How do you find a specific JSON object in a JSON array in java

Question

For my end of year project, I am looking to try and extract the "ip.src" and "ip.dst" , which are the IP source and IP densitation from following JSON file:

 {"records":[
  {
    "_index": "packets-2016-04-24",
    "_type": "doc",
    "_score": null,
    "_source": {
      "layers": {
        "frame": {
          "frame.encap_type": "1",
          "frame.time": "Apr 24, 2016 01:24:09.923090000 GMT Daylight Time",
          "frame.offset_shift": "0.000000000",
          "frame.time_epoch": "1461457449.923090000",
          "frame.time_delta": "0.000000000",
          "frame.time_delta_displayed": "0.000000000",
          "frame.time_relative": "0.000000000",
          "frame.number": "1",
          "frame.len": "123",
          "frame.cap_len": "123",
          "frame.marked": "0",
          "frame.ignored": "0",
          "frame.protocols": "eth:ethertype:ip:udp:dns",
          "frame.coloring_rule.name": "UDP",
          "frame.coloring_rule.string": "udp"
        },
        "eth": {
          "eth.dst": "00:04:96:41:28:00",
          "eth.dst_tree": {
            "eth.dst_resolved": "ExtremeN_41:28:00",
            "eth.dst.oui": "1174",
            "eth.dst.oui_resolved": "Extreme Networks, Inc.",
            "eth.addr": "00:04:96:41:28:00",
            "eth.addr_resolved": "ExtremeN_41:28:00",
            "eth.addr.oui": "1174",
            "eth.addr.oui_resolved": "Extreme Networks, Inc.",
            "eth.dst.lg": "0",
            "eth.lg": "0",
            "eth.dst.ig": "0",
            "eth.ig": "0"
          },
          "eth.src": "00:e0:20:11:08:e6",
          "eth.src_tree": {
            "eth.src_resolved": "Tecnomen_11:08:e6",
            "eth.src.oui": "57376",
            "eth.src.oui_resolved": "Tecnomen Oy",
            "eth.addr": "00:e0:20:11:08:e6",
            "eth.addr_resolved": "Tecnomen_11:08:e6",
            "eth.addr.oui": "57376",
            "eth.addr.oui_resolved": "Tecnomen Oy",
            "eth.src.lg": "0",
            "eth.lg": "0",
            "eth.src.ig": "0",
            "eth.ig": "0"
          },
          "eth.type": "0x00000800"
        },
        "ip": {
          "ip.version": "4",
          "ip.hdr_len": "20",
          "ip.dsfield": "0x00000000",
          "ip.dsfield_tree": {
            "ip.dsfield.dscp": "0",
            "ip.dsfield.ecn": "0"
          },
          "ip.len": "109",
          "ip.id": "0x00000000",
          "ip.flags": "0x00000040",
          "ip.flags_tree": {
            "ip.flags.rb": "0",
            "ip.flags.df": "1",
            "ip.flags.mf": "0"
          },
          "ip.frag_offset": "0",
          "ip.ttl": "64",
          "ip.proto": "17",
          "ip.checksum": "0x0000a516",
          "ip.checksum.status": "2",
          "ip.src": "172.31.1.6",
          "ip.addr": "172.31.1.6",
          "ip.src_host": "172.31.1.6",
          "ip.host": "172.31.1.6",
          "ip.dst": "172.31.60.37",
          "ip.addr": "172.31.60.37",
          "ip.dst_host": "172.31.60.37",
          "ip.host": "172.31.60.37"
        },
        "udp": {
          "udp.srcport": "53",
          "udp.dstport": "32768",
          "udp.port": "53",
          "udp.port": "32768",
          "udp.length": "89",
          "udp.checksum": "0x0000fcc9",
          "udp.checksum.status": "2",
          "udp.stream": "0",
          "Timestamps": {
            "udp.time_relative": "0.000000000",
            "udp.time_delta": "0.000000000"
          },
          "udp.payload": "5b:84:81:80:00:01:00:02:00:00:00:00:06:6d:74:61:6c:6b:34:06:67:6f:6f:67:6c:65:03:63:6f:6d:00:00:01:00:01:c0:0c:00:05:00:01:00:00:ec:6f:00:12:0d:6d:6f:62:69:6c:65:2d:67:74:61:6c:6b:34:01:6c:c0:13:c0:2f:00:01:00:01:00:00:00:3a:00:04:4a:7d:85:bc"
        },
        "dns": {
          "dns.id": "0x00005b84",
          "dns.flags": "0x00008180",
          "dns.flags_tree": {
            "dns.flags.response": "1",
            "dns.flags.opcode": "0",
            "dns.flags.authoritative": "0",
            "dns.flags.truncated": "0",
            "dns.flags.recdesired": "1",
            "dns.flags.recavail": "1",
            "dns.flags.z": "0",
            "dns.flags.authenticated": "0",
            "dns.flags.checkdisable": "0",
            "dns.flags.rcode": "0"
          },
          "dns.count.queries": "1",
          "dns.count.answers": "2",
          "dns.count.auth_rr": "0",
          "dns.count.add_rr": "0",
          "Queries": {
            "mtalk4.google.com: type A, class IN": {
              "dns.qry.name": "mtalk4.google.com",
              "dns.qry.name.len": "17",
              "dns.count.labels": "3",
              "dns.qry.type": "1",
              "dns.qry.class": "0x00000001"
            }
          },
          "Answers": {
            "mtalk4.google.com: type CNAME, class IN, cname mobile-gtalk4.l.google.com": {
              "dns.resp.name": "mtalk4.google.com",
              "dns.resp.type": "5",
              "dns.resp.class": "0x00000001",
              "dns.resp.ttl": "60527",
              "dns.resp.len": "18",
              "dns.cname": "mobile-gtalk4.l.google.com"
            },
            "mobile-gtalk4.l.google.com: type A, class IN, addr 74.125.133.188": {
              "dns.resp.name": "mobile-gtalk4.l.google.com",
              "dns.resp.type": "1",
              "dns.resp.class": "0x00000001",
              "dns.resp.ttl": "58",
              "dns.resp.len": "4",
              "dns.a": "74.125.133.188"
            }
          },
          "dns.unsolicited": "1"
        }
      }
    }
  },
  {
    "_index": "packets-2016-04-24",
    "_type": "doc",
    "_score": null,
    "_source": {
      "layers": {
        "frame": {
          "frame.encap_type": "1",
          "frame.time": "Apr 24, 2016 01:24:09.945502000 GMT Daylight Time",
          "frame.offset_shift": "0.000000000",
          "frame.time_epoch": "1461457449.945502000",
          "frame.time_delta": "0.022412000",
          "frame.time_delta_displayed": "0.022412000",
          "frame.time_relative": "0.022412000",
          "frame.number": "2",
          "frame.len": "79",
          "frame.cap_len": "79",
          "frame.marked": "0",
          "frame.ignored": "0",
          "frame.protocols": "eth:ethertype:ip:udp:dns",
          "frame.coloring_rule.name": "UDP",
          "frame.coloring_rule.string": "udp"
        },
        "eth": {
          "eth.dst": "00:e0:20:11:08:e6",
          "eth.dst_tree": {
            "eth.dst_resolved": "Tecnomen_11:08:e6",
            "eth.dst.oui": "57376",
            "eth.dst.oui_resolved": "Tecnomen Oy",
            "eth.addr": "00:e0:20:11:08:e6",
            "eth.addr_resolved": "Tecnomen_11:08:e6",
            "eth.addr.oui": "57376",
            "eth.addr.oui_resolved": "Tecnomen Oy",
            "eth.dst.lg": "0",
            "eth.lg": "0",
            "eth.dst.ig": "0",
            "eth.ig": "0"
          },
          "eth.src": "74:8e:f8:fb:80:7e",
          "eth.src_tree": {
            "eth.src_resolved": "BrocadeC_fb:80:7e",
            "eth.src.oui": "7638776",
            "eth.src.oui_resolved": "Brocade Communications Systems LLC",
            "eth.addr": "74:8e:f8:fb:80:7e",
            "eth.addr_resolved": "BrocadeC_fb:80:7e",
            "eth.addr.oui": "7638776",
            "eth.addr.oui_resolved": "Brocade Communications Systems LLC",
            "eth.src.lg": "0",
            "eth.lg": "0",
            "eth.src.ig": "0",
            "eth.ig": "0"
          },
          "eth.type": "0x00000800"
        },
        "ip": {
          "ip.version": "4",
          "ip.hdr_len": "20",
          "ip.dsfield": "0x00000000",
          "ip.dsfield_tree": {
            "ip.dsfield.dscp": "0",
            "ip.dsfield.ecn": "0"
          },
          "ip.len": "65",
          "ip.id": "0x00008f7a",
          "ip.flags": "0x00000040",
          "ip.flags_tree": {
            "ip.flags.rb": "0",
            "ip.flags.df": "1",
            "ip.flags.mf": "0"
          },
          "ip.frag_offset": "0",
          "ip.ttl": "63",
          "ip.proto": "17",
          "ip.checksum": "0x0000e977",
          "ip.checksum.status": "2",
          "ip.src": "172.31.105.117",
          "ip.addr": "172.31.105.117",
          "ip.src_host": "172.31.105.117",
          "ip.host": "172.31.105.117",
          "ip.dst": "172.31.1.6",
          "ip.addr": "172.31.1.6",
          "ip.dst_host": "172.31.1.6",
          "ip.host": "172.31.1.6"
        },
        "udp": {
          "udp.srcport": "39619",
          "udp.dstport": "53",
          "udp.port": "39619",
          "udp.port": "53",
          "udp.length": "45",
          "udp.checksum": "0x000074c6",
          "udp.checksum.status": "2",
          "udp.stream": "1",
          "Timestamps": {
            "udp.time_relative": "0.000000000",
            "udp.time_delta": "0.000000000"
          },
          "udp.payload": "20:07:01:00:00:01:00:00:00:00:00:00:03:61:70:69:0b:61:63:63:75:77:65:61:74:68:65:72:03:63:6f:6d:00:00:01:00:01"
        },
        "dns": {
          "dns.id": "0x00002007",
          "dns.flags": "0x00000100",
          "dns.flags_tree": {
            "dns.flags.response": "0",
            "dns.flags.opcode": "0",
            "dns.flags.truncated": "0",
            "dns.flags.recdesired": "1",
            "dns.flags.z": "0",
            "dns.flags.checkdisable": "0"
          },
          "dns.count.queries": "1",
          "dns.count.answers": "0",
          "dns.count.auth_rr": "0",
          "dns.count.add_rr": "0",
          "Queries": {
            "api.accuweather.com: type A, class IN": {
              "dns.qry.name": "api.accuweather.com",
              "dns.qry.name.len": "19",
              "dns.count.labels": "3",
              "dns.qry.type": "1",
              "dns.qry.class": "0x00000001"
            }
          }
        }
      }
    }
  },
]

I have tried the code below but this only gives me the whole JSON file rather than the specific values I desire. Any help would be very much appreciated.

    package jsonproject;

import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
 
import java.io.FileReader;
import java.util.Iterator;

public class Read20packets {

    public static void main(String[] args)  {
        JSONParser parser = new JSONParser();
        try {
            Object obj = parser.parse(new FileReader("C:\\\\Users\\\\20 DNS packets.json"));
    JSONObject jsonObject = (JSONObject) obj;
    JSONArray dnsList = (JSONArray) jsonObject.get("records");
    Iterator<JSONObject> iterator = dnsList.iterator();
                while (iterator.hasNext()) {
                    System.out.println(iterator.next());
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

Where do you tell your program to look for your desired values? — Sorin, Mar 14 '21 at 11:55
That is what I am unsure about. I am unsure how to tell my program to find my desired values, i.e. "ip.src" and "ip.dst". Below the JSON is the code where I have attempted to extract the data. — MJT, Mar 14 '21 at 14:15
It seems that you are not familiar with handling JSON objects, maybe you can see this post [How to parse JSON in Java](https://stackoverflow.com/questions/2591098/how-to-parse-json-in-java) first. Good luck! — LHCHIN, Mar 15 '21 at 00:40

MJT · Answer 1 · 2021-03-24T20:25:44.663

thank you everyone i figured my answer to be the following for the ip destination:

Iterator<JSONObject> iterator = array.iterator();
        while (iterator.hasNext()) {
            JSONObject alpha = iterator.next();
            source = (JSONObject) alpha.get("_source");
            layers = (JSONObject) source.get("layers");
            ip = (JSONObject) layers.get("ip");
            ipdst = (String) ip.get("ip.dst"); 
            ipsrc = (String) ip.get("ip.src");
             System.out.println(ipdst);
}
        
    } catch (Exception e) {
        e.printStackTrace();
    }
}

How do you find a specific JSON object in a JSON array in java

1 Answers1