jnetpcap是用java对libpcap的一个封装,它可以用来监听网卡,捕获数据包
CaptureCore.java
package nssa.nm.capture;
import java.util.ArrayList;
import java.util.List;
import javax.swing.JOptionPane;
import org.jnetpcap.Pcap;
import org.jnetpcap.PcapIf;
public class CaptureCore {
public static List<PcapIf> getDevs() {//获取机器上的网卡列表
List<PcapIf> devs = new ArrayList<PcapIf>();
StringBuilder errsb = new StringBuilder();
int r = Pcap.findAllDevs(devs, errsb);
if (r == Pcap.NOT_OK || devs.isEmpty()) {
JOptionPane.showMessageDialog(null,errsb.toString(),"错误",JOptionPane.ERROR_MESSAGE);
return null;
} else {
return devs;
}
}
public static void startCaptureAt(int num) {//选择一个网卡开启抓包
List<PcapIf> devs = new ArrayList<PcapIf>();
StringBuilder errsb = new StringBuilder();
int r = Pcap.findAllDevs(devs, errsb);
if (r == Pcap.NOT_OK || devs.isEmpty()) {
JOptionPane.showMessageDialog(null,errsb.toString(),"错误",JOptionPane.ERROR_MESSAGE);
return;
}
PcapIf device = devs.get(num);
int snaplen = Pcap.DEFAULT_SNAPLEN;//长度65536
int flags = Pcap.MODE_PROMISCUOUS;//混杂模式
int timeout = 10 * 1000;
//StringBuilder errsb = null;
Pcap pcap = Pcap.openLive(device.getName(), snaplen, flags, timeout, errsb);
if (pcap == null) {
JOptionPane.showMessageDialog(null,errsb.toString(),"错误",JOptionPane.ERROR_MESSAGE);
return;
}
PacketMatch packetMatch = PacketMatch.getInstance();
packetMatch.loadRules();
MyPcapPacketHandler<Object> myhandler = new MyPcapPacketHandler<Object>();
pcap.loop(0, myhandler, "jnetpcap");
pcap.close();
}MyPcapPacketHandler.java
package nssa.nm.capture;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.packet.PcapPacketHandler;
public class MyPcapPacketHandler<Object> implements PcapPacketHandler<Object> {//抓到包后送去检测
@Override
public void nextPacket(PcapPacket packet, Object obj) {
PacketMatch packetMatch = PacketMatch.getInstance();
packetMatch.handlePacket(packet);
}
}
package nssa.nm.capture;
import java.util.ArrayList;
import java.util.List;
import org.jnetpcap.nio.JBuffer;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.protocol.network.Icmp;
import org.jnetpcap.protocol.network.Ip4;
import org.jnetpcap.protocol.tcpip.Tcp;
import org.jnetpcap.protocol.tcpip.Udp;
import nssa.nm.message.MessageCenter;
import nssa.nm.message.NMMessage;
import nssa.nm.vo.Rule;
public class PacketMatch {
private static PacketMatch pm;
private Ip4 ip = new Ip4();
private Icmp icmp = new Icmp();
private Tcp tcp = new Tcp();
private Udp udp = new Udp();
private List<Rule> icmpRules;
private List<Rule> tcpRules;
private List<Rule> udpRules;
private NMMessage message;
public static PacketMatch getInstance() {
if (pm == null) {
pm = new PacketMatch();
}
return pm;
}
public void loadRules() {//加载规则
/*RuleDao dao = new RuleDao();
try {
icmpRules = dao.list("icmp");
tcpRules = dao.list("tcp");
udpRules = dao.list("udp");
} catch (SQLException e) {
JOptionPane.showMessageDialog(null,e.toString(),"错误",JOptionPane.ERROR_MESSAGE);
}*/
icmpRules = new ArrayList<Rule>();
tcpRules = new ArrayList<Rule>();
udpRules = new ArrayList<Rule>();
}
public void handlePacket(PcapPacket packet) {//根据包头选择不同的规则
message = new NMMessage();
if (packet.hasHeader(ip)) {
handleIp(packet);
}
if (packet.hasHeader(icmp)) {
handleIcmp(packet);
}
if (packet.hasHeader(tcp)) {
handleTcp(packet);
}
if (packet.hasHeader(udp)) {
handleUdp(packet);
}
}
private void handleIp(PcapPacket packet) {
packet.getHeader(ip);
byte[] sIP = new byte[4], dIP = new byte[4];
sIP = ip.source();
dIP = ip.destination();
String srcIP = org.jnetpcap.packet.format.FormatUtils.ip(sIP);
String dstIP = org.jnetpcap.packet.format.FormatUtils.ip(dIP);
message.setSip(srcIP);
message.setDip(dstIP);
}
private void handleIcmp(PcapPacket packet) {
packet.getHeader(icmp);
byte[] buff = new byte[packet.getTotalSize()];
packet.transferStateAndDataTo(buff);
JBuffer jb = new JBuffer(buff);
String content = jb.toHexdump();
//for(int i = 0; i < icmpRules.size(); i++) {
//if(content.contains(icmpRules.get(i).getContent())) {
//message.setMsg(icmpRules.get(i).getMsg());
message.setPacket(content);
sendMessage();
//}
//}
}
private void handleTcp(PcapPacket packet) {
packet.getHeader(tcp);
String srcPort = String.valueOf(tcp.source());
String dstPort = String.valueOf(tcp.destination());
message.setSport(srcPort);
message.setDport(dstPort);
byte[] buff = new byte[packet.getTotalSize()];
packet.transferStateAndDataTo(buff);
JBuffer jb = new JBuffer(buff);
String content = jb.toHexdump();
//for(int i = 0; i < tcpRules.size(); i++) {
//if(content.contains(tcpRules.get(i).getContent())) {
//message.setMsg(tcpRules.get(i).getMsg());
message.setPacket(content);
sendMessage();
//}
//}
}
private void handleUdp(PcapPacket packet) {
packet.getHeader(udp);
String srcPort = String.valueOf(udp.source());
String dstPort = String.valueOf(udp.destination());
message.setSport(srcPort);
message.setDport(dstPort);
byte[] buff = new byte[packet.getTotalSize()];
packet.transferStateAndDataTo(buff);
JBuffer jb = new JBuffer(buff);
String content = jb.toHexdump();
//for(int i = 0; i < udpRules.size(); i++) {
//if(content.contains(udpRules.get(i).getContent())) {
//message.setMsg(udpRules.get(i).getMsg());
message.setPacket(content);
sendMessage();
//}
//}
}
private void sendMessage() {
MessageCenter.sendMessage(message);
}
}