= 8;
if (i != WIDTH - 1)
sa.append(‘.‘);
}
return sa.toString();
}
public static void main(String args[]) {
new Sniffer();
}
}
注意:pcap.open(devices[4].split("\\\n")[0], true);这一行, 是用来选择网卡的, 如果你不清楚是那一个, 请将所有的devices输出来, 然后选择一个。
运行的时候, 需要net.sourceforge.jpcap-0.01.16.jar和jpcap.dll,
在和源文件的同一级目录下面建立一个lib文件夹, 然后将上面两个文件拷贝进去。
javac -cp lib\net.sourceforge.jpcap-0.01.16.jar Sniffer.java
java -Djava.library.path=lib -cp=lib\net.sourceforge.jpcap-0.01.16.jar Sniffer
正常情况下, 应该有类似如下的输出的:
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:Ibm_12:E2:15,Sender IP:255.255.255.197,Target MAC:00:00:00_00:00:00,Target IP:255.255.169.63
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:Ibm_12:E2:15,Sender IP:255.255.255.197,Target MAC:00:00:00_00:00:00,Target IP:255.255.255.140
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:Ibm_12:E2:15,Sender IP:255.255.255.197,Target MAC:00:00:00_00:00:00,Target IP:255.133.20.83
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:Ibm_12:E2:15,Sender IP:255.255.255.197,Target MAC:00:00:00_00:00:00,Target IP:255.255.232.100
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:FF:FF:E9_07:84:21,Sender IP:255.255.255.250,Target MAC:Cisco_B5:27:00,Target IP:202.117.21.1
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:Ibm_12:E2:15,Sender IP:255.255.255.197,Target MAC:00:00:00_00:00:00,Target IP:255.255.229.49
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:Ibm_12:E2:15,Sender IP:255.255.255.197,Target MAC:00:00:00_00:00:00,Target IP:255.255.244.42
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:Ibm_12:E2:15,Sender IP:255.255.255.197,Target MAC:00:00:00_00:00:00,Target IP:255.255.217.59
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:Ibm_12:E2:15,Sender IP:255.255.255.197,Target MAC:00:00:00_00:00:00,Target IP:222.51.121.73
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:Ibm_12:E2:15,Sender IP:255.255.255.197,Target MAC:00:00:00_00:00:00,Target IP:255.255.255.162
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:Ibm_12:E2:15,Sender IP:255.255.255.197,Target MAC:00:00:00_00:00:00,Target IP:255.255.255.162
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:Ibm_12:E2:15,Sender IP:255.255.255.197,Target MAC:00:00:00_00:00:00,Target IP:59.34.116.34
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:Ibm_12:E2:15,Sender IP:255.255.255.197,Target MAC:00:00:00_00:00:00,Target IP:59.34.116.34
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:Ibm_12:E2:15,Sender IP:255.255.255.197,Target MAC:00:00:00_00:00:00,Target IP:58.50.48.47
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:Ibm_12:E2:15,Sender IP:255.255.255.197,Target MAC:00:00:00_00:00:00,Target IP:255.255.255.213
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:Ibm_12:E2:15,Sender IP:255.255.255.197,Target MAC:00:00:00_00:00:00,Target IP:255.255.255.226
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:Ibm_12:E2:15,Sender IP:255.255.255.197,Target MAC:00:00:00_00:00:00,Target IP:59.41.41.17
IP Version:4,Header Length:20 bytes,DSF: 00,Total Length: 0x004C,Identification 0x: A4EA,Flags: 0x00,Frame Offset: 0x0000,TTL: 0x80,Protocol Type: 0x11,Header Check Sum: 0xB5F6,Source:202.117.21.75,Destination:255.255.255.255
[UDP Segmentaion]Source Port: 0x09B1,Destination Port: 0x1394,Length: 0x0038,Check sum: 0xAFF4,Data: 0x30004B5600000000000103000100000001003000F604AD8500000000000000000000000000000000000001001D5DE044
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:Ibm_12:E2:15,Sender IP:255.255.255.197,Target MAC:00:00:00_00:00:00,Target IP:255.255.255.189
Hardware Type:0001,Protocol Type:0800,Hardware Size:6,Protocol Size:4,Operation Code:[Request]0x0001,Sender MAC:FF:FF:E9_07:84:21,Sender IP:255.255.255.250,Target MAC:Cisco_B5:27:00,Target IP:202.117.21.1
java sniffer_用Java来实现的Sniffer相关推荐
- java 读取txt,java读取大文件
java 读取txt,java读取大文件 package com.bbcmart.util; import java.io.File; import java.io.RandomAccessFile; ...
- JAVA基础(JAVA 执行环境) 第一天
JAVA程序有3中执行环境. (1)能够单独运行的程序,称为Java Application(Java应用程序). (2)在Internet浏览器中运行的程序,称为 Java Applet(JAVA小 ...
- java.utilDate和java.sql.Date
java.utilDate和java.sql.Date由广州疯狂软件教育java培训分享: java程序中的时间类型有java.util.Date和java.sql.Date两种.两者之间的关系和转化 ...
- java 终极超类,Java问答:终极父类(3),java问答
Java问答:终极父类(3),java问答Java问答:终极父类(上) Java问答:终极父类(下) Java问答:终极父类(2)-上篇 Java问答:终极父类(2)-下篇 在之前关于 Object ...
- java.lang.OutOfMemoryError: Java heap space错误及...
为什么80%的码农都做不了架构师?>>> 以下是从网上找到的关于堆空间溢出的错误解决办法: java.lang.OutOfMemoryError: Java heap spac ...
- 浅谈Java SE、Java EE、Java ME三者的区别
1. Java SE(Java Platform,Standard Edition).Java SE 以前称为 J2SE.它允许开发和部署在桌面.服务器.嵌入式环境和实时环境中使用的 Java 应用程 ...
- java.lang.OutOfMemoryError: Java heap space的解决办法
如果在启动过程中出现内存溢出问题,抛出类似如下异常信息: java.lang.OutOfMemoryError: Java heap space 可以尝试办法: A.修改Tomcat/bin/cata ...
- Java接口和Java抽象类
Java接口和Java抽象类有太多相似的地方,又有太多特别的地方,究竟在什么地方,才是它们的最佳位置呢?把它们比较一下,你就可以发现了. 1.Java接口和Java抽象类最大的一个区别,就在于Java ...
- Java SE和Java EE应用的性能调优
凡事预则立,不预则废,和许多事情一样,Java性能调优的成功,离不开行动计划.方法或策略以及特定的领域背景知识.为了在Java性能调优工作中有所成就,你得超越"花似雾中看"的状态, ...
- java.lang.ClassCastException: java.math.BigDecimal cannot be cast to java.lang.Integer
java.lang.ClassCastException: java.math.BigDecimal cannot be cast to java.lang.Integer 1.改sql select ...
最新文章
- SQL Server 2008 R2占用内存越来越大解决方法
- java接收数据_java 如何接收数据集参数
- 现实世界的Windows Azure:采访Figlo的全球合作伙伴支持经理Nathan Brouwer
- 基于Hadoop的云盘系统客户端技术选型说明
- php+java+框架整合_ThinkPhP+Apache+PHPstorm整合框架流程图解
- 前端学习(1842):前端面试题之vue组件调用方式
- 【牛客 - 297B】little w and Sum(水题,前缀和)
- python将数据存入mysql数据库中_python3 两种方法将数据存入mysql数据库
- linux mongodb 升级,MongoDB2.6简单快速升级到3.0
- Android -- AudioPlayer
- FJ省队集训DAY2 T2
- 使用 IntraWeb (38) - TIWAppForm、TIWForm、TIWBaseHTMLForm、TIWBaseForm
- 一个具有20位地址和32位字长的存储器_详解西门子间接寻址之存储器间接寻址...
- soap xml_SOAP XML消息–使用Liquid XML Studio进行了解和创建
- Python网络爬虫与信息提取 - requests库入门
- “野火FreeRTOS教程”第7章补充知识点-异常流程
- Mybatis对Double类型的字符串进行范围查询
- 如何用计算机制作海报,怎么用word制作海报_如何做宣传海报word
- 自棱镜事件,隐私保护搜索引擎DuckDuckGo流量增长600%
- 光辉岁月-Beyond
热门文章
- 软件开发安全左移最佳工具-iast
- 2015 Visual-lidar Odometry and Mapping:Low-drift,Robust,and Fast
- ios12xen html插件,iOS 12.4 越狱后实用插件推荐(二)
- 2022中青杯A题-高校数学建模竞赛与课程Sz教育
- windows安装yarn 详细教程
- 决策树模型及案例(Python)
- OKR组织敏捷目标和绩效管理第一课 OKR的价值、战略与生成
- 佳能Canon imageCLASS MF210 Series 打印机驱动
- 分组卷积和深度可分离卷积
- 已解决Mixly与STM32单片机下载成功后无法运行问题