how to get protocol details from packets stored in a pcap file

Question

I want to make a switch loop (in java) whose cases are the protocol of the ip header of the packets stored in a pcap file.

I am using jnetpcap library to access the packets.

I know how to get ip address, port numbers etc. from the packet but I want to know whether there is a function which tells me directly the protocol of the packet i.e. tcp, udp, icmp etc. One can also suggest if he/she knows any other library which has this kind of function.

Thanks in advance.

score 0 · Answer 1 · answered Nov 12 '14 at 12:44

0

There exists jpcap library from which built-in functions are available to extract protocol of packet and other details.

answered Nov 12 '14 at 12:44

user3823859

469
1
7
20

There are a lot of problems in using jpcap library. First of all, jpcap is not available for 64 bit ubuntu. And at some places, it is given for 64 bit, but the restriction is to use sun-java6-jdk – Aayush Rathore Nov 12 '14 at 18:12

score 0 · Accepted Answer · answered Nov 24 '14 at 13:12

I found the answer myself:

using JNETPCAP library,
For TCP/IP stack: We can get the protocols on the basis of port number of tcp header

Port numbers corresponding to different protocols are given on the following link: http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Getting protocol in jnetpap:
PcapPacket packet =//get from somewhere

Tcp tcp = new Tcp();
Ip4 ip = new IP4();

if(packet.hasHeader(ip)&&packet.hasHeader(tcp)){
     if(tcp.source()==80){
         System.out.println("HTTP protocol");
     else if(tcp.source==23)
         System.out.println("Telnet protocol");

}

how to get protocol details from packets stored in a pcap file

2 Answers2