The data structure has already been defined, so it's time to formally parse the Pcap file.
Note: The following only the core code, the project all the code will be at the end of the article to give the download link Resolution pcap file
1 Read the entire Pcap file to memory
FileInputStream FIS = null;
try {
fis = new FileInputStream (PCAP);
int m = Fis.read (File_header);
//....
} Catch//...
2 Read File headers
/** * Read Pcap file header/public Pcapfileheader Parsefileheader (byte[] file_header) throws IOException {
Pcapfileheader Fileheader = new Pcapfileheader (); byte[] Buff_4 = new Byte[4]; 4-byte array byte[] buff_2 = new byte[2];
2-byte array int offset = 0;
for (int i = 0; i < 4; i + +) {Buff_4[i] = file_header[i + offset];
offset = 4;
int magic = Datautils.bytearraytoint (buff_4);
Fileheader.setmagic (Magic);
for (int i = 0; i < 2; i + +) {Buff_2[i] = file_header[i + offset];
offset = 2;
Short magorversion = Datautils.bytearraytoshort (buff_2);
Fileheader.setmagorversion (magorversion);
for (int i = 0; i < 2; i + +) {Buff_2[i] = file_header[i + offset];
offset = 2;
Short MinorVersion = Datautils.bytearraytoshort (buff_2);
Fileheader.setminorversion (minorversion); For(int i = 0; i < 4; i + +)
{Buff_4[i] = file_header[i + offset];
offset = 4;
int timezone = Datautils.bytearraytoint (buff_4);
Fileheader.settimezone (timezone);
for (int i = 0; i < 4; i + +) {Buff_4[i] = file_header[i + offset];
offset = 4;
int sigflags = Datautils.bytearraytoint (buff_4);
Fileheader.setsigflags (Sigflags);
for (int i = 0; i < 4; i + +) {Buff_4[i] = file_header[i + offset];
offset = 4;
int snaplen = Datautils.bytearraytoint (buff_4);
Fileheader.setsnaplen (Snaplen);
for (int i = 0; i < 4; i + +) {Buff_4[i] = file_header[i + offset];
offset = 4;
int linktype = Datautils.bytearraytoint (buff_4);
Fileheader.setlinktype (Linktype);
Logutils.printobjinfo (Fileheader);
return fileheader;
}
3 Read Headers
/** * Read Data Header/public Pcapdataheader Parsedataheader (byte[] data_header) {byte[] buff_4 = new byte[
4];
Pcapdataheader Dataheader = new Pcapdataheader ();
int offset = 0;
for (int i = 0; i < 4; i + +) {Buff_4[i] = data_header[i + offset];
offset = 4;
int times = Datautils.bytearraytoint (buff_4);
Dataheader.settimes (times);
for (int i = 0; i < 4; i + +) {Buff_4[i] = data_header[i + offset];
offset = 4;
int timems = Datautils.bytearraytoint (buff_4);
Dataheader.settimems (Timems);
for (int i = 0; i < 4; i + +) {Buff_4[i] = data_header[i + offset];
offset = 4;
Must be in reverse order in the conversion to int datautils.reversebytearray (BUFF_4);
int caplen = Datautils.bytearraytoint (buff_4);
Dataheader.setcaplen (Caplen);
Logutils.printobj ("Actual length of Packet", Dataheader.getcaplen ()); for (int i = 0; I < 4;
i + +) {Buff_4[i] = data_header[i + offset];
offset = 4;
int len = Datautils.bytearraytoint (buff_4);
Datautils.reversebytearray (Buff_4);
int len = Datautils.bytearraytoint (buff_4);
Dataheader.setlen (len);
Logutils.printobjinfo (Dataheader);
return dataheader;
}
After reading the data header, we deposit the entire data into the content byte array, which is convenient for later parsing
Private byte[] content; Content = new Byte[dataheader.getcaplen ()];
4 reading data Frames
Data frame data is no use to us, do not do too much parsing
/**
* Read PCAP data frame
* @param fis
/public void Readpcapdataframe (byte[) content) {
Pcapdataframe Dataframe = new Pcapdataframe ();
int offset =;
byte[] buff_2 = new byte[2];
for (int i = 0; i < 2; i + +) {
Buff_2[i] = content[i + offset];
}
Short Frametype = Datautils.bytearraytoshort (buff_2);
Dataframe.setframetype (frametype); Logutils.printobjinfo (dataframe);
}
5 Read IP headers
Private Ipheader Readipheader (byte[] content) {int offset = 14;
Ipheader IP = new Ipheader ();
byte[] buff_2 = new byte[2];
byte[] Buff_4 = new Byte[4]; byte Varhlen = Content[offset + +];
offset =//Logutils.printbytetobinarystr ("Varhlen", Varhlen);
if (Varhlen = = 0) {return null;
} ip.setvarhlen (Varhlen); BYTE tos = Content[offset + +];
offset = Ip.settos (TOS);
for (int i = 0; i < 2; i + +) {Buff_2[i] = content[i + offset]; offset = 2;
offset = Totallen = Datautils.bytearraytoshort (buff_2);
Ip.settotallen (Totallen);
for (int i = 0; i < 2; i + +) {Buff_2[i] = content[i + offset]; offset = 2; offset = Short id = Datautils.bytearraytoshORT (buff_2);
Ip.setid (ID);
for (int i = 0; i < 2; i + +) {Buff_2[i] = content[i + offset]; offset = 2;
offset = Short Flagsegment = Datautils.bytearraytoshort (buff_2);
Ip.setflagsegment (flagsegment); byte ttl = Content[offset + +];
offset = Ip.setttl (TTL); BYTE protocol = Content[offset + +];
offset = ip.setprotocol (protocol);
for (int i = 0; i < 2; i + +) {Buff_2[i] = content[i + offset]; offset = 2;
offset = Short CheckSum = Datautils.bytearraytoshort (buff_2);
Ip.setchecksum (CheckSum);
for (int i = 0; i < 4; i + +) {Buff_4[i] = content[i + offset]; offset = 4;
offset = 30 int SRCIP = Datautils.bytearraytoint (buff_4);
Ip.setsrcip (SRCIP);
Stitching out Sourceip StringBuilder builder = new StringBuilder ();
for (int i = 0; i < 4; i++) {builder.append ((int) (Buff_4[i] & 0xff));
Builder.append (".");
} Builder.deletecharat (Builder.length ()-1);
String Sourceip = builder.tostring ();
Protocoldata.setsrcip (SOURCEIP);
for (int i = 0; i < 4; i + +) {Buff_4[i] = content[i + offset]; offset = 4;
offset = int Dstip = Datautils.bytearraytoint (buff_4);
Ip.setdstip (Dstip);
Stitching out Destinationip builder = new StringBuilder ();
for (int i = 0; i < 4; i++) {builder.append ((int) (Buff_4[i] & 0xff));
Builder.append (".");
} Builder.deletecharat (Builder.length ()-1); String Destinationip = Builder.tosTring ();
Protocoldata.setdesip (DESTINATIONIP);
Logutils.printobjinfo (IP);
return IP;
}
6 Read TCP headers
Private Tcpheader Readtcpheader (byte[] content2, int offset) {byte[] buff_2 = new byte[2];
byte[] Buff_4 = new Byte[4];
Tcpheader TCP = new Tcpheader (); for (int i = 0; i < 2; i + +) {Buff_2[i] = content[i + offset];//Logutils.printbytetobinarystr ("
tcp:buff_2["+ i +"] ", buff_2[i]); offset = 2;
offset = Short Srcport = Datautils.bytearraytoshort (buff_2);
Tcp.setsrcport (srcport);
String Sourceport = ValidateData (srcport);
Protocoldata.setsrcport (Sourceport);
for (int i = 0; i < 2; i + +) {Buff_2[i] = content[i + offset]; offset = 2;
offset = Short Dstport = Datautils.bytearraytoshort (buff_2);
Tcp.setdstport (dstport);
String Desport = ValidateData (dstport);
Protocoldata.setdesport (Desport); for (int i = 0; I &lT 4;
i + +) {Buff_4[i] = content[i + offset]; offset = 4;
offset = int Seqnum = Datautils.bytearraytoint (buff_4);
Tcp.setseqnum (Seqnum);
for (int i = 0; i < 4; i + +) {Buff_4[i] = content[i + offset]; offset = 4;
offset = + int acknum = Datautils.bytearraytoint (buff_4);
Tcp.setacknum (Acknum); byte Headerlen = Content[offset + +];
offset = Tcp.setheaderlen (Headerlen); BYTE flags = Content[offset + +];
offset = tcp.setflags (flags);
for (int i = 0; i < 2; i + +) {Buff_2[i] = content[i + offset]; offset = 2;
offset = short window = Datautils.bytearraytoshort (buff_2);
Tcp.setwindow (window);
for (int i = 0; i < 2; i + +) { Buff_2[i] = content[i + offset]; offset = 2;
offset = Short CheckSum = Datautils.bytearraytoshort (buff_2);
Tcp.setchecksum (CheckSum);
for (int i = 0; i < 2; i + +) {Buff_2[i] = content[i + offset]; offset = 2;
offset = Short Urgentpointer = Datautils.bytearraytoshort (buff_2);
Tcp.seturgentpointer (Urgentpointer);
Logutils.printobj ("Tcp.offset", offset);
Data_offset = offset;
Logutils.printobjinfo (TCP);
return TCP;
}
7 Read UDP headers
Private Udpheader Readudpheader (byte[] content, int offset) {byte[] buff_2 = new byte[2];
Udpheader UDP = new Udpheader (); for (int i = 0; i < 2; i + +) {Buff_2[i] = content[i + offset];//Logutils.printbytetobinarystr ("
udp:buff_2["+ i +"] ", buff_2[i]); offset = 2;
offset = Short Srcport = Datautils.bytearraytoshort (buff_2);
Udp.setsrcport (srcport);
String Sourceport = ValidateData (srcport);
Protocoldata.setsrcport (Sourceport);
for (int i = 0; i < 2; i + +) {Buff_2[i] = content[i + offset]; offset = 2;
offset = Short Dstport = Datautils.bytearraytoshort (buff_2);
Udp.setdstport (dstport);
String Desport = ValidateData (dstport);
Protocoldata.setdesport (Desport); for (int i = 0; i < 2; i + +) {Buff_2[i] = COntent[i + offset]; offset = 2;
offset = Short length = Datautils.bytearraytoshort (buff_2);
Udp.setlength (length);
for (int i = 0; i < 2; i + +) {Buff_2[i] = content[i + offset]; offset = 2;
offset = CheckSum = Datautils.bytearraytoshort (buff_2);
Udp.setchecksum (CheckSum);
Logutils.printobj ("Udp.offset", offset);
Logutils.printobjinfo (UDP);
Data_offset = offset;
return UDP;
}
Create a file
After parsing, you must write the data to the file.
/** * Create file * @param protocoldata */public void Createfiles (Protocoldata protocoldata) {String
protocol = "TCP";
String suffix = ". Pcap";
if (protocoldata.getprotocoltype () = = protocoltype.udp) {protocol = "UDP";
else if (protocoldata.getprotocoltype () = = Protocoltype.other) {return; String filename = protocol + "[" + PROTOCOLDATA.GETSRCIP () + "]" + "[" + Prot
Ocoldata.getsrcport () + "]" + "[" + PROTOCOLDATA.GETDESIP () + "]"
+ "[" + protocoldata.getdesport () + "]"; String reversefilename = protocol + "[" + PROTOCOLDATA.GETDESIP () + "]" + "[" +
Protocoldata.getdesport () + "]" + "[" + PROTOCOLDATA.GETSRCIP () + "]"
+ "[" + protocoldata.getsrcport () + "]"; Boolean isreverse = false;
Boolean append = false; Determines whether the five-tuple if (filenames.contains (filename)) {append = true;//Logutils.printobj (Filen
Ame + "already exists ...");
else {append = false;//logutils.printobj (filename + "does not exist ..."); The source IP, source port and destination IP, destination port Exchange order to see if the file exists, if it exists, append if (Filenames.contains (reversefilename)) {AP
Pend = true;
Isreverse = true;
filename = reversefilename;
Logutils.printobj ("RF:" + Reversefilename + "already exists ...");
else {filenames.add (filename);
} filename = datautils.validatefilename (filename);
String pathname = Savepath + "\" + protocol + "\" + filename + suffix;
* * Data load information/int data_size = Content.length-data_offset;
Logutils.printobj ("Long Data Load", data_size); Data_content = New Byte[data_size];
for (int i = 0; i < data_size i + +) {Data_content[i] = content[i + Data_offset];
String Pathname_data = Savepath + "\" + protocol + "\ Data load extraction result \" + filename +. Pcap.txt ";
try {File File = new file (pathname);
FileOutputStream fos = new FileOutputStream (file, append);
File Data_file = new file (pathname_data);
FileOutputStream fos_data = new FileOutputStream (data_file, append);
if (!append) {//If Append is true, indicates that the file already exists, append//1. Write File header fos.write (File_header);
string[] data = new STRING[2];
DATA[0] = filename;
DATA[1] = pathname;
Datas.add (data); Super.setchanged (); Inform the Observer Super.notifyobservers (DATAS); Passing data to the observer//does not exist, the record has not yet been added String LogPath = Savepath + "\" + protocol + "\" + protocol + ". txt";
Fileutils.writelinetofile (filename, new File (LogPath), true); }//2.
Write Pcap Data Header//Logutils.printobj ("Data_header.length", data_header.length);
Fos.write (Data_header); 3.
Write Data//Logutils.printobj ("Content.length", content.length);
Fos.write (content);
Write Data load Information fos_data.write (data_content); 4.
Close stream Fileutils.closestream (null, FOS);
Fileutils.closestream (null, fos_data);
catch (FileNotFoundException e) {e.printstacktrace ();
catch (IOException e) {e.printstacktrace ();
}
}
Project code Download: Pcapanalyzer Original from: http://blog.csdn.net/gulu_gulu_jp/article/details/50495285
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
