使用jnetpcap捕获数据包进行流量检测
2015-05-14 15:29
393 查看
jnetpcap是用java对libpcap的一个封装,它可以用来监听网卡,捕获数据包
CaptureCore.java
MyPcapPacketHandler.java
PacketMatch.java
CaptureCore.java
package nssa.nm.capture; import java.util.ArrayList; import java.util.List; import javax.swing.JOptionPane; import org.jnetpcap.Pcap; import org.jnetpcap.PcapIf; public class CaptureCore { public static List<PcapIf> getDevs() {//获取机器上的网卡列表 List<PcapIf> devs = new ArrayList<PcapIf>(); StringBuilder errsb = new StringBuilder(); int r = Pcap.findAllDevs(devs, errsb); if (r == Pcap.NOT_OK || devs.isEmpty()) { JOptionPane.showMessageDialog(null,errsb.toString(),"错误",JOptionPane.ERROR_MESSAGE); return null; } else { return devs; } } public static void startCaptureAt(int num) {//选择一个网卡开启抓包 List<PcapIf> devs = new ArrayList<PcapIf>(); StringBuilder errsb = new StringBuilder(); int r = Pcap.findAllDevs(devs, errsb); if (r == Pcap.NOT_OK || devs.isEmpty()) { JOptionPane.showMessageDialog(null,errsb.toString(),"错误",JOptionPane.ERROR_MESSAGE); return; } PcapIf device = devs.get(num); int snaplen = Pcap.DEFAULT_SNAPLEN;//长度65536 int flags = Pcap.MODE_PROMISCUOUS;//混杂模式 int timeout = 10 * 1000; //StringBuilder errsb = null; Pcap pcap = Pcap.openLive(device.getName(), snaplen, flags, timeout, errsb); if (pcap == null) { JOptionPane.showMessageDialog(null,errsb.toString(),"错误",JOptionPane.ERROR_MESSAGE); return; } PacketMatch packetMatch = PacketMatch.getInstance(); packetMatch.loadRules(); MyPcapPacketHandler<Object> myhandler = new MyPcapPacketHandler<Object>(); pcap.loop(0, myhandler, "jnetpcap"); pcap.close(); }
MyPcapPacketHandler.java
package nssa.nm.capture; import org.jnetpcap.packet.PcapPacket; import org.jnetpcap.packet.PcapPacketHandler; public class MyPcapPacketHandler<Object> implements PcapPacketHandler<Object> {//抓到包后送去检测 @Override public void nextPacket(PcapPacket packet, Object obj) { PacketMatch packetMatch = PacketMatch.getInstance(); packetMatch.handlePacket(packet); } }
PacketMatch.java
package nssa.nm.capture; import java.util.ArrayList; import java.util.List; import org.jnetpcap.nio.JBuffer; import org.jnetpcap.packet.PcapPacket; import org.jnetpcap.protocol.network.Icmp; import org.jnetpcap.protocol.network.Ip4; import org.jnetpcap.protocol.tcpip.Tcp; import org.jnetpcap.protocol.tcpip.Udp; import nssa.nm.message.MessageCenter; import nssa.nm.message.NMMessage; import nssa.nm.vo.Rule; public class PacketMatch { private static PacketMatch pm; private Ip4 ip = new Ip4(); private Icmp icmp = new Icmp(); private Tcp tcp = new Tcp(); private Udp udp = new Udp(); private List<Rule> icmpRules; private List<Rule> tcpRules; private List<Rule> udpRules; private NMMessage message; public static PacketMatch getInstance() { if (pm == null) { pm = new PacketMatch(); } return pm; } public void loadRules() {//加载规则 /*RuleDao dao = new RuleDao(); try { icmpRules = dao.list("icmp"); tcpRules = dao.list("tcp"); udpRules = dao.list("udp"); } catch (SQLException e) { JOptionPane.showMessageDialog(null,e.toString(),"错误",JOptionPane.ERROR_MESSAGE); }*/ icmpRules = new ArrayList<Rule>(); tcpRules = new ArrayList<Rule>(); udpRules = new ArrayList<Rule>(); } public void handlePacket(PcapPacket packet) {//根据包头选择不同的规则 message = new NMMessage(); if (packet.hasHeader(ip)) { handleIp(packet); } if (packet.hasHeader(icmp)) { handleIcmp(packet); } if (packet.hasHeader(tcp)) { handleTcp(packet); } if (packet.hasHeader(udp)) { handleUdp(packet); } } private void handleIp(PcapPacket packet) { packet.getHeader(ip); byte[] sIP = new byte[4], dIP = new byte[4]; sIP = ip.source(); dIP = ip.destination(); String srcIP = org.jnetpcap.packet.format.FormatUtils.ip(sIP); String dstIP = org.jnetpcap.packet.format.FormatUtils.ip(dIP); message.setSip(srcIP); message.setDip(dstIP); } private void handleIcmp(PcapPacket packet) { packet.getHeader(icmp); byte[] buff = new byte[packet.getTotalSize()]; packet.transferStateAndDataTo(buff); JBuffer jb = new JBuffer(buff); String content = jb.toHexdump(); //for(int i = 0; i < icmpRules.size(); i++) { //if(content.contains(icmpRules.get(i).getContent())) { //message.setMsg(icmpRules.get(i).getMsg()); message.setPacket(content); sendMessage(); //} //} } private void handleTcp(PcapPacket packet) { packet.getHeader(tcp); String srcPort = String.valueOf(tcp.source()); String dstPort = String.valueOf(tcp.destination()); message.setSport(srcPort); message.setDport(dstPort); byte[] buff = new byte[packet.getTotalSize()]; packet.transferStateAndDataTo(buff); JBuffer jb = new JBuffer(buff); String content = jb.toHexdump(); //for(int i = 0; i < tcpRules.size(); i++) { //if(content.contains(tcpRules.get(i).getContent())) { //message.setMsg(tcpRules.get(i).getMsg()); message.setPacket(content); sendMessage(); //} //} } private void handleUdp(PcapPacket packet) { packet.getHeader(udp); String srcPort = String.valueOf(udp.source()); String dstPort = String.valueOf(udp.destination()); message.setSport(srcPort); message.setDport(dstPort); byte[] buff = new byte[packet.getTotalSize()]; packet.transferStateAndDataTo(buff); JBuffer jb = new JBuffer(buff); String content = jb.toHexdump(); //for(int i = 0; i < udpRules.size(); i++) { //if(content.contains(udpRules.get(i).getContent())) { //message.setMsg(udpRules.get(i).getMsg()); message.setPacket(content); sendMessage(); //} //} } private void sendMessage() { MessageCenter.sendMessage(message); } }
相关文章推荐
- 使用jnetpcap捕获数据包进行流量检测
- 使用jnetpcap捕获数据包进行流量检测
- Jnetpcap 官方案例(3)- 从离线文件捕获数据包
- golang使用gopacket包进行数据包捕获,注入和分析
- jNetPcap-用Java实现libpcap完整封装的网络数据包捕获函数库
- Jnetpcap 官方实例(4)- 将捕获的数据包写入文件
- 综合运用端口匹配、深度数据包检测、流量特征进行P2P流量识别
- tcpdump/libpcap中捕获数据包的时间戳
- 如何使用Erdas进行智能变化检测
- linux fedora 14(内核2.6.35.6) PF_RING+libpcap 极速捕获千兆网数据包,不丢包
- 【R笔记】使用R语言进行异常检测
- 使用真实流量请求进行系统测试
- Jnetpcap 官方样例(2)- 创建一个TCP数据包
- 使用Purify进行java代码内存泄漏检测与诊断
- 使用Faster-Rcnn进行目标检测的原理
- 使用tcpcopy导入线上流量进行功能和压力测试
- 使用radon变换进行直线检测
- R语言使用神经网络进行标识检测