Ask Wireshark - RSS feed

Comment by GGFPC for You are reading raw packet data through the use of...

November 19, 2018, 4:36 pm

Thanks for the reply. I thought pcap4j already did that. Can you point me to a resource on how to do that!

View Article

Comment by Guy Harris for You are reading raw packet data through the use of...

November 19, 2018, 8:40 pm

> You simply dump the raw packet data into a file. They're also writing it through libpcap - see the `handle.dumpOpen` and `dumper.dumpRaw` calls.

View Article

Comment by Jaap for You are reading raw packet data through the use of...

November 19, 2018, 11:28 pm

Oh, I see. It's encapsulating `pcap_dump_fopen()` then. Still not seeing `dumpRaw` encapsulating `pcap_dump()`, where's the packet header info (in particular the size)?

View Article

Comment by Guy Harris for You are reading raw packet data through the use of...

November 19, 2018, 11:44 pm

> where's the packet header info Nowhere. `dumpRaw` generates it. > in particular the size It's the size of the array that was handed to it. The `dumpRaw` code in pcap4j does: pcap_pkthdr header...

View Article

Comment by GGFPC for You are reading raw packet data through the use of...

November 20, 2018, 4:25 am

Okay I managed to overcome the error by writing to the PcapDumper only the exact number of bytes that were read. But now everything shows as Ethernet on Wireshark. How does libpcap decode the protocol...

View Article

Answer by Jaap for I'm trying to build a transparent proxy in Java with the...

November 19, 2018, 1:53 pm

You are reading raw packet data through the use of Pcap4J, but are not writing [PCAP](https://wiki.wireshark.org/Development/LibpcapFileFormat) format files. You simply dump the raw packet data into a...

View Article

Comment by GGFPC for You would have to structure the InputStream data so that...

November 20, 2018, 4:34 am

Hi, thanks for the answer. I'm trying to write a transparent proxy for any protocol to record the data sent to a specific port. This is so I don't have to sniff all traffic with libpcap as I'm trying...

View Article

Comment by Guy Harris for You would have to structure the InputStream data so...

November 20, 2018, 10:10 am

> I changed my code to write to the file only the amount of data that has been read from the stream in that iteration, which I feel would be okay since only one packet is sent at a time. If you're...

View Article

Comment by GGFPC for You would have to structure the InputStream data so that...

November 20, 2018, 11:10 am

Thanks once again. Yes it is a TCP socket. In that case I think I'm out of options, other than sniffing with libpcap right?

View Article

Comment by Guy Harris for You would have to structure the InputStream data so...

November 20, 2018, 11:51 am

You *could* try 1. using the `openDead ` method of `PcapHandle` to create a fake handle for link-layer type `DLT_RAW`; 2. using that to create the `PcapDumper`; 3. for each chunk of data you read from...

View Article

Comment by GGFPC for You would have to structure the InputStream data so that...

November 20, 2018, 2:18 pm

I'm trying that with the following code IpV4Packet p = new IpV4Packet.Builder() .dstAddr((Inet4Address) Inet4Address.getByName("172.0.0.1")) .srcAddr((Inet4Address) Inet4Address.getByName("172.0.0.2"))...

View Article

Comment by Guy Harris for You would have to structure the InputStream data so...

November 20, 2018, 8:32 pm

> Is this what you meant? Something *like* that - but if you know the host and port numbers of both endpoints of the conversation, you should use those rather than hardcoded IP addresses and ports....

View Article

Answer by Guy Harris for I'm trying to build a transparent proxy in Java with...

November 19, 2018, 11:17 pm

You would have to structure the InputStream data so that it could be divided into packets. For example, if you're writing raw packet data to the stream, before each packet you would write a number...

View Article

Comment by Guy Harris for I'm trying to build a transparent proxy in Java...

November 19, 2018, 8:44 pm

What is `mInputStream`? What class is it an instance of? It needs *somehow* to be divided into packets, so that each `.read` call returns one packet. And if a packet is bigger than 262144 bytes,...

View Article

Comment by GGFPC for I'm trying to build a transparent proxy in Java with the...

November 20, 2018, 4:23 am

It's just an InputStream directly from the Socket

View Article

Trying to write Java raw InputStream data as PCAP to view in Wireshark

November 19, 2018, 1:02 pm

I'm trying to build a transparent proxy in Java with the ability to record data that passed through to be viewed later in wireshark. I was able to get the proxy working correctly with this snippet...

View Article

More Pages to Explore .....

Latest Images