Skip to content

Latest commit

 

History

History
99 lines (73 loc) · 3.95 KB

README.md

File metadata and controls

99 lines (73 loc) · 3.95 KB

PCAPNG File Parser

http://akinaru.github.io/pcapng-decoder-java/

Update 04/05/2015

Will decode pcap ng file with following sections :

  • Section Header
  • Interface Description
  • Interface Statistics
  • Enhanced Packet
  • Name Resolution

Further section type will be added in the future.


COMMAND LINE SYNTAX :

java -jar pcapngdecoder-1.0.jar -f ../pcapfile/exemple.pcapng -v

-f <file.pcapng> : input file

-v : verbose, will show all section parsing content

Example laucnhed from release folder


PROGRAM SYNTAX :

byte[] dataFromFile = readFile("test.pcapng");

PcapDecoder pcapNgDecoder = new PcapDecoder(dataFromFile);
pcapNgDecoder.decode();

dont forget the import : import fr.bmartel.pcapdecoder.PcapDecoder;

You will access all parsed data from pcapNgDecoder object. A complete example is present in fr.bmartel.pcapdecoder.main.DisplayAllPacket class

getSectionList() : retrieve all sections Object

Access to section type is possible with reflection using instanceof with a set of interface defined in package fr.bmartel.pcapdecoder.structure.types.inter :

For now only 4 are parsed successfully :

  • ISectionHeaderBlock
  • IEnhancedPacketBlock
  • IStatisticsBLock
  • IDescritpionBlock
  • INameResolutionBlock

A getSectionList().get(index) instanceof ISectionHeaderBlock will permit you to cast the latter interface to get access to the section's characteristics.

packet data in Enhanced Packet Block is left in packet source endianness (make it easier to compare with Wireshark result)


Output Example

##########################################################
SECTION HEADER BLOCK
Major version : 0
Minor version : 1
OS : Linux 3.8.0-19-generic
user application : Dumpcap 1.10.2 (SVN Rev 51934 from /trunk-1.10)
##########################################################
SECTION INTERFACE DESCRIPTION BLOCK
Link type : LINKTYPE_IEEE802_11_RADIO
Snap len : 65535
interface name : wlan0
timestamp resolution : 6
interface OS name : Linux 3.8.0-19-generic
##########################################################
SECTION ENHANCED PACKET BLOCK
interface id : 0
timestamp in millis : Sat Apr 18 12:13:41 CEST 2015
captured length : 185
packet length : 185
packet data : 00 | 00 | 12 | 00 | 2E | 48 | 00 | 00 | 10 | 02 | A3 | 09 | A0 | 00 | C2 | 07 | 00 | 00 | 80 | 00 | 00 | 00 | FF | FF | FF | FF | FF | FF | 00 | 24 | D4 | 6B | 0C | 5D | 00 | 24 | D4 | 6B | 0C | 5D | 00 | E5 | 60 | 01 | 25 | DE | 32 | 03 | 00 | 00 | 60 | 00 | 01 | 04 | 00 | 08 | 46 | 72 | 65 | 65 | 57 | 69 | 66 | 69 | 01 | 08 | 82 | 84 | 8B | 96 | 2C | 0C | 12 | 18 | 03 | 01 | 0C | 05 | 04 | 00 | 02 | 00 | 00 | 2A | 01 | 04 | 32 | 05 | 24 | 30 | 48 | 60 | 6C | 2D | 1A | 6C | 00 | 03 | FF | FF | FF | 00 | 01 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 01 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 3D | 16 | 0C | 00 | 13 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 7F | 08 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 40 | DD | 18 | 00 | 50 | F2 | 02 | 01 | 01 | 00 | 00 | 03 | A4 | 00 | 00 | 27 | A4 | 00 | 00 | 42 | 43 | 5E | 00 | 62 | 32 | 2F | 00 | A3 | 26 | 13 | 07
##########################################################
SECTION INTERFACE STATISTICS BLOCK
interface id : 0
timestamp in millis : Sat Apr 18 12:16:43 CEST 2015
capture start time : Sat Apr 18 12:13:41 CEST 2015
capture end time : Sat Apr 18 12:16:43 CEST 2015
packet received count : 9493
packet drop count : 0
##########################################################