pcap - How to get IP address from ICMP packets using jnetpcap -
i using jnetpcap analyze pcap files. know how addresses when encounter ip header
if(packet.hasheader(ip)&&packet.hasheader(tcp)&&tcp.flags_syn()) { sip = packet.getheader(ip).source(); sourceip = org.jnetpcap.packet.format.formatutils.ip(sip);
but don't know how address when have icmp header. tried this
else if(packet.hasheader(icmp)) { sip=packet.getheader(icmp).source(); sourceip = org.jnetpcap.packet.format.formatutils.ip(sip);
but apparently, isn't valid. ideas? thank in advance
update: used
if(packet.hasheader(ip, 1)) { sip=ip.source(); sourceip = org.jnetpcap.packet.format.formatutils.ip(sip);}
but got error:
exception in thread "main" java.lang.nullpointerexception @ diplomatiki.ex2.main(ex2.java:83)
line 83 contains command:
sip=packet.getheader(ip,1).source();
i tried hit mark's advice, , added
system.out.println(packet.getstate().todebugstring());
i realized program got stuck on third packet, tried what's in fourth. got:
jmemory: jmemory@4b8838class org.jnetpcap.packet.jpacket$state: size=240 bytes jmemory: owner=packet.jscanner.class(size=136528/offset=35128) jpacket.state#004: sizeof(packet_state_t)=120 jpacket.state#004: sizeof(header_t)=40 , *3=120 jpacket.state#004: pkt_header_map=0x16 jpacket.state#004: pkt_flags=0x0 jpacket.state#004: pkt_header_count=3 jpacket.state#004: pkt_wirelen=62 jpacket.state#004 : [ protocol(id/flag) | start | prefix | header | gap | payload | postfix ] jpacket.state#004[0]: [ ethernet( 1/0800) | 0 | 0 | 14 | 0 | 48 | 0 ] jpacket.state#004[1]: [ ip4( 2/0800) | 14 | 0 | 20 | 0 | 28 | 0 ] jpacket.state#004[2]: [ tcp( 4/0800) | 34 | 0 | 28 | 0 | 0 | 0 ]
does you?
hi correct usage use packet.hasheader(ip, 1). second instance of ipv4 , binding packet. note usage of getheader redundant. hasheader automatically binds header packet if header exists.
i.e. if(packet.hasheader(ip, 1)) { sip=ip.source(); sourceip = org.jnetpcap.packet.format.formatutils.ip(sip); }
to visualize , debugging purposes , see headers have been dissected , stored in packet state table use following code snippet dump contents:
system.out.println(packet.getstate().todebugstring());
hope helps.
Comments
Post a Comment