0

So i have a pcap file, when i open this file in wireshark i see a number of tagged parameters, one of them is the ssid which i would like to simply print out on screen.

i have done the following:

public class PacketHandler implements PcapPacketHandler<Object> {
    @Override
public void nextPacket(PcapPacket packet, Object unused) {
    StringBuilder str = new StringBuilder();

    packet.getUTF8String(0, str, packet.getTotalSize());
    String rawStringData = str.toString();
    System.out.println(rawStringData);

    String packetAsHex = packet.toHexdump(0, false, true, true);

    System.out.println(packetAsHex);
}

}

I see the ssid as a string but it looks like something is not being decoded correctly, ideally I would like to be able to retrieve all of those tagged parameters i see in wireshark.

Alas I do not know how to achieve this, is anyone able to put me on the right track?

user1383163
  • 577
  • 1
  • 7
  • 24

1 Answers1

0

What is not being decoded correctly? What do you expect and what do you see? Parameters are not "tagged" in any way. They just have certain bytes dedicated for them. You just have to know where to look.

Let me show you an example of my old jnetpcap code. Now, since you are familiar with jnetpcap and I can't really understand what the problem is, I'm just showing you a snippet of the code, guessing that you'll get the hang of it.

Code below is my parsing of Beacon Frames. data is data extracted from file.

        int packet_size = packet.size();
        JBuffer packet_buf = packet;  

        byte[] data = packet_buf.getByteArray(0, packet_size);
        int[] data_int = new int[max_byte_read];

        for (int k = 0; k<max_byte_read; k++) {
           data_int[k] = data[k]&0xFF;
        }

        byte[] frame_control = new byte[2];
        byte[] duration = new byte[2];
        byte[] dest_ip = new byte[6];
        byte[] src_ip = new byte[6];
        byte[] bss_id = new byte[6];
        byte[] seq_ctrl = new byte[2];
        byte[] time_stamp = new byte[8];
        byte[] beacon_interval = new byte[2];
        byte[] capability_info = new byte[2];
        byte[] tag_nr = new byte[1];
        byte[] tag_len = new byte[1];

         if (data_int[0]==0x80) {
            // It's a beacon
            System.out.printf("It's a beacon!\n");
            frame_control = Arrays.copyOfRange(data, 0, 2);
            duration = Arrays.copyOfRange(data, 2, 4);
            dest_ip = Arrays.copyOfRange(data, 4, 10);
            src_ip = Arrays.copyOfRange(data, 10, 16);
            bss_id = Arrays.copyOfRange(data, 16, 22);
            seq_ctrl = Arrays.copyOfRange(data, 22, 24);
            time_stamp = Arrays.copyOfRange(data, 24, 32);
            beacon_interval = Arrays.copyOfRange(data, 32, 34);
            capability_info = Arrays.copyOfRange(data, 34, 36);
            tag_nr = Arrays.copyOfRange(data, 36, 37);
            tag_len = Arrays.copyOfRange(data, 37, 38);

            int ss_id_len = tag_len[0];

            byte[] ss_id = new byte[ss_id_len];

            ss_id = Arrays.copyOfRange(data, 38, 38+ss_id_len);

            System.out.printf("SSID: ");
            for (byte b : ss_id) {
                int c = b&0xFF;
                System.out.printf("%s", (char) c);    
            }
            System.out.println("");
        }
        else {
            System.out.println("Not a beacon unfortunately");
        }

If this does not help you in anyway, I could try and post a complete example. But since that might be overdoing it, I'll stick to this for now.

niCk cAMel
  • 869
  • 1
  • 10
  • 26