Tuesday, February 2, 2010

Wireshark and Java API for packet sniffing

Here is a nice tutorial I found on the web for basics of networking.It gave a decent very high level overview of Network Topology, OSI Layers, Protocols  and Routing.

If you want to look more on how your network traffic looks you can try a packet sniffer called wireshark.Works extremely well for me on both Windows and Linux(Ubuntu).Wireshark is open source software that depends on another open source package called libpcap.You can set filters in wireshark on pretty much anything so you see only those packets for example show only ARP packets, Show only DNS requests requesting for facebook.com etc. If you are on a ethernet network, it is probably based on CDMA/CD so if you sniff your Network Interface Card in promiscous mode you will pick up not just packets meant for you but probably also other packets on the wire

If you like to use Java for packet sniffing , there is also an open source API for that - JpCap .It basically is against based on libpcap and has tons of native calls.Nothing like trying to debug a ArrayIndexOutOfBoundsException you get from within the native code ! :-)

Anyways here is what I had to do to be able to run the code from eclipse on my Ubuntu


  1. sudo apt-get install build-essential (for libpcap compilation)
  2. sudo apt-get install (for libpcap compilation)
  3. sudo apt-get install bison (for libpcap compilation)
  4. sudo apt-get install autoconf (for libpcap compilation)
  5. Then get libcap from here 
  6. Then pretty much ran ./autoconf, ./configure, ./make and sudo make install from within the libcap source directory
  7. sudo apt-get Install openjdk6
  8. sudo apt-get install eclipse
  9. Download the source for jpcap from here.
  10. The source has both Java and C code, so if you want to get it into eclipse, create a regular Java project and just copy the Java files under the src folder and dump the rest directly under the Project folder itself.
  11. You'll need to compile the C code first into object code.I had to update the makefile to use -fPIC flags for gcc.This is needed apparently if you are running on 64 bit machine else gcc will complain.
  12. copied libjpcap.so from above step to here /usr/lib/jvm/java-6-openjdk/jre/lib/amd64/libjpcap.so
  13. sudo cp *libpcap* /usr/lib/jvm/java-6-openjdk/jre/lib/amd64/
  14. Run eclipse with root priveleges i.e. sudo eclipse to launch the IDE
Posted by gpb at 3:36 AM

1 comment:

LoHit VenTeKar said...

Hello Sir, im a Hubli, Karnataka based computer science student, im currently doing a project on packet sniffing, can u help me in this project?? i'll be gratefull to u.. plz mail me on lohithbl@gmail.com

thnx

February 9, 2010 at 6:45 PM

Post a Comment

Subscribe to: Post Comments (Atom)