CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 2 of 2
  1. November 9th, 2017, 11:36 PM #1
    j_tom
    j_tom is offline Junior Member
    Join Date
    Nov 2017
    Posts
    1

    Parsing PCAP file

    Code:
    package com.javahelps.pcapparser;

import io.pkts.PacketHandler;
import io.pkts.Pcap;
import io.pkts.buffer.Buffer;
import io.pkts.packet.Packet;
import io.pkts.packet.TCPPacket;
import io.pkts.packet.UDPPacket;
import io.pkts.protocol.Protocol;

import java.io.IOException;

public class Main {

    public static void main(String[] args) throws IOException {

        final Pcap pcap = Pcap.openStream("C://slowdownload.pcap");

        pcap.loop(new PacketHandler() {
        	
        	@Override
            public boolean nextPacket(Packet packet) throws IOException {

                if (packet.hasProtocol(Protocol.TCP)) {
                	

                    TCPPacket tcpPacket = (TCPPacket) packet.getPacket(Protocol.TCP);
                    Buffer buffer = tcpPacket.getPayload();
                    if (buffer != null) {
                        System.out.println("TCP: " + buffer);
                    }
                } else if (packet.hasProtocol(Protocol.UDP)) {

                    UDPPacket udpPacket = (UDPPacket) packet.getPacket(Protocol.UDP);
                    Buffer buffer = udpPacket.getPayload();
                    if (buffer != null) {
                        System.out.println("UDP: " + buffer);
                    }
                }
                return true;
            }
        });
    }
}
    DONOT UNDERSTAND THE PROBLEM WITH CODE.ITS SHOWING GARBAGE CHARACTERS NOT THE CONTENTS OF PCAP FILE.
    Last edited by 2kaud; November 10th, 2017 at 03:38 AM.
    Reply With Quote Reply With Quote
  2. November 13th, 2017, 03:38 AM #2
    Priya456
    Priya456 is offline Member
    Join Date
    Aug 2017
    Posts
    36

    Re: Parsing PCAP file

    I would use python-dpkt.

    This is all I know how to do though sorry.

    #!/usr/local/bin/python2.7

    Code:
    import dpkt

counter=0
ipcounter=0
tcpcounter=0
udpcounter=0

filename='sampledata.pcap'

for ts, pkt in dpkt.pcap.Reader(open(filename,'r')):

    counter+=1
    eth=dpkt.ethernet.Ethernet(pkt) 
    if eth.type!=dpkt.ethernet.ETH_TYPE_IP:
       continue

    ip=eth.data
    ipcounter+=1

    if ip.p==dpkt.ip.IP_PROTO_TCP: 
       tcpcounter+=1

    if ip.p==dpkt.ip.IP_PROTO_UDP:
       udpcounter+=1

print "Total number of packets in the pcap file: ", counter
print "Total number of ip packets: ", ipcounter
print "Total number of tcp packets: ", tcpcounter
print "Total number of udp packets: ", udpcounter
    Last edited by 2kaud; November 13th, 2017 at 04:20 AM. Reason: Added code tags
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules




Click Here to Expand Forum to Full Width

Featured