使用jnetpcap捕获数据包进行流量检测
2015-05-14 15:29
393 查看
jnetpcap是用java对libpcap的一个封装,它可以用来监听网卡,捕获数据包
CaptureCore.java
MyPcapPacketHandler.java
PacketMatch.java
CaptureCore.java
package nssa.nm.capture;
import java.util.ArrayList;
import java.util.List;
import javax.swing.JOptionPane;
import org.jnetpcap.Pcap;
import org.jnetpcap.PcapIf;
public class CaptureCore {
public static List<PcapIf> getDevs() {//获取机器上的网卡列表
List<PcapIf> devs = new ArrayList<PcapIf>();
StringBuilder errsb = new StringBuilder();
int r = Pcap.findAllDevs(devs, errsb);
if (r == Pcap.NOT_OK || devs.isEmpty()) {
JOptionPane.showMessageDialog(null,errsb.toString(),"错误",JOptionPane.ERROR_MESSAGE);
return null;
} else {
return devs;
}
}
public static void startCaptureAt(int num) {//选择一个网卡开启抓包
List<PcapIf> devs = new ArrayList<PcapIf>();
StringBuilder errsb = new StringBuilder();
int r = Pcap.findAllDevs(devs, errsb);
if (r == Pcap.NOT_OK || devs.isEmpty()) {
JOptionPane.showMessageDialog(null,errsb.toString(),"错误",JOptionPane.ERROR_MESSAGE);
return;
}
PcapIf device = devs.get(num);
int snaplen = Pcap.DEFAULT_SNAPLEN;//长度65536
int flags = Pcap.MODE_PROMISCUOUS;//混杂模式
int timeout = 10 * 1000;
//StringBuilder errsb = null;
Pcap pcap = Pcap.openLive(device.getName(), snaplen, flags, timeout, errsb);
if (pcap == null) {
JOptionPane.showMessageDialog(null,errsb.toString(),"错误",JOptionPane.ERROR_MESSAGE);
return;
}
PacketMatch packetMatch = PacketMatch.getInstance();
packetMatch.loadRules();
MyPcapPacketHandler<Object> myhandler = new MyPcapPacketHandler<Object>();
pcap.loop(0, myhandler, "jnetpcap");
pcap.close();
}MyPcapPacketHandler.java
package nssa.nm.capture;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.packet.PcapPacketHandler;
public class MyPcapPacketHandler<Object> implements PcapPacketHandler<Object> {//抓到包后送去检测
@Override
public void nextPacket(PcapPacket packet, Object obj) {
PacketMatch packetMatch = PacketMatch.getInstance();
packetMatch.handlePacket(packet);
}
}PacketMatch.java
package nssa.nm.capture;
import java.util.ArrayList;
import java.util.List;
import org.jnetpcap.nio.JBuffer;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.protocol.network.Icmp;
import org.jnetpcap.protocol.network.Ip4;
import org.jnetpcap.protocol.tcpip.Tcp;
import org.jnetpcap.protocol.tcpip.Udp;
import nssa.nm.message.MessageCenter;
import nssa.nm.message.NMMessage;
import nssa.nm.vo.Rule;
public class PacketMatch {
private static PacketMatch pm;
private Ip4 ip = new Ip4();
private Icmp icmp = new Icmp();
private Tcp tcp = new Tcp();
private Udp udp = new Udp();
private List<Rule> icmpRules;
private List<Rule> tcpRules;
private List<Rule> udpRules;
private NMMessage message;
public static PacketMatch getInstance() {
if (pm == null) {
pm = new PacketMatch();
}
return pm;
}
public void loadRules() {//加载规则
/*RuleDao dao = new RuleDao();
try {
icmpRules = dao.list("icmp");
tcpRules = dao.list("tcp");
udpRules = dao.list("udp");
} catch (SQLException e) {
JOptionPane.showMessageDialog(null,e.toString(),"错误",JOptionPane.ERROR_MESSAGE);
}*/
icmpRules = new ArrayList<Rule>();
tcpRules = new ArrayList<Rule>();
udpRules = new ArrayList<Rule>();
}
public void handlePacket(PcapPacket packet) {//根据包头选择不同的规则
message = new NMMessage();
if (packet.hasHeader(ip)) {
handleIp(packet);
}
if (packet.hasHeader(icmp)) {
handleIcmp(packet);
}
if (packet.hasHeader(tcp)) {
handleTcp(packet);
}
if (packet.hasHeader(udp)) {
handleUdp(packet);
}
}
private void handleIp(PcapPacket packet) {
packet.getHeader(ip);
byte[] sIP = new byte[4], dIP = new byte[4];
sIP = ip.source();
dIP = ip.destination();
String srcIP = org.jnetpcap.packet.format.FormatUtils.ip(sIP);
String dstIP = org.jnetpcap.packet.format.FormatUtils.ip(dIP);
message.setSip(srcIP);
message.setDip(dstIP);
}
private void handleIcmp(PcapPacket packet) {
packet.getHeader(icmp);
byte[] buff = new byte[packet.getTotalSize()];
packet.transferStateAndDataTo(buff);
JBuffer jb = new JBuffer(buff);
String content = jb.toHexdump();
//for(int i = 0; i < icmpRules.size(); i++) {
//if(content.contains(icmpRules.get(i).getContent())) {
//message.setMsg(icmpRules.get(i).getMsg());
message.setPacket(content);
sendMessage();
//}
//}
}
private void handleTcp(PcapPacket packet) {
packet.getHeader(tcp);
String srcPort = String.valueOf(tcp.source());
String dstPort = String.valueOf(tcp.destination());
message.setSport(srcPort);
message.setDport(dstPort);
byte[] buff = new byte[packet.getTotalSize()];
packet.transferStateAndDataTo(buff);
JBuffer jb = new JBuffer(buff);
String content = jb.toHexdump();
//for(int i = 0; i < tcpRules.size(); i++) {
//if(content.contains(tcpRules.get(i).getContent())) {
//message.setMsg(tcpRules.get(i).getMsg());
message.setPacket(content);
sendMessage();
//}
//}
}
private void handleUdp(PcapPacket packet) {
packet.getHeader(udp);
String srcPort = String.valueOf(udp.source());
String dstPort = String.valueOf(udp.destination());
message.setSport(srcPort);
message.setDport(dstPort);
byte[] buff = new byte[packet.getTotalSize()];
packet.transferStateAndDataTo(buff);
JBuffer jb = new JBuffer(buff);
String content = jb.toHexdump();
//for(int i = 0; i < udpRules.size(); i++) {
//if(content.contains(udpRules.get(i).getContent())) {
//message.setMsg(udpRules.get(i).getMsg());
message.setPacket(content);
sendMessage();
//}
//}
}
private void sendMessage() {
MessageCenter.sendMessage(message);
}
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 使用jnetpcap捕获数据包进行流量检测
- 使用jnetpcap捕获数据包进行流量检测
- Jnetpcap 官方案例(3)- 从离线文件捕获数据包
- golang使用gopacket包进行数据包捕获,注入和分析
- jNetPcap-用Java实现libpcap完整封装的网络数据包捕获函数库
- Jnetpcap 官方实例(4)- 将捕获的数据包写入文件
- 综合运用端口匹配、深度数据包检测、流量特征进行P2P流量识别
- tcpdump/libpcap中捕获数据包的时间戳
- 如何使用Erdas进行智能变化检测
- linux fedora 14(内核2.6.35.6) PF_RING+libpcap 极速捕获千兆网数据包,不丢包
- 【R笔记】使用R语言进行异常检测
- 使用真实流量请求进行系统测试
- Jnetpcap 官方样例(2)- 创建一个TCP数据包
- 使用Purify进行java代码内存泄漏检测与诊断
- 使用Faster-Rcnn进行目标检测的原理
- 使用tcpcopy导入线上流量进行功能和压力测试
- 使用radon变换进行直线检测
- R语言使用神经网络进行标识检测