6

I have my below code which can captures packets from the interface using pcap4j but I am not sure how can I print the request and the response data present in the packet. For example, if I make a REST call from a postman then I want to trace the request and response. This is the same as Wireshark. I am stuck in the last part where I am able to capture the packet but not sure how do I read the packet contents which I can print on console.

try {
        
        InetAddress addr = InetAddress.getByName("10.227.178.25");
        PcapNetworkInterface device = Pcaps.getDevByAddress(addr);
        
        System.out.println("You chose: " + device);
        
        int snapshotLength = 64 * 1024; // in bytes   
        int readTimeout = 50; // in milliseconds                   
        final PcapHandle handle;
        handle = device.openLive(snapshotLength, PromiscuousMode.PROMISCUOUS, readTimeout);
        String filter = "tcp port 80";
        handle.setFilter(filter, BpfCompileMode.OPTIMIZE);
        // Create a listener that defines what to do with the received packets
        PacketListener listener = new PacketListener() {
            @Override
            public void gotPacket(Packet packet) {
                // Override the default gotPacket() function and process packet
                System.out.println(handle.getTimestamp());
                System.out.println(packet);
                byte[] b = packet.getRawData();
                Packet p = packet.getPayload();
               
                
            }
        };

        // Tell the handle to loop using the listener we created
        try {
            int maxPackets = 50;
            handle.loop(maxPackets, listener);
        } catch (InterruptedException e) {
            e.printStackTrace();
        }

        // Cleanup when complete
        handle.close();
        
    }catch(Exception e) {
        e.printStackTrace();
    }

So I have two questions :

  1. How can I capture the HTTP request and response and print it on the console.
  2. How can I let the java code run continuously such that it keeps on capturing the packets.

I did check the pcap4j documents but not sure how I can read the packet contents where I can read the HTTP request and HTTP response.

Orion
  • 248
  • 3
  • 10
arpit joshi
  • 1,987
  • 8
  • 36
  • 62
  • Are you open to using tshark, the command-line version of wireshark? This is one flag and a display filter in tshark where running continuously is default behavior. – Ross Jacobs Nov 19 '20 at 18:05
  • @erdem-aydemir This question is for you. – Ross Jacobs Nov 20 '20 at 22:21
  • @RossJacobs nope, to be honest, I don't know about networks and packages. My goal is to make sense of http packages and capture http body, header in java application. I use aop. but I could not get http response body. i dont know what is wireshark or etc. – Erdem Aydemir Nov 20 '20 at 22:42
  • if you would like to use different library you can try with jNetPcap : https://javatutorial.net/capture-network-packages-java, https://nealvs.wordpress.com/2013/12/16/using-jnetpcap-to-read-http-packets/ – Chandan Nov 25 '20 at 17:37

1 Answers1

0

For the first question:

If you set [maxPackets] to -1, it will run continuously. You can see many such implementations from the official Sample.

As for the second question:

Currently, the official library does not support Http Packet. You need to implement it manually by yourself. You can check https://github.com/kaitoy/pcap4j/issues/85.

Lancer.Yan
  • 857
  • 13
  • 10