Using jNetPcap to read HTTP packets


jNetPcap has been great to work with as long as you stay consistent with what version you use. Here’s a sampling of how to parse an HTTP packet using version 1.4.r1390.

     if (pack.hasHeader(tcp) && pack.hasHeader(http)) {  
         pack.getHeader(eth);
         pack.getHeader(tcp);
         pack.getHeader(ip4);

         if(tcp.destination() == 80) {
               if(http.hasField(Http.Request.Accept) && http.fieldValue(Http.Request.Accept).contains("text/html")) {

                   String dstIp = FormatUtils.ip(ip4.destination());
                   String srcIp = FormatUtils.ip(ip4.source());
                   String dstMac = FormatUtils.mac(eth.destination());
                   String srcMac = FormatUtils.mac(eth.source());

                   String host = http.fieldValue(Http.Request.Host);
                   String url = host + http.fieldValue(Http.Request.RequestUrl);
                   String referer =  http.fieldValue(Http.Request.Referer);

                   RecorderService.recordHttpRequest(srcMac, srcIp, dstIp, host, url, referer);
                   System.out.println("Request: " + srcIp + " - " + url);
                   //superFlowMap.nextPacket(packet, superFlowMap);
                }
          }
    }
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s