http://bertrandmartel.github.io/pcapng-decoder/
Java PCAPNG file parser library
- from gradle
compile 'fr.bmartel:pcapngdecoder:1.2'
- from release archive
https://github.com/bertrandmartel/pcapng-decoder/releases
./gradlew run -PappArgs="['-f', 'path_to_file/pcapfile/exemple.pcapng' , '-v' ]"
args | description |
---|---|
-f <file.pcapng> | input file |
-v | verbose, will show all section parsing content |
Example source code can be found here
- decode from n input file :
PcapDecoder decoder = new PcapDecoder("path/to/file.pcapng");
decoder.decode();
- decode from a byte array :
byte[] pcapBa = getPcapBa();
PcapDecoder decoder = new PcapDecoder(pcapBa);
decoder.decode();
Pcap section list can be accessed via getSectionList()
:
ArrayList<IPcapngType> sectionList = decoder.getSectionList()
All section type inherit from IPcapngType
, use reflection to access each type :
for (int i = 0; i < sectionList.size(); i++) {
if (sectionList.get(i) instanceof ISectionHeaderBlock) {
ISectionHeaderBlock section = (ISectionHeaderBlock) sectionList.get(i);
//do what you want with Section Header Block frame type
} else if (sectionList.get(i) instanceof IDescriptionBlock) {
IDescriptionBlock section = (IDescriptionBlock) sectionList.get(i);
//do what you want with Description Block frame type
} else if (sectionList.get(i) instanceof IEnhancedPacketBLock) {
IEnhancedPacketBLock section = (IEnhancedPacketBLock) sectionList.get(i);
//do what you want with Enhanced Packet Block frame type
} else if (sectionList.get(i) instanceof IStatisticsBlock) {
IStatisticsBlock section = (IStatisticsBlock) sectionList.get(i);
//do what you want with Statistics Block frame type
} else if (sectionList.get(i) instanceof INameResolutionBlock) {
INameResolutionBlock section = (INameResolutionBlock) sectionList.get(i);
//do what you want with Name Resolution Block frame type
}
}
Note : packet data in Enhanced Packet Block is left in packet source endianness
http://javadoc-badge.appspot.com/fr.bmartel/pcapngdecoder
##########################################################
SECTION HEADER BLOCK
Major version : 0
Minor version : 1
OS : Linux 3.8.0-19-generic
user application : Dumpcap 1.10.2 (SVN Rev 51934 from /trunk-1.10)
##########################################################
SECTION INTERFACE DESCRIPTION BLOCK
Link type : LINKTYPE_IEEE802_11_RADIO
Snap len : 65535
interface name : wlan0
timestamp resolution : 6
interface OS name : Linux 3.8.0-19-generic
##########################################################
SECTION ENHANCED PACKET BLOCK
interface id : 0
timestamp in millis : Sat Apr 18 12:13:41 CEST 2015
captured length : 185
packet length : 185
packet data : 00 | 00 | 12 | 00 | 2E | 48 | 00 | 00 | 10 | 02 | A3 | 09 | A0 | 00 | C2 | 07 | 00 | 00 | 80 | 00 | 00 | 00 | FF | FF | FF | FF | FF | FF | 00 | 24 | D4 | 6B | 0C | 5D | 00 | 24 | D4 | 6B | 0C | 5D | 00 | E5 | 60 | 01 | 25 | DE | 32 | 03 | 00 | 00 | 60 | 00 | 01 | 04 | 00 | 08 | 46 | 72 | 65 | 65 | 57 | 69 | 66 | 69 | 01 | 08 | 82 | 84 | 8B | 96 | 2C | 0C | 12 | 18 | 03 | 01 | 0C | 05 | 04 | 00 | 02 | 00 | 00 | 2A | 01 | 04 | 32 | 05 | 24 | 30 | 48 | 60 | 6C | 2D | 1A | 6C | 00 | 03 | FF | FF | FF | 00 | 01 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 01 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 3D | 16 | 0C | 00 | 13 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 7F | 08 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 40 | DD | 18 | 00 | 50 | F2 | 02 | 01 | 01 | 00 | 00 | 03 | A4 | 00 | 00 | 27 | A4 | 00 | 00 | 42 | 43 | 5E | 00 | 62 | 32 | 2F | 00 | A3 | 26 | 13 | 07
##########################################################
SECTION INTERFACE STATISTICS BLOCK
interface id : 0
timestamp in millis : Sat Apr 18 12:16:43 CEST 2015
capture start time : Sat Apr 18 12:13:41 CEST 2015
capture end time : Sat Apr 18 12:16:43 CEST 2015
packet received count : 9493
packet drop count : 0
##########################################################
JRE 1.7 compliant
Gradle using IntelliJ IDEA or Eclipse
https://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
The MIT License (MIT) Copyright (c) 2015-2016 Bertrand Martel