0

Have some problems with JNetPcap.

I uses Ubuntu 12.04, and trying to make packet snipper that based in java language.

What I did is below.

  1. I have downloaded JNetPcap 1.3.0.

  2. And as tutorial said built a java project. http://jnetpcap.com/examples/dumper <- this is the link.

  3. I typed just like that link and I got my first problem. PcapHandler Class is deprecated. So I find the document and replace it with ByteBufferHandler.

  4. Now I compile this project and got an unsatifiedLinked Error. I have tried with static block to load that library. After some attempts I copied "libjnetpcap.so" to /usr/lib/

  5. now I remove unsatisfiedLinked Error. but somehow it stops in 1st Error check. It prints "1st error check : ", then exit automatically.

    public static void main(String[] args) {

    List<PcapIf> alldevs = new ArrayList<PcapIf>();
StringBuilder errbuff = new StringBuilder();

int r = Pcap.findAllDevs(alldevs, errbuff);

//============1st check
if(r == Pcap.NOT_OK || alldevs.isEmpty()){
    System.err.printf("1st error check : %s\n", errbuff.toString());
    return;
}
PcapIf device = alldevs.get(1);
//===================== END

int snaplen = 64 * 1024;
int flags = Pcap.MODE_PROMISCUOUS;
int timeout = 10 * 1000;
Pcap pcap = Pcap.openLive(device.getName(),snaplen, flags, timeout, errbuff);

//============2nd check
if(pcap == null){
    System.err.printf("2nd error check : %s\n", errbuff.toString());
    return;         
}
//===================== END

String ofile = "/home/juneyoungoh/tmp_capture_file.cap";
final PcapDumper dumper = pcap.dumpOpen(ofile);

ByteBufferHandler<PcapDumper> handler = new ByteBufferHandler<PcapDumper>() {

    @Override
    public void nextPacket(PcapHeader arg0, ByteBuffer arg1, PcapDumper arg2) {
        dumper.dump(arg0, arg1);

    }
};

pcap.loop(10,handler, dumper);

File file = new File(ofile);
System.out.printf("%s file has %d bytes in it!\n", ofile, file.length());

dumper.close();
pcap.close();

if(file.exists()){
    file.delete();
}

    }

if is there any good reference or wonderful idea, please share.

Thanks.

Juneyoung Oh
  • 7,318
  • 16
  • 73
  • 121

1 Answers1

0

On Linux, a program will probably have to run as root, or with sufficient privileges granted in some other fashion, in order to be able to open any devices, and, currently, pcap_findalldevs(), which is presumably what the Pcap.findAllDevs method uses, tries to open each of the devices it finds, and only returns the devices it can open.

So you'll have to run your Java program as root, or will somehow have to arrange that it have sufficient privileges (CAP_NET_RAW and CAP_NET_ADMIN) to get a list of network adapters and open those adapters.

  • But when I print result of findAllDevs, it is 0 which means success. According to return value,it should work. – Juneyoung Oh Jul 02 '13 at 01:06
  • Note that for `pcap_findalldevs()`, "working" includes "not returning any devices". `Pcap.findAllDevs()` is probably a thin wrapper around `pcap_findalldevs()`, and probably works the same. (And if the problem is what I say it is, which it probably is, you're going to need those privileges for the `Pcap.openLive()` call, so I ***STRONGLY*** suggest you run your program with those privileges if you want to capture traffic.) –  Jul 02 '13 at 02:23
  • Yeap. you are right. I just found same thing in the official JNetPcap homepage what you wrote here. http://jnetpcap.com/node/184 It has written in 2009, but stil have this problem I guess. So what I actually do is run this program in eclipse with root privilege, right? – Juneyoung Oh Jul 02 '13 at 02:54
  • Thanks. Problem solved. 1. I "su root" in terminal 2. run eclipse 3. run now it works. Thanks again :-D bbb – Juneyoung Oh Jul 02 '13 at 03:03