Results 1 to 8 of 8
  1. #1
    PeggEffect is offline Member
    Join Date
    Jul 2010
    Posts
    4
    Rep Power
    0

    Default Getting My Packet Sniffer to show packets in Little Endian format

    Hey guys,

    Im new to these forums and nearly just as new to java actually,
    My 1st program I thought i'd make is a packet receive and send program.
    Eventually I would like to to sniff for a particular packet and once received trigger 3 specific packets to be sent to the server.

    As of yet I have programmed it far enough to receive and display packets coming from the target server but the packets are received in a format I cant really understand:

    IE:
    1279189192:387369 /*.*.*.*->/*.*.*.* protocol(6) priority(2) hop(112) offset(0) ident(17906) TCP 8585 > 4281 seq(425930532) win(63243) ack 2652559127 P

    But I want them to be handled and displayed in Little Endian form as this is what the server is using, so my question is how do I accomplish this task?

    Any hints, tips or tutorials will me greatly appreciated!

    Dan

  2. #2
    Norm's Avatar
    Norm is offline Moderator
    Join Date
    Jun 2008
    Location
    SW Missouri
    Posts
    17,308
    Rep Power
    25

    Default

    displayed in Little Endian form
    Can you show how they are now being displayed
    and on another line how you want them to be displayed?

  3. #3
    PeggEffect is offline Member
    Join Date
    Jul 2010
    Posts
    4
    Rep Power
    0

    Default

    This is the entire code so far for just the sniffer part of the program:

    public class PacketReader {

    private static jpcap.NetworkInterface[] device;
    public static void main(String[] args) throws IOException {

    jpcap.NetworkInterface[] devices = JpcapCaptor.getDeviceList();

    System.out.println("~~~~~~~~~~~~~~~~Daniels Packet Sniffer~~~~~~~~~~~~~~~~");
    System.out.println("Opening Device...");
    System.out.println(""+devices[0].description);
    System.out.print("Running on "+devices[0].datalink_description);
    for (NetworkInterfaceAddress a : devices[0].addresses)
    System.out.println(" with IP address:"+a.address);
    System.out.println("");

    JpcapCaptor captor=JpcapCaptor.openDevice(JpcapCaptor.getDevic eList()[0], 2000, true, 100000);
    captor.setFilter("ip and tcp", true);
    captor.setFilter("src *.*.*.*", true);

    class PacketPrinter implements PacketReceiver {
    public void receivePacket(Packet packet) {
    System.out.println(packet);
    }
    }
    captor.processPacket(100,new PacketPrinter());
    captor.close();
    }
    }


    Which spams packets in the form of:
    1279228796:604256 /*.*.*.*->/*.*.*.* protocol(6) priority(2) hop(113) offset(0) ident(23089) TCP 8585 > 4835 seq(1389442464) win(63589) ack 252258104 P

    But 3 packets I wish to sent are in this form:
    81 00 00 04 0A 00 53 3E 20 53 70 6F 74 20 33 6D 00 01 00 20 6E 4E 00
    81 00 16 02 03 00 01 00 01 00 BF C6 2D 00
    81 00 0B 01

    I have found this:
    ByteOrder (Java 2 Platform SE 5.0)
    But I don't really understand how to implement that into my code properly.
    Eventually I want the sniffer to sniff for a certain packet then send those 3 packets back.

  4. #4
    Norm's Avatar
    Norm is offline Moderator
    Join Date
    Jun 2008
    Location
    SW Missouri
    Posts
    17,308
    Rep Power
    25

    Default

    But 3 packets I wish to sent are in this form:
    81 00 00 04 0A 00 53 3E 20 53 70 6F 74 20 33 6D 00 01 00 20 6E 4E 00
    81 00 16 02 03 00 01 00 01 00 BF C6 2D 00
    81 00 0B 01
    What does this form represent? The hex values of a bunch of bytes?
    How do you want to transform those bytes to Little Endian form?
    Can you show what should be output, given the above bytes?

    I know nothing about sniffer or packets. I can manipulate bytes to many formats.

  5. #5
    PeggEffect is offline Member
    Join Date
    Jul 2010
    Posts
    4
    Rep Power
    0

    Default

    Those packets with the Header 81 00 are the servers native workings dealing with packets and its how every other packet sniffer shows them incoming.
    To my knowledge these packets are already in Little Endian and do work when sent to the server using a packet sender:
    Java Code:
    81 00 00 04 0A 00 53 3E 20 53 70 6F 74 20 33 6D 00 01 00 20 6E 4E 00
    81 00 16 02 03 00 01 00 01 00 BF C6 2D 00
    81 00 0B 01
    The above code opens a shop, inserts and item and then opens the storefront.

    All I want is the sniffer to display the incoming packets in Little Endian format like the packets I want to send instead of showing the packets in what ever format jpcap uses as it is no help to me at all.

  6. #6
    Norm's Avatar
    Norm is offline Moderator
    Join Date
    Jun 2008
    Location
    SW Missouri
    Posts
    17,308
    Rep Power
    25

    Default

    I want is the sniffer to display the incoming packets in Little Endian format
    Can you show me the packets before the change and what you want them to look like after the change.
    I would like two lines of bytes: one of them showing the bytes before conversion and one of them after.

  7. #7
    PeggEffect is offline Member
    Join Date
    Jul 2010
    Posts
    4
    Rep Power
    0

    Default

    I am having a real hard time trying to find a packet that i know what it is in the output of my packet sniffer...
    Because the output of my sniffer is so hard to understand and I can't match the output packet in my sniffer with a packet that I do know =\.

    It has also become apparent that my packet sniffer doesn't actually sniff all the packets that other sniffers do catch, IE movement packets and im not sure what I have coded wrong for it to do that.

    This is a movement packet captured in another program that my sniffer cant see.
    Java Code:
    @00C6 F6 22 48 00 A0 02 5E 00 02 00 96 02 5E 00 FB FF 00 00 03 00 05 96 00 00 00 00 00 00 96 02 5E 00 00 00 00 00 03 00 05 68 01 00 00 00 00
    I would of thought that since the server using Little Endian then my sniffer should sniff it in the same format...
    Or (just had a lightbulb go off) Maybe the server isnt in LE but its just the programs I have that convert it to show LE packets?

    Im sorry I am unable to give you a packet of what it would be before and after as I cannot match what packet goes with what packet in my sniffer?

    Thank you for being so patient with me, I do hope there is a way that I can finish my little project =D


    Edit:
    EDIT:
    I have done a Diploma in ICT a couple of years back and I did take a couple of Java papers in that course, we never touched on anything this hard thought, but I would of thought there would be some block of code that just tells java to output in a specific way or converts it, I have just come across this in another packetsniffer:
    Java Code:
    /* return packet data in true text */
    	     String getPacketText(Packet pack){
    	           int i=0,j=0;
    	           byte[] bytes=new byte[pack.header.length + pack.data.length];
    	               
    	              System.arraycopy(pack.header, 0, bytes, 0, pack.header.length);
    	              System.arraycopy(pack.data, 0, bytes, pack.header.length, pack.data.length);
    	              StringBuffer buffer = new StringBuffer();
    	               
    	              for(i=0; i<bytes.length;) {
    	                  for(j=0;j<8 && i<bytes.length;j++,i++) {
    	                      String d = Integer.toHexString((int)(bytes [i] &0xff));
    	                      buffer.append((d.length() == 1 ? "0" + d:d ) + " ");
    	                   
    	                  if(bytes[i]<32 || bytes[i]>126)
    	                      bytes[i] = 46;
    	                     }
    	           }
    	               return new String(bytes,i - j, j);
    	           }
    } /* end class */
    Is there something like that that will universally convert to LE format? I think I am completely well over my head in this, but I am pretty proud of what I have done so far, and would really hope to see this out =D
    Last edited by PeggEffect; 07-16-2010 at 03:33 AM.

  8. #8
    Norm's Avatar
    Norm is offline Moderator
    Join Date
    Jun 2008
    Location
    SW Missouri
    Posts
    17,308
    Rep Power
    25

    Default

    I am unable to give you a packet
    Without that there is no way to help you write code.

Similar Threads

  1. Anyone know .wav data points endian format?
    By Krooger in forum New To Java
    Replies: 1
    Last Post: 12-24-2010, 09:40 AM
  2. How do I convert Little endian to Big endian?
    By Krooger in forum New To Java
    Replies: 2
    Last Post: 12-10-2009, 06:47 PM
  3. Replies: 2
    Last Post: 12-22-2008, 03:05 AM
  4. Replies: 3
    Last Post: 01-15-2008, 07:28 PM
  5. show a RTF FORMAT
    By Jack in forum Advanced Java
    Replies: 2
    Last Post: 07-04-2007, 03:37 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •