public static void main(String[] args) {
/* ipaddress.add("139.130.4.5");
ipaddress.add("74.125.226.22");
ipaddress.add("69.171.230.68");
*/
final StringBuilder errbuf = new StringBuilder();
final Pcap pcap = Pcap.openOffline(FILENAME, errbuf);
if (pcap == null) {
System.err.println(errbuf);
return;
}
pcap.loop(
Pcap.LOOP_INFINITE,
new JPacketHandler<StringBuilder>() {
final Tcp tcp = new Tcp();
final Ip4 ip4 = new Ip4();
final Http http = new Http();
public void nextPacket(JPacket packet, StringBuilder errbuf) {
if (packet.hasHeader(Tcp.ID)) {
if (packet.hasHeader(tcp) && packet.hasHeader(http)) {
packet.getHeader(ip4);
byte[] sip = new byte[4];
sip = packet.getHeader(ip4).source();
byte[] dip = new byte[4];
dip = packet.getHeader(ip4).destination();
String destinationip = org.jnetpcap.packet.format.FormatUtils.ip(dip);
if (!(ipaddress.contains(destinationip))) {
ipaddress.add(destinationip);
}
}
}
}
},
errbuf);
ipaddresscollection();
// pcap.close();
}
/**
* @param descriptor the protocol descriptor
* @param listener the packet listener
* @param file the dump file
* @throws IOException if any error occur while reading the file
*/
public FileProtocolParser(ProtocolDescriptor descriptor, PacketListener listener, File file)
throws IOException {
super(descriptor, listener, Pcap.openOffline(file.getAbsolutePath(), new StringBuilder()));
}
public void create() {
/**
* ************************************************************************* First we setup
* error buffer and name for our file
* ************************************************************************
*/
final StringBuilder errbuf = new StringBuilder(); // For any error msgs
final String file = "captured.txt";
final String pcapFile = "captured.pcap";
// delete the old txt file by opening it as an output
try {
FileWriter results = new FileWriter(file);
// Create new File.
BufferedWriter out = new BufferedWriter(results);
out.close();
} catch (IOException e) {
System.out.println("The file cannot be opened " + e);
}
//
System.out.println("Opening file for reading:" + pcapFile);
/**
* ************************************************************************* Second we open up
* the selected file using openOffline call
* ************************************************************************
*/
Pcap pcap = Pcap.openOffline(pcapFile, errbuf);
if (pcap == null) {
System.err.printf("Error while opening device for capture: " + errbuf.toString());
return;
}
/**
* ************************************************************************* Third we create a
* packet handler which will receive packets from the libpcap loop.
* ************************************************************************
*/
PcapPacketHandler<String> jpacketHandler =
new PcapPacketHandler<String>() {
public void nextPacket(PcapPacket packet, String user) {
Tcp tcp = new Tcp();
Ip4 ip = new Ip4();
Udp udp = new Udp();
final Http http = new Http();
int TotalSize = 0;
int caplen = 0;
int ext = 0;
int ack = 0;
int istcp = 0;
int ishttp = 0;
int isudp = 0;
int headerLength = 0;
int PayloadLength = 0;
// System.out.println(packet.getTotalSize());//costas
// System.out.printf( " total size %-6d caplen= %6d %6d ",
// packet.getTotalSize(),
// packet.getCaptureHeader().caplen(),packet.getTotalSize()-
// packet.getCaptureHeader().caplen());//costas
TotalSize = packet.getTotalSize();
caplen = packet.getCaptureHeader().caplen();
PayloadLength = 0;
headerLength = 0;
ext = 0;
ack = 0;
// ****************************************************
String ssourceIp = "";
String destinIp = "";
String sourceIp = "";
if (packet.hasHeader(ip)) {
sourceIp = FormatUtils.ip(ip.source());
destinIp = FormatUtils.ip(ip.destination());
}
if (packet.hasHeader(udp)) // for udp packets
{
isudp = 1;
headerLength = udp.getHeaderLength();
if (packet.hasHeader(ip)) // check for the existance of ip
{
InetAddress ipAddress = null;
try {
ipAddress = InetAddress.getByAddress(ip.source()); // get
// the
// ip
// address
// ipAddress=
// InetAddress.getByAddress(ip.destination());
} catch (UnknownHostException e) {
}
ssourceIp = ipAddress.getHostAddress(); // get the ip
// address
if (sourceIp.startsWith("10.3.")
|| sourceIp.startsWith("192.168.")
|| sourceIp.startsWith("10.239.")
|| sourceIp.startsWith("10.4.")) {
ext = 0; // out-going message
} else {
ext = 1; // in-coming message
}
ack = 0;
} // end for header ip
PayloadLength = udp.getPayloadLength();
} // end for udp packet.
else {
isudp = 0;
}
// *******************************************************************
if (packet.hasHeader(http)) {
ishttp = 1;
PayloadLength = http.getPayloadLength();
if (packet.hasHeader(ip)) //
{
InetAddress ipAddress = null;
try {
ipAddress = InetAddress.getByAddress(ip.source());
} catch (UnknownHostException e) {
}
ssourceIp = ipAddress.getHostAddress(); // get the ip
// address
if (sourceIp.startsWith("10.3.")
|| sourceIp.startsWith("192.168.")
|| sourceIp.startsWith("10.239.")
|| sourceIp.startsWith("10.4.")) {
ext = 0; // internal address
} else {
ext = 1; // external
}
} // end for header ip
} else // not http
{
ishttp = 0;
} // end for http
// **********************************************
if (packet.hasHeader(tcp)) {
istcp = 1;
headerLength = tcp.getHeaderLength();
if (packet.hasHeader(ip)) // check for existance of ip
// header
{
InetAddress ipAddress = null;
try {
ipAddress = InetAddress.getByAddress(ip.source());
} catch (UnknownHostException e) {
}
ssourceIp = ipAddress.getHostAddress(); // get the ip
// address
if (sourceIp.startsWith("10.3.")
|| sourceIp.startsWith("192.168.")
|| sourceIp.startsWith("10.239.")
|| sourceIp.startsWith("10.4.")) {
ext = 0; // out-going message
} else {
ext = 1; // in-coming message
}
if (tcp.flags_ACK() == true) ack = 1;
else ack = 0;
} // end for header ip
PayloadLength = tcp.getPayloadLength();
} // end for tcp packet.
else {
istcp = 0;
}
String rec =
istcp
+ ","
+ ishttp
+ ","
+ isudp
+ ","
+ ack
+ ","
+ ext
+ ","
+ TotalSize
+ ","
+ PayloadLength
+ ","
+ caplen
+ ","
+ headerLength
+ ","
+ sourceIp
+ ","
+ destinIp
+ ","
+ user;
write_rec(file, rec); // write raw data in a text file.
}
};
// capturing all the packets of the Pcap file
try {
pcap.loop(Pcap.LOOP_INFINITE, jpacketHandler, "?");
} finally {
// Last thing to do is close the pcap handle
pcap.close();
System.out.println("End of packet capturing..Pcap file closed");
System.out.println("Now the analyser is running...");
scanTxtFile(file, "test-final.arff"); // scans the file.txt and
// creates a weka file
// (arff)
}
} // end of main