Data link Layer control in Jpcap-java

Source: Internet
Author: User
Tags count flushes

A Jpcap Introduction

As we all know, although the Java language in the TCP/UDP transmission has given a good definition, but for the network layer under the control, but is powerless.
Jpcap expansion packs make up for this. Jpcap is actually not a real implementation of the data Link layer control, but a middleware, jpcap invoke Wincap/libpcap, but to the Java language to provide a common interface, so as to achieve platform independence. As stated on the official website, Jpcap supports FreeBSD 3.x, Linux RedHat 6.1, Fedora Core 4, Solaris, and Microsoft Windows 2000/XP systems.

Two Jpcap mechanism

The entire structure of the jpcap is broadly similar to the WINCAP/LIBPCAP, for example networkinterface classes correspond to wincap typedef struct _ADAPTER () correspond to Pcap_findalldevs () and so on. Jpcap has 16 classes, and below is a description of the 4 most important classes.

1. NetworkInterface each instance of the class represents a network device, typically the NIC. This class has only some data members, and there are no other methods defined except the basic methods that inherit from the Java.lang.Object.

Data members
Networkinterfaceaddress[] addresses the network address of this interface. Setting an array should take into account that some devices are connected to multiple lines at the same time, such as routers. But our PC network card is generally only one line, so we generally take addresses[0] is enough.
Java.lang.String Datalink_description. A description of the data link layer. Describe what network the local area network is located on. For example, Ethernet (Ethernet), Wireless LAN network (Wireless LAN), Token Ring network (token rings), and so on.
Java.lang.String Datalink_name the name of the network device's corresponding data link layer. Specifically, such as ethernet10m, 100M, 1000M, and so on.
Java.lang.String Description network card is XXXX brand XXXX type of description. For example, my network card description: Realtek rtl8169/8110 Family Gigabit Ethernet NIC
Boolean Loopback flag Whether this device loopback equipment.
Byte[] Mac_address the MAC address of the NIC, 6 bytes.
Java.lang.String Name of this device. For example, my network card name: \DEVICE\NPF_{3CE5FDA5-E15D-4F87-B217-255BCB351CD5}
2. Jpcapcaptor
This class provides a series of static methods to implement some basic functionality. An instance of this class represents a link to a specified device that can be used to control the device, such as setting the network card mode, setting the filter keyword, and so on.
Data members
Int Dropped_packets the number of packets discarded.
protected int ID This data member does not have any explanation in the official document, see Jpcap Source code can discover this ID actually in its JNI of C code part of pass in, this kind of the class does not make a definition, so it is for internal use. In fact, there is no way to invoke this data member in the use of the Jpcapcator instance.
protected static boolean[] Instanciatedflag also did not make any explanation in the official document, estimating it for internal use.
protected static int Max_number_of_instance also did not make any explanation in the official document, estimating it for internal use.
Int Received_packets
The number of packets received
Method members
Static networkinterface[] Getdevicelist ()
Returns a list of network devices.
Static Jpcapcaptor Opendevice (NetworkInterface interface, int Snaplen, boolean promisc, int to_ms)
Creates a connection to the specified device and returns the connection. Note that all two of these methods are static methods. Interface: An instance of the device to which you want to open the connection; Snaplen: This is an argument that is easier to confuse. In fact, this parameter is not to limit the number of packets can only be captured, but to limit the receipt of a packet each time, only to extract the number of bytes before the packet; Promisc: Set whether promiscuous mode. In promiscuous mode, all packets are received, and if the packet filtering function is invoked later SetFilter () will have no effect; To_ms: This parameter is mainly used for the Processpacket () method, specifying the time of the timeout;
void Close ()
Closes the connection to the device that called the method, and opens the connection relative to Opendivece ().
Jpcapsender Getjpcapsenderinstance ()
This returns a Jpcapsender instance, which is a class that is specifically designed to control the ability of a device to send packets. Jpcapsender
Packet GetPacket ()
Captures and returns a packet. This is one of the four ways to capture packages in jpcapcaptor instances.
Int Looppacket (int count, Packetreceiver handler)
Captures a specified number of packets and is processed by an instance of the class that implements the Packetreceiver interface, and returns the number of packets caught. If the count parameter is set to-1, then the data is captured in an infinite loop. This method is not affected by timeouts. Remember the To_ms parameter in Opendivice ()? That parameter has no effect on this method, and if the specified number of packets is not captured, the method blocks the wait. There is only one abstract method void receive (Packet p) in Packetreceiver.
Int Processpacket (int count, Packetreceiver handler)
As with the Looppacket () feature, the only difference is that this method is affected by timeouts and automatically returns the number of packets caught over a specified time.
Int Dispatchpacket (int count, Packetreceiver handler)
As with the Processpacket () feature, the difference is that this method works in a "non-blocking" mode where Dispatchpacket () may return immediately, even if no packets are caught.
void SetFilter (java.lang.String condition, Boolean optimize)
. Condition: Sets the keyword for the package to extract. Optimize: This parameter is not stated in the description document and in the source code, only that if the parameter is true, then the filter will be in optimization mode.
void Setnonblockingmode (Boolean nonblocking) if the value is "true", set to "non-blocking" mode.
void Breakloop () after calling Processpacket () and Looppacket (), this method can be invoked to force Processpacket () and Looppacket () to stop.
3. Jpcapsender
This class is specifically designed to control the sending of packets.
Method members
void Close ()
Forces the connection to close.
Static Jpcapsender Openrawsocket () The Jpcapsender instance returned by this method automatically fills in the Data link layer header when it sends a packet.
void Sendpacket (Packet Packet)
Jpcapsender the most important function of sending packets. It should be noted that if the instance calling this method is obtained by Jpcapcaptor's getjpcapsenderinstance (), you need to set the header of the data link layer yourself, and if it is obtained by the above Openrawsocket (), Then the header of the data link layer will be automatically generated by the system without the need to be set.

4. Packet This is the parent class for all other packet classes. The data packages supported by JPCAP are:
Arppacket, Datalinkpacket, Ethernetpacket, Icmppacket, Ippacket, Tcppacket, Udppacket

Three Using Jpcap to implement listening

1. The principle of monitoring is described in detail before the implementation of network monitoring with JPCAP, the principle of monitoring is briefly introduced. LAN listening utilizes the so-called "ARP spoofing" technology. In the previous period, the layout of the LAN is the use of bus-type (or set-line) structure, to reach the monitor only need to set the NIC to promiscuous mode, but now the local area network is commonly used in the Exchange network, so simply rely on promiscuous mode to achieve the monitoring method has not been done. So in order to achieve the purpose of listening, we need to "deceive" the router, "cheat" switch, that is, "ARP spoofing" technology.

Suppose the machine is a and the listener target is B.

First, forge an ARP reply packet, the Data link layer header and the ARP content part's source MAC address fills in A's MAC address, but the source IP part fills in the network off the IP, the destination address fills in B's Mac, the IP, then sends this package to B, but B receives this false ARP reply package, Because the source IP is a gateway IP, it flushes an entry in its ARP cache, which (gateway IP, Gateway MAC) is refreshed (the Gateway Ip,a mac). and b to access the external network need to go through the gateway, this time the gateway to the package will all flow to a machine. Next, forge an ARP reply packet, the Data link layer header and the ARP content part's source MAC address fills in A's MAC address, but the source IP part fills in B's IP, the destination address fills in the network to turn off the Mac, the IP, then sends this package to the gateway, the gateway receives this false ARP reply package, Because the IP of source IP is B, it refreshes an item in its ARP cache, and flushes (B's Ip,b Mac) to (B's Ip,a mac). This is when the packets passed to B are passed through the gateway, and are forwarded to a. It's just blocking B's packets, B does not surf the Internet-the solution is to receive the package, in addition to the purpose of the address part of a slight modification, and other intact to forward, so as to achieve the purpose of monitoring-the B unknowingly browse the B all of the external data package.

ARP Packet resolution unit: Byte
Ethernet Head ARP data section
6 6 2 2 2 2 2 4 6 4 6
Destination MAC Address SOURCE MAC Address Class Model 0x0800:ip 0x0806:arp LAN Type Ethernet 0X0001 Network protocol Type IP network 0x0800 MAC/IP address length, constant for 0x06/04 ARP Packet type REPLY 0x0002 ARP Destination IP address ARP Destination MAC address ARP Source IP Address ARP Source MAC address

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.