Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2018-11-19 21:02:35 +0000

GGFPC gravatar image

tore Java raw InputStream data as PCAP to view in Wireshark

I'm trying to build a transparent proxy in Java with the ability to record data that passed through to be viewed later in wireshark.

I was able to get the proxy working correctly with this snippet 

private static final int BUFFER_SIZE = 8192;

...

public void run() {
    PcapHandle handle = null;
    PcapDumper dumper;
    try {
        InetAddress addr = InetAddress.getByName("localhost");
        PcapNetworkInterface nif = Pcaps.getDevByAddress(addr);
        int snapLen = 65536;
        PcapNetworkInterface.PromiscuousMode mode = PcapNetworkInterface.PromiscuousMode.PROMISCUOUS;
        int timeout = 10;
        handle = nif.openLive(snapLen, mode, timeout);
        dumper = handle.dumpOpen("cap.pcap");
        byte[] buffer = new byte[BUFFER_SIZE];
        try {
            while (true) {
                int bytesRead = mInputStream.read(buffer);
                if (bytesRead == -1)
                    break; // End of stream is reached --> exit
                mOutputStream.write(buffer, 0, bytesRead);
                dumper.dumpRaw(buffer);
                mOutputStream.flush();
            }
        } catch (IOException e) {
            // Read/write failed --> connection is broken
        }
        dumper.close();
    } catch (PcapNativeException e) {
        e.printStackTrace();
    } catch (UnknownHostException e) {
        e.printStackTrace();
    } catch (NotOpenException e) {
        e.printStackTrace();
    }
}

As you may notice I'm using Pcap4J to store raw bytes into a pcap file. The saving of the bytes works well but when I try to open it on wireshark it shows this message:

Error

And every packet shows as malformed. Ideally I would be seeing TCP and CQL (Cassandra) packets.

Can anyone tell me what I'm doing wrong here?

click to hide/show revision 2
None

updated 2018-11-20 07:17:27 +0000

Guy Harris gravatar image

tore Java raw InputStream data as PCAP to view in Wireshark

I'm trying to build a transparent proxy in Java with the ability to record data that passed through to be viewed later in wireshark.

I was able to get the proxy working correctly with this snippet 

private static final int BUFFER_SIZE = 8192;

...

public void run() {
    PcapHandle handle = null;
    PcapDumper dumper;
    try {
        InetAddress addr = InetAddress.getByName("localhost");
        PcapNetworkInterface nif = Pcaps.getDevByAddress(addr);
        int snapLen = 65536;
        PcapNetworkInterface.PromiscuousMode mode = PcapNetworkInterface.PromiscuousMode.PROMISCUOUS;
        int timeout = 10;
        handle = nif.openLive(snapLen, mode, timeout);
        dumper = handle.dumpOpen("cap.pcap");
        byte[] buffer = new byte[BUFFER_SIZE];
        try {
            while (true) {
                int bytesRead = mInputStream.read(buffer);
                if (bytesRead == -1)
                    break; // End of stream is reached --> exit
                mOutputStream.write(buffer, 0, bytesRead);
                dumper.dumpRaw(buffer);
                mOutputStream.flush();
            }
        } catch (IOException e) {
            // Read/write failed --> connection is broken
        }
        dumper.close();
    } catch (PcapNativeException e) {
        e.printStackTrace();
    } catch (UnknownHostException e) {
        e.printStackTrace();
    } catch (NotOpenException e) {
        e.printStackTrace();
    }
}

As you may notice I'm using Pcap4J to store raw bytes into a pcap file. The saving of the bytes works well but when I try to open it on wireshark it shows this message:

Error

And every packet shows as malformed. Ideally I would be seeing TCP and CQL (Cassandra) packets.

Can anyone tell me what I'm doing wrong here?

tore Trying to write Java raw InputStream data as PCAP to view in Wireshark

I'm trying to build a transparent proxy in Java with the ability to record data that passed through to be viewed later in wireshark.

I was able to get the proxy working correctly with this snippet 

private static final int BUFFER_SIZE = 8192;

...

public void run() {
    PcapHandle handle = null;
    PcapDumper dumper;
    try {
        InetAddress addr = InetAddress.getByName("localhost");
        PcapNetworkInterface nif = Pcaps.getDevByAddress(addr);
        int snapLen = 65536;
        PcapNetworkInterface.PromiscuousMode mode = PcapNetworkInterface.PromiscuousMode.PROMISCUOUS;
        int timeout = 10;
        handle = nif.openLive(snapLen, mode, timeout);
        dumper = handle.dumpOpen("cap.pcap");
        byte[] buffer = new byte[BUFFER_SIZE];
        try {
            while (true) {
                int bytesRead = mInputStream.read(buffer);
                if (bytesRead == -1)
                    break; // End of stream is reached --> exit
                mOutputStream.write(buffer, 0, bytesRead);
                dumper.dumpRaw(buffer);
dumper.dumpRaw(Arrays.copyOfRange(buffer, 0, bytesRead));
                mOutputStream.flush();
            }
        } catch (IOException e) {
            // Read/write failed --> connection is broken
        }
        dumper.close();
    } catch (PcapNativeException e) {
        e.printStackTrace();
    } catch (UnknownHostException e) {
        e.printStackTrace();
    } catch (NotOpenException e) {
        e.printStackTrace();
    }
}

As you may notice I'm using Pcap4J to store raw bytes into a pcap file. The saving of the bytes works well but when I try to open it on wireshark it shows this message:

Error

And every packet shows as malformed. Ideally I would be seeing TCP and CQL (Cassandra) packets.

Can anyone tell me what I'm doing wrong here?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2