Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/bertrandmartel/pcapng-decoder
Java PCAPNG decoder library
https://github.com/bertrandmartel/pcapng-decoder
java pcapng pcapng-decoder
Last synced: 4 days ago
JSON representation
Java PCAPNG decoder library
- Host: GitHub
- URL: https://github.com/bertrandmartel/pcapng-decoder
- Owner: bertrandmartel
- License: mit
- Created: 2015-05-03T03:37:56.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2019-08-26T13:59:26.000Z (about 5 years ago)
- Last Synced: 2023-09-05T01:51:27.781Z (about 1 year ago)
- Topics: java, pcapng, pcapng-decoder
- Language: Java
- Homepage:
- Size: 1.78 MB
- Stars: 24
- Watchers: 4
- Forks: 11
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE.md
Awesome Lists containing this project
README
# PCAPNG Decoder Library #
http://bertrandmartel.github.io/pcapng-decoder/
[](https://travis-ci.org/bertrandmartel/pcapng-decoder)
[  ](https://bintray.com/bertrandmartel/maven/pcapng-parser/_latestVersion)
[](https://www.codacy.com/app/bertrandmartel/pcapng-decoder?utm_source=github.com&utm_medium=referral&utm_content=bertrandmartel/pcapng-decoder&utm_campaign=Badge_Grade)
[](https://maven-badges.herokuapp.com/maven-central/fr.bmartel/pcapngdecoder)
[](http://javadoc-badge.appspot.com/fr.bmartel/pcapngdecoder)
[](LICENSE.md)
Java PCAPNG file parser library
## Include in your project
* from gradle
```
compile 'fr.bmartel:pcapngdecoder:1.2'
```
* from release archive
https://github.com/bertrandmartel/pcapng-decoder/releases
## Run example
```
./gradlew run -PappArgs="['-f', 'path_to_file/pcapfile/exemple.pcapng' , '-v' ]"
```
| args | description |
|------------------|----------------------------------------------------|
| -f | input file |
| -v | verbose, will show all section parsing content |
Example source code can be found here
## How to use ?
### Decode
* decode from n input file :
```
PcapDecoder decoder = new PcapDecoder("path/to/file.pcapng");
decoder.decode();
```
* decode from a byte array :
```
byte[] pcapBa = getPcapBa();
PcapDecoder decoder = new PcapDecoder(pcapBa);
decoder.decode();
```
### Data access
Pcap section list can be accessed via `getSectionList()` :
```
ArrayList sectionList = decoder.getSectionList()
```
All section type inherit from `IPcapngType`, use reflection to access each type :
```
for (int i = 0; i < sectionList.size(); i++) {
if (sectionList.get(i) instanceof ISectionHeaderBlock) {
ISectionHeaderBlock section = (ISectionHeaderBlock) sectionList.get(i);
//do what you want with Section Header Block frame type
} else if (sectionList.get(i) instanceof IDescriptionBlock) {
IDescriptionBlock section = (IDescriptionBlock) sectionList.get(i);
//do what you want with Description Block frame type
} else if (sectionList.get(i) instanceof IEnhancedPacketBLock) {
IEnhancedPacketBLock section = (IEnhancedPacketBLock) sectionList.get(i);
//do what you want with Enhanced Packet Block frame type
} else if (sectionList.get(i) instanceof IStatisticsBlock) {
IStatisticsBlock section = (IStatisticsBlock) sectionList.get(i);
//do what you want with Statistics Block frame type
} else if (sectionList.get(i) instanceof INameResolutionBlock) {
INameResolutionBlock section = (INameResolutionBlock) sectionList.get(i);
//do what you want with Name Resolution Block frame type
}
}
```
Note : packet data in Enhanced Packet Block is left in packet source endianness
## JavaDoc
http://javadoc-badge.appspot.com/fr.bmartel/pcapngdecoder
## Example output
```
##########################################################
SECTION HEADER BLOCK
Major version : 0
Minor version : 1
OS : Linux 3.8.0-19-generic
user application : Dumpcap 1.10.2 (SVN Rev 51934 from /trunk-1.10)
##########################################################
SECTION INTERFACE DESCRIPTION BLOCK
Link type : LINKTYPE_IEEE802_11_RADIO
Snap len : 65535
interface name : wlan0
timestamp resolution : 6
interface OS name : Linux 3.8.0-19-generic
##########################################################
SECTION ENHANCED PACKET BLOCK
interface id : 0
timestamp in millis : Sat Apr 18 12:13:41 CEST 2015
captured length : 185
packet length : 185
packet data : 00 | 00 | 12 | 00 | 2E | 48 | 00 | 00 | 10 | 02 | A3 | 09 | A0 | 00 | C2 | 07 | 00 | 00 | 80 | 00 | 00 | 00 | FF | FF | FF | FF | FF | FF | 00 | 24 | D4 | 6B | 0C | 5D | 00 | 24 | D4 | 6B | 0C | 5D | 00 | E5 | 60 | 01 | 25 | DE | 32 | 03 | 00 | 00 | 60 | 00 | 01 | 04 | 00 | 08 | 46 | 72 | 65 | 65 | 57 | 69 | 66 | 69 | 01 | 08 | 82 | 84 | 8B | 96 | 2C | 0C | 12 | 18 | 03 | 01 | 0C | 05 | 04 | 00 | 02 | 00 | 00 | 2A | 01 | 04 | 32 | 05 | 24 | 30 | 48 | 60 | 6C | 2D | 1A | 6C | 00 | 03 | FF | FF | FF | 00 | 01 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 01 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 3D | 16 | 0C | 00 | 13 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 7F | 08 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 40 | DD | 18 | 00 | 50 | F2 | 02 | 01 | 01 | 00 | 00 | 03 | A4 | 00 | 00 | 27 | A4 | 00 | 00 | 42 | 43 | 5E | 00 | 62 | 32 | 2F | 00 | A3 | 26 | 13 | 07
##########################################################
SECTION INTERFACE STATISTICS BLOCK
interface id : 0
timestamp in millis : Sat Apr 18 12:16:43 CEST 2015
capture start time : Sat Apr 18 12:13:41 CEST 2015
capture end time : Sat Apr 18 12:16:43 CEST 2015
packet received count : 9493
packet drop count : 0
##########################################################
```
## Compatibility
JRE 1.7 compliant
## Build
Gradle using IntelliJ IDEA or Eclipse
## Specifications
https://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
## License
The MIT License (MIT) Copyright (c) 2015-2016 Bertrand Martel