java抓包后对pcap文件解析示例
这是自己写的简单的解析pcap文件,方便读取pcap文件,大家参考使用吧
inputstream is = dataparser.class.getclassloader().getresourceasstream("baidu_cdr.pcap");
pcap pcap = pcapparser.unpack(is);
is.close();
byte[] t = pcap.getdata().get(0).getcontent();
byte[] data = arrays.copyofrange(t, 42, t.length);
pcapparser.java
package com.hylanda.pcap;
import java.io.ioexception;
import java.io.inputstream;
import java.util.arraylist;
import java.util.list;
/**
* @author zhouqisheng
*
*/
public class pcapparser {
public static pcap unpack(inputstream is) throws ioexception {
pcap pcap = null;
byte[] buffer_4 = new byte[4];
byte[] buffer_2 = new byte[2];
pcap = new pcap();
pcapheader header = new pcapheader();
int m = is.read(buffer_4);
if(m != 4){
return null;
}
reversebytearray(buffer_4);
header.setmagic(bytearraytoint(buffer_4, 0));
m = is.read(buffer_2);
reversebytearray(buffer_2);
header.setmagor_version(bytearraytoshort(buffer_2, 0));
m = is.read(buffer_2);
reversebytearray(buffer_2);
header.setminor_version(bytearraytoshort(buffer_2, 0));
m = is.read(buffer_4);
reversebytearray(buffer_4);
header.settimezone(bytearraytoint(buffer_4, 0));
m = is.read(buffer_4);
reversebytearray(buffer_4);
header.setsigflags(bytearraytoint(buffer_4, 0));
m = is.read(buffer_4);
reversebytearray(buffer_4);
header.setsnaplen(bytearraytoint(buffer_4, 0));
m = is.read(buffer_4);
reversebytearray(buffer_4);
header.setlinktype(bytearraytoint(buffer_4, 0));
pcap.setheader(header);
list<pcapdata> datalist = new arraylist<pcapdata>();
while (m > 0) {
pcapdata data = new pcapdata();
m = is.read(buffer_4);
if (m < 0) {
break;
}
reversebytearray(buffer_4);
data.settime_s(bytearraytoint(buffer_4, 0));
m = is.read(buffer_4);
reversebytearray(buffer_4);
data.settime_ms(bytearraytoint(buffer_4, 0));
m = is.read(buffer_4);
reversebytearray(buffer_4);
data.setplength(bytearraytoint(buffer_4, 0));
m = is.read(buffer_4);
reversebytearray(buffer_4);
data.setlength(bytearraytoint(buffer_4, 0));
byte[] content = new byte[data.getplength()];
m = is.read(content);
data.setcontent(content);
datalist.add(data);
}
pcap.setdata(datalist);
return pcap;
}
private static int bytearraytoint(byte[] b, int offset) {
int value = 0;
for (int i = 0; i < 4; i++) {
int shift = (4 - 1 - i) * 8;
value += (b[i + offset] & 0x000000ff) << shift;
}
return value;
}
private static short bytearraytoshort(byte[] b, int offset) {
short value = 0;
for (int i = 0; i < 2; i++) {
int shift = (2 - 1 - i) * 8;
value += (b[i + offset] & 0x000000ff) << shift;
}
return value;
}
/**
* 反转数组
* @param arr
*/
private static void reversebytearray(byte[] arr){
byte temp;
int n = arr.length;
for(int i=0; i<n/2; i++){
temp = arr[i];
arr[i] = arr[n-1-i];
arr[n-1-i] = temp;
}
}
}
pcap.java
/**
*
*/
package com.hylanda.pcap;
import java.util.list;
/**
* @author zhouqisheng
*
*/
public class pcap {
private pcapheader header;
private list<pcapdata> data;
public pcapheader getheader() {
return header;
}
public void setheader(pcapheader header) {
this.header = header;
}
public list<pcapdata> getdata() {
return data;
}
public void setdata(list<pcapdata> data) {
this.data = data;
}
@override
public string tostring(){
stringbuilder s = new stringbuilder();
s.append("header{\n");
s.append(header.tostring());
s.append("}\n");
s.append("data part count=").append(data.size());
return s.tostring();
}
}
pcapdata.java
package com.hylanda.pcap;
/**
* @author zhouqisheng
* 数据包头
*/
public class pcapdata {
private int time_s;//时间戳(秒)
private int time_ms;//时间戳(微妙)
private int plength;//抓包长度
private int length;//实际长度
private byte[] content;//数据
public int gettime_s() {
return time_s;
}
public void settime_s(int time_s) {
this.time_s = time_s;
}
public int gettime_ms() {
return time_ms;
}
public void settime_ms(int time_ms) {
this.time_ms = time_ms;
}
public int getplength() {
return plength;
}
public void setplength(int plength) {
this.plength = plength;
}
public int getlength() {
return length;
}
public void setlength(int length) {
this.length = length;
}
public byte[] getcontent() {
return content;
}
public void setcontent(byte[] content) {
this.content = content;
}
@override
public string tostring(){
stringbuilder s = new stringbuilder();
s.append("time_s=").append(this.time_s);
s.append("\ntime_ms=").append(this.time_ms);
s.append("\nplength=").append(this.plength);
s.append("\nlength=").append(this.length);
return null;
}
}
pcapheader.java
package com.hylanda.pcap;
/**
* @author zhouqisheng
* pcap文件头
*/
public class pcapheader {
private int magic;//文件识别头,为0xa1b2c3d4
private short magor_version;//主要版本
private short minor_version;//次要版本
private int timezone;//当地标准时间
private int sigflags;//时间戳的精度
private int snaplen;//最大的存储长度
/**
* 0 bsd loopback devices, except for later openbsd
1 ethernet, and linux loopback devices
6 802.5 token ring
7 arcnet
8 slip
9 ppp
10 fddi
100 llc/snap-encapsulated atm
101 “raw ip”, with no link
102 bsd/os slip
103 bsd/os ppp
104 cisco hdlc
105 802.11
108 later openbsd loopback devices (with the af_value in network byte order)
113 special linux “cooked” capture
114 localtalk
*/
private int linktype;//链路类型
public int getmagic() {
return magic;
}
public void setmagic(int magic) {
this.magic = magic;
}
public short getmagor_version() {
return magor_version;
}
public void setmagor_version(short magor_version) {
this.magor_version = magor_version;
}
public short getminor_version() {
return minor_version;
}
public void setminor_version(short minor_version) {
this.minor_version = minor_version;
}
public int gettimezone() {
return timezone;
}
public void settimezone(int timezone) {
this.timezone = timezone;
}
public int getsigflags() {
return sigflags;
}
public void setsigflags(int sigflags) {
this.sigflags = sigflags;
}
public int getsnaplen() {
return snaplen;
}
public void setsnaplen(int snaplen) {
this.snaplen = snaplen;
}
public int getlinktype() {
return linktype;
}
public void setlinktype(int linktype) {
this.linktype = linktype;
}
@override
public string tostring(){
stringbuilder s = new stringbuilder();
s.append("magic=").append("0x" + integer.tohexstring(this.magic));
s.append("\nmagor_version=").append(this.magor_version);
s.append("\nminor_version=").append(this.minor_version);
s.append("\ntimezone=").append(this.timezone);
s.append("\nsigflags=").append(this.sigflags);
s.append("\nsnaplen=").append(this.snaplen);
s.append("\nlinktype=").append(this.linktype);
return s.tostring();
}
}
推荐阅读