0

I am sniffering packets on ethernet (eth0) in java with the help of jpcap library... So, In my project I have a JpcapCaptor ... 

    //Open an interface with openDevice(NetworkInterface intrface, int snaplen, boolean promics, int to_ms)
        JpcapCaptor captor=JpcapCaptor.openDevice(devices[index], 65535, false, 20);
        captor.setFilter("icmp", true);
        captor.loopPacket(-1, new PacketPrinter());

Then I have Packet printer which prints a body of sniffered packets ... 

    public class PacketPrinter implements PacketReceiver {
@Override
public void receivePacket(Packet packet) {
    InputStream is = new ByteArrayInputStream(packet.data);
    try {
        String sstr = IOUtils.toString(is, "UTF-8");
        System.out.println("STRING " + sstr);
    } catch (IOException e1) {
        // TODO Auto-generated catch block
        e1.printStackTrace();
    }
       String ss;
    try {
        ss = new String(packet.data, "UTF-8");
        System.out.println("STRING " + ss);
    } catch (UnsupportedEncodingException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } 
}

But there is a problem... packet.data is a byte[]... And console prints it as 

    STRING W�xQ��       !"#$%&'()*+,-./01234567
    STRING W�xQ��       !"#$%&'()*+,-./01234567
    STRING W�xQ��       !"#$%&'()*+,-./01234567

As I understand it is because of problem with encoding??? What is the solution to decide this problem?

timonvlad
  • 1,046
  • 3
  • 13
  • 31
  • It is an encoding issue, but probably not in the way you think. This basically indicates that whatever is rendering the text, doesn't have the representations for the characters. As far as your code is concerned, I see nothing wrong. Where are you displaying this from? Have you tried it without specifying an encoding? – kolossus Apr 25 '13 at 05:30
  • Yes, I have tryed... I have begun to find solution with encoding just after this problem appeared without encoding..((( I am displaying it in eclipse in console or in terminal on Ubuntu... – timonvlad Apr 25 '13 at 05:36
  • Then there simply aren't human readable characters in the charset available on your platform to display those bits of text – kolossus Apr 25 '13 at 05:40

1 Answers1

1

As I understand it is because of problem with encoding?

That may be correct. It also may be that the stuff you are trying to turn into a String is not text at all. In fact, if that is a raw network packet that you have sniffed, it is pretty much guaranteed that some of the packet (the IP/ICMP packet headers) won't be text.

What is the solution to this problem?

The solution is to understand what it is you are trying to decode and whether or not it is appropriate to decode it as if it was encoded text. If not, you need to decode / display it differently ... depending on what the relevant RFC says about the packets you are trying to display.

Stephen C
  • 698,415
  • 94
  • 811
  • 1,216
  • Jpcap makes the same thing as -ngrep -W byline or tcpdump or smth else... So these snifferes shows us body of packets with fileds: from:...to:... and etc. – timonvlad Apr 25 '13 at 05:34
  • Yes ... and presumably those fields are actually binary data, not text. And if that is the case, then trying to treat them as (encoded) text is going to give the kind of garbage you are seeing here. – Stephen C Apr 25 '13 at 06:24