java程序引用jNetPcap抓包的方法

jNetPcap是libpcap的一个Java完整封装，通过jni对libpcap的封装，用于网络数据包捕和分析，数据包解码功能支持多种协议。jNetPcap支持windows、LINUX、android等系统。

jNetPcap官网：http://www.jnetpcap.com/

eclipse中使用jNetPcap库的方法：

1.首先安装winpcap/lipcap，windows系统安装winpcap，unix为基础的系统安装lipcap。

2.Add External JARs添加jnetpcap.jar

3.jnetpcap.dll放到system32或者jre/bin目录下，或者添加jvm参数：-Djava.library.path=E:\jnetpcap，E:\jnetpcap 是jnetpcap.dll的放置目录。

Run Configurations–Java Application–javaclass–arguments–vm parameters

4.运行如下官方示例查看结果。

package org.jnetpcap.examples;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;

import org.jnetpcap.Pcap;
import org.jnetpcap.PcapIf;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.packet.PcapPacketHandler;

public class ClassicPcapExample {

public static void main(String[] args) {
List<PcapIf> alldevs = new ArrayList<PcapIf>(); // Will be filled with NICs
StringBuilder errbuf = new StringBuilder(); // For any error msgs

/***************************************************************************
* First get a list of devices on this system
**************************************************************************/
int r = Pcap.findAllDevs(alldevs, errbuf);
if (r == Pcap.NOT_OK || alldevs.isEmpty()) {
System.err.printf(“Can’t read list of devices, error is %s”, errbuf
.toString());
return;
}

System.out.println(“Network devices found:”);

int i = 0;
for (PcapIf device : alldevs) {
String description =
(device.getDescription() != null) ? device.getDescription()
: “No description available”;
System.out.printf(“#%d: %s [%s]\n”, i++, device.getName(), description);
}

PcapIf device = alldevs.get(0); // We know we have atleast 1 device
System.out
.printf(“\nChoosing ‘%s’ on your behalf:\n”,
(device.getDescription() != null) ? device.getDescription()
: device.getName());

/***************************************************************************
* Second we open up the selected device
**************************************************************************/
int snaplen = 64 * 1024; // Capture all packets, no trucation
int flags = Pcap.MODE_PROMISCUOUS; // capture all packets
int timeout = 10 * 1000; // 10 seconds in millis
Pcap pcap =
Pcap.openLive(device.getName(), snaplen, flags, timeout, errbuf);

if (pcap == null) {
System.err.printf(“Error while opening device for capture: ”
+ errbuf.toString());
return;
}

/***************************************************************************
* Third we create a packet handler which will receive packets from the
* libpcap loop.
**************************************************************************/
PcapPacketHandler<String> jpacketHandler = new PcapPacketHandler<String>() {

public void nextPacket(PcapPacket packet, String user) {

System.out.printf(“Received packet at %s caplen=%-4d len=%-4d %s\n”,
new Date(packet.getCaptureHeader().timestampInMillis()),
packet.getCaptureHeader().caplen(), // Length actually captured
packet.getCaptureHeader().wirelen(), // Original length
user // User supplied object
);
}
};

/***************************************************************************
* Fourth we enter the loop and tell it to capture 10 packets. The loop
* method does a mapping of pcap.datalink() DLT value to JProtocol ID, which
* is needed by JScanner. The scanner scans the packet buffer and decodes
* the headers. The mapping is done automatically, although a variation on
* the loop method exists that allows the programmer to sepecify exactly
* which protocol ID to use as the data link type for this pcap interface.
**************************************************************************/
pcap.loop(10, jpacketHandler, “jNetPcap rocks!”);

/***************************************************************************
* Last thing to do is close the pcap handle
**************************************************************************/
pcap.close();
}
}
运行后输出结果如下：

Network devices found:
#0: \Device\NPF_{BC81C4FC-242F-4F1C-9DAD-EA9523CC992D} [Intel(R) PRO/100 VE]
#1: \Device\NPF_{E048DA7F-D007-4EEF-909D-4238F6344971} [VMware Virtual Ethernet Adapter]
#2: \Device\NPF_{5B62B373-3EC1-460D-8C71-54AA0BF761C7} [VMware Virtual Ethernet Adapter]

Choosing ‘Intel(R) PRO/100 VE) ‘ on your behalf:
Received packet at Tue Nov 03 18:52:42 EST 2009 caplen=1362 len=1362 jNetPcap rocks!
Received packet at Tue Nov 03 18:52:45 EST 2009 caplen=82 len=82 jNetPcap rocks!
Received packet at Tue Nov 03 18:52:45 EST 2009 caplen=145 len=145 jNetPcap rocks!