get website name from packet using Jnetpcap

Question

I've asked this to Jnetpcap forum. And didn't get any response. I've been trying to get the website name from the request/ response packet. This is what I've tried:

PcapPacketHandler<String> jpacketHandler = new PcapPacketHandler<String>() {  
    final Tcp tcp = new Tcp();  
    final Http http = new Http();  
    final Ip4 ip = new Ip4();

    public void nextPacket(PcapPacket packet, String user) {
        if (packet.hasHeader(http)) {    
            packet.getHeader(http);  
            final String content_length =     http.fieldValue(Response.Content_Length);  
            final String response_code = http.fieldValue(Response.ResponseCode);  
            //Find if the given packet is a Request/Response Pkt : First get the TCP header   
            packet.getHeader(tcp);  
            Integer int_tcp_source = new Integer(tcp.source());  
            Integer int_tcp_destination = new Integer(tcp.destination());  
            if(int_tcp_source!=80 && content_length==null){  
                //It is a Request pkt :   
                packet.getHeader(http);  
                final String ref = http.fieldValue(Request.Referer);  
                final String req_url = http.fieldValue(Request.RequestUrl);  
                String page_url = http.fieldValue(Request.Host);   
                System.out.printf("\n Referer  " +ref +req_url );//Get the URL  
                System.out.printf("\nHost " +page_url);
            }
        }
    }
};

But it doesn't even go inside the :

if (packet.hasHeader(http)) {

I'm using windows laptop and wireless connection.

if I try:

if (packet.hasHeader(ip)) {//Ip4

I can get into the if block and can retrieve the source and destination IP address.

I basically need to do the same thing as http://jnetpcap.com/?q=node/937.

I'm really stuck and really need someone's help.

Or simply can someone please help me to figure out how to get the website name from the packet? some code snippet would be great.

Can anyone please help.

Thanks in advance.

facing a similar issue. Were you able to solve the problem ? — thedarkpassenger, Feb 20 '16 at 07:44

score 0 · Answer 1 · answered Apr 28 '16 at 19:33

The following code works:

PcapPacketHandler<String> handler = new PcapPacketHandler<String>() {
    // Protocol handlers
    private final Tcp tcp = new Tcp();
    private final Http http = new Http();

    @Override
    public void nextPacket(PcapPacket packet, String userString) {
        if (!packet.hasHeader(tcp)) {
            return; // not a TCP package, skip
        }
        if (!packet.hasHeader(http)) {
            return; // not a HTTP package, skip
        }
        if (http.isResponse()) {
            return; // not a HTTP request, skip
        }

        System.out.println("Referer: " + http.fieldValue(Request.Referer));
        System.out.println("Request URL: " + http.fieldValue(Request.RequestUrl));
        System.out.println("Host: " + http.fieldValue(Request.Host));
    }
}

If I run this for http://www.stackoverflow.com, I get the following output:

Referer: https://www.google.com/
Request URL: /
Host: stackoverflow.com
Referer: http://stackoverflow.com/
Request URL: /Js/stub.en.js?v=eb1d547a9670
Host: cdn.sstatic.net
Referer: http://stackoverflow.com/
Request URL: /Sites/stackoverflow/all.css?v=4e41902aa7a6
Host: cdn.sstatic.net
...

Are you sure you are not trying to access a HTTPS resource? In that case, the call to packet.hasHeader(http) will fail.

get website name from packet using Jnetpcap

1 Answers1