0

I am trying to capture packages. In my "exploration" example I use the IP of a website that I visit in the browser. I am using PCAP4J to capture package information.

Based on step 3 on https://www.pcap4j.org/ I have the impression that I can simply have an internet address and start listening to it:

InetAddress addr = InetAddress.getByName("192.168.10.100");
PcapNetworkInterface nif = Pcaps.getDevByAddress(addr);

However, when I change this ip to my personal example (185.57.10.32) the nif returns null.

I have printed out a list of PcapNetworkInterfaces as follows:

System.out.println("#### LIST OF DEVS ####");

List<PcapNetworkInterface> devices = Pcaps.findAllDevs();

for (PcapNetworkInterface device : devices) {
    System.out.println(device.getName());
}
System.out.println("###############");

Which returns the following:

wlp2s0 any lo docker0 enp3s0f1 br-df16c72d2764 bluetooth0 nflog nfqueue usbmon1 usbmon2

So in that sense I understand that nif returns null as it is not in the list. However, it makes me not understand why the example given by the author is not workign as I expect.

So I think the first question would be: Can one listen to a specific ip via Pcap4J? In this case an ip of a website. Or are websites not possible and should I make another test case?

Thank you!

Crittje
  • 101
  • 1
  • 3
  • 11

1 Answers1

1

An IP addreess you should pass to Pcaps.getDevByAddress() is one a NIF has. You can capture packets from any IP addresses with the NIF.

kaitoy
  • 1,545
  • 9
  • 16
  • When I use an address of any device from the devices list, the nif is not null. Therefore, I have the impression I can't simply listen to any IP. For example, if I use 8.8.8.8 as IP, the nif is null, is that as expected? – Crittje Mar 18 '18 at 17:04
  • 1
    Yes it's expected, because you don't have a NIF that has 8.8.8.8. The IP address passed to `Pcaps.getDevByAddress()` won't be used in any way when capturing packets. – kaitoy Mar 18 '18 at 23:17
  • Okay, clear, got the point. Indeed if I use the ip of the interface that tcpdump uses as well I do get packages. Thanks for clarifying! I'll accept the answer! – Crittje Mar 19 '18 at 07:21