Monitor All outgoing/Incoming packet from a specific port

Question

I'm trying to monitor a port to get the outgoing/incoming packets (or sockets) from my PC using Java, more like what Wireshark does.

I'm using this code:

int portNumber = 5816;

        try {
            System.out.println("New ServerSocket...");
            ServerSocket serverSocket = new ServerSocket(portNumber);
            serverSocket.setSoTimeout(5000);

            System.out.println("Accepting...");
            serverSocket.accept();

            System.out.println("Done Accepting.");
        } catch (IOException e) {
            System.out.println(e.getMessage());
        }

Now I can see the packets using Wireshark, and I can see the connection is established using Process Hacker 2, but I always get this output:

New ServerSocket... Accepting... Accept timed out

EDIT: The question, I got an application installed, that exchange packets with an external server (nor the client or the server are mine), i just want to intercept these packets and log them. and they are using 5816 port.

Have a look at http://stackoverflow.com/questions/4543858/sockettimeoutexception-accept-timed-out — Greycon, Aug 27 '14 at 16:44
What is your question? Your question seems to lack context and what you are doing, and trying to do. — Andy, Aug 27 '14 at 19:07

NiematojakTomasz · Answer 1 · 2014-08-28T00:00:06.630

0

Wireshark is using pcap library to intercept network communication. You can use pcap wrapper for java to achieve similar functionality.

Note:
You are not closing sockets. However, this code is still incorrect approach to achieve your goal.

    int portNumber = 5816;

    System.out.println("New ServerSocket...");        
    try (ServerSocket serverSocket = new ServerSocket(portNumber)) {
        serverSocket.setSoTimeout(5000);

        System.out.println("Accepting...");

        try(Socket socket = serverSocket.accept()) {
            System.out.println("Done Accepting.");
        }

    } catch (IOException e) {
        System.out.println(e.getMessage());

    }

edited Aug 28 '14 at 00:00

answered Aug 27 '14 at 18:16

NiematojakTomasz

2,433
20
23

i'm quite sure its the right port, another thing, its not my "client". As you said, im trying to intercept those packets, the thing is, i have an application(which i didn't make) that receive/send packet through that particular port. So i want to log these exchanged packets. – Ouerghi Yassine Aug 27 '14 at 18:40
Are you also running server for that application? Is client trying to connect to localhost/127.0.0.1? – NiematojakTomasz Aug 27 '14 at 18:52
no, its not my client, nor my server. and the client is connecting to an external server ... – Ouerghi Yassine Aug 27 '14 at 22:56
So I guess you are trying to intercept local client connecting to remote server. ServerSocket is definitely not for that, unless you want to implement proxy (than client would have to connect to your server at localhost and you would have to forward communication in both sides). But if you just want to process data sent between client and server, you can use jpcap. – NiematojakTomasz Aug 27 '14 at 23:20
Yes, a proxy could be veeery useful, is that doable in java? without having to change anything in the client? – Ouerghi Yassine Aug 27 '14 at 23:39
I'm not sure what you mean by "without having to change anything in the client?". If you cannot change remote server address it is connecting to it is bit complicated and not doable just in java. If client is using DNS to lookup remote server address (you an find out using wireshark) you can provide fake server address in hosts file. Otherwise it is bit complicated. You would need add destination address to your loopback network interface. Also you would need to implement proxy so it wouldn't use loopback interface. Some tricks with routing may be also necessary, but I'm not sure. – NiematojakTomasz Aug 27 '14 at 23:49
Still you can implement it using jpcap if you just want to log messages. – NiematojakTomasz Aug 27 '14 at 23:51
Well the ip of the server is static, so i guess i can use that in the hosts file, do you have a reference or any good link that could help me implement a proxy like this? – Ouerghi Yassine Aug 28 '14 at 00:02
You misunderstood me (sorry - there is a limit for comment length and I was trying not to make two comments). To do the simple trick with hosts file it would have to obtain remote server address from DNS (it is looking server ip by hostname, like a domain name you enter into browser url bar). Simple tunneling proxy implementation - http://stackoverflow.com/questions/3954454/fast-implementation-of-a-port-forward-in-java . – NiematojakTomasz Aug 28 '14 at 00:10

Monitor All outgoing/Incoming packet from a specific port

1 Answers1