Write my own packet monitor

Question

I am using an application called Splunk, which has 2 layers of data processing on separate systems. I can connect to both systems via putty and directly logging into the GUI.

Archiecture of the system attached

I want to monitor the output port on layer 1, and input port on layer 2 and find out the below information,

i. Raw data sent out of layer 1

ii. Raw data received into layer 2.

The two layers communicate using tcp.

I do not want to use an existing packet monitors/packet capture like tcpdump or winshark as I want to heavily customize the monitor to display various information. I want to write my own packet monitor in java

I want to know,

If layer 2 is listening to layer 1, can my program connect to the same port and print the raw text being sent? - the protocol is TCP
Is (1) possible for other protocols like udp, http and ftp?

(EDIT: Architecture attached

Info on the systems in case it is relevant,

system 1 is VMWare(Linux Ubuntu 4.4.10) running on a Windows machine.
System 2 is mac os.

Both systems have different IP addresses. I am connecting to both systems from the windows machine where vmware is running. The two systems connect to the same wifi. )

score 0 · Answer 1 · answered Jan 31 '17 at 15:50

0

There are some packet capture libraries written in Java, jpcap, jNetPcap, and Pcap4J. Both #1 and #2 are possible by these libraries, I think.

If you would pick Pcap4J I can help you. It's my library.

answered Jan 31 '17 at 15:50

kaitoy

1,545
9
16

Thankyou very much. Let me start exploring on my own, I will get in touch with you once I hit a roadblock. – Divya Dutta Feb 01 '17 at 14:47

Write my own packet monitor

1 Answers1