Capture Network Packages with Java

This example demonstrates how to capture network packages with pcap and Java.

To run the examples you will need to install libpcap for your operation system. For Windows download and install WinPcap.

Ubuntu users can install libpcap running this command:

sudo apt-get install libpcap-dev

We will use jNetPcap as Java wrapper. The following examples require version 1.4




List Network Devices

import java.util.ArrayList;
import java.util.List;

import org.jnetpcap.Pcap;
import org.jnetpcap.PcapIf;

public class NetworkInterfaces {

	public static void main(String[] args) {
		List<PcapIf> alldevs = new ArrayList<PcapIf>(); // Will be filled with NICs
		StringBuilder errbuf = new StringBuilder(); // For any error msgs

		int r = Pcap.findAllDevs(alldevs, errbuf);
		if (r == Pcap.NOT_OK || alldevs.isEmpty()) {
			System.err.printf("Can't read list of devices, error is %s",
					errbuf.toString());
			return;
		}

		System.out.println("Network devices found:");

		int i = 0;
		for (PcapIf device : alldevs) {
			String description = (device.getDescription() != null) ? device
					.getDescription() : "No description available";
			System.out.printf("#%d: %s [%s]\n", i++, device.getName(),
					description);
		}
	}

}

 Capture Packages

Following complete example captures first 10 packages:

import java.util.ArrayList;
import java.util.List;

import org.jnetpcap.Pcap;
import org.jnetpcap.PcapIf;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.packet.PcapPacketHandler;
import org.jnetpcap.protocol.network.Ip4;

public class PackageCapture {

	public static void main(String[] args) {
		List<PcapIf> alldevs = new ArrayList<PcapIf>(); // Will be filled with NICs
		StringBuilder errbuf = new StringBuilder(); // For any error msgs

		int r = Pcap.findAllDevs(alldevs, errbuf);
		if (r != Pcap.OK || alldevs.isEmpty()) {
			System.err.printf("Can't read list of devices, error is %s",
					errbuf.toString());
			return;
		}

		System.out.println("Network devices found:");

		int i = 0;
		for (PcapIf device : alldevs) {
			String description = (device.getDescription() != null) ? device
					.getDescription() : "No description available";
			System.out.printf("#%d: %s [%s]\n", i++, device.getName(),
					description);
		}

		PcapIf device = alldevs.get(0); // Get first device in list
		System.out.printf("\nChoosing '%s' on your behalf:\n",
				(device.getDescription() != null) ? device.getDescription()
						: device.getName());

		int snaplen = 64 * 1024; // Capture all packets, no trucation
		int flags = Pcap.MODE_PROMISCUOUS; // capture all packets
		int timeout = 10 * 1000; // 10 seconds in millis
		Pcap pcap = Pcap.openLive(device.getName(), snaplen, flags, timeout, errbuf);

		if (pcap == null) {
			System.err.printf("Error while opening device for capture: "
					+ errbuf.toString());
			return;
		}

		PcapPacketHandler<String> jpacketHandler = new PcapPacketHandler<String>() {

			public void nextPacket(PcapPacket packet, String user) {

				byte[] data = packet.getByteArray(0, packet.size()); // the package data
				byte[] sIP = new byte[4];
				byte[] dIP = new byte[4];

				Ip4 ip = new Ip4();
				if (packet.hasHeader(ip) == false) {
					return; // Not IP packet
				}

				ip.source(sIP);
				ip.destination(dIP);

				/* Use jNetPcap format utilities */
				String sourceIP = org.jnetpcap.packet.format.FormatUtils.ip(sIP);
				String destinationIP = org.jnetpcap.packet.format.FormatUtils.ip(dIP);
				
				System.out.println("srcIP=" + sourceIP + 
						" dstIP=" + destinationIP + 
						" caplen=" + packet.getCaptureHeader().caplen());
			}
		};

		// capture first 10 packages
		pcap.loop(10, jpacketHandler, "jNetPcap");

		pcap.close();
	}

}

if you want to capture specific packages you can set a filter like this:

PcapBpfProgram filter = new PcapBpfProgram();
String expression = "tcp port 3724 or tcp port 1119";
int optimize = 0; // 0 = false
int netmask = 0xFFFFFF00; // 255.255.255.0

if (pcap.compile(filter, expression, optimize, netmask) != Pcap.OK) {
	System.err.println(pcap.getErr());
	return;
}

if (pcap.setFilter(filter) != Pcap.OK) {
	System.err.println(pcap.getErr());
	return;
}

 

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Digg thisPin on PinterestShare on RedditShare on StumbleUponPrint this pageEmail this to someone

4 thoughts on “Capture Network Packages with Java

  1. I am getting this error.Can you help me?
    Choosing ‘Microsoft’ on your behalf:
    Mar 16, 2016 11:03:10 AM java.util.logging.LogManager$RootLogger log
    SEVERE: JLogger.static: Unable to find builtin-logger.properties. Is resources
    directory missing in JAR File?
    Mar 16, 2016 11:03:10 AM org.jnetpcap.util.config.JConfig
    SEVERE: JConfig.static: unable to find builtin-config.properites. Is resources
    directory in JAR file?
    Mar 16, 2016 11:03:10 AM org.jnetpcap.util.config.JConfig
    SEVERE: JConfig.static3: unable to find builtin-logger.properties. Is resource
    s directory in JAR file?

    1. Did you added jnetpcp.jar to your project? Also you need to bind the folder containing the native dll files in “Native library location” for jnetpcap.jar. DLLs and jnetpcap.jar are found in downloadable zip file, mentioned in the beginning of the tutorial

  2. hello i have problem to run it
    Exception in thread “main” java.lang.UnsatisfiedLinkError: no jnetpcap in java.library.path
    at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1886)
    at java.lang.Runtime.loadLibrary0(Runtime.java:849)
    at java.lang.System.loadLibrary(System.java:1088)
    at org.jnetpcap.Pcap.(Unknown Source)
    at javaapplication5.NetworkInterfaces.main(NetworkInterfaces.java:17)
    C:\Users\KASYFI\AppData\Local\NetBeans\Cache\8.1\executor-snippets\run.xml:53: Java returned: 1
    BUILD FAILED (total time: 0 seconds)
    please help i really need to make it run perfectly

    1. Hello Kasper292,
      Please check if you have jnetpcap.dll in your java.library.path
      Also make sure you have winpcap installed, that will also cause this type of error even though jnetpcap.dll is found, but one of its dependencies is not.

Leave a Reply