pcap - How to get IP address from ICMP packets using jnetpcap -


i using jnetpcap analyze pcap files. know how addresses when encounter ip header

if(packet.hasheader(ip)&&packet.hasheader(tcp)&&tcp.flags_syn())         {                sip = packet.getheader(ip).source();         sourceip = org.jnetpcap.packet.format.formatutils.ip(sip); 

but don't know how address when have icmp header. tried this

else if(packet.hasheader(icmp))         {         sip=packet.getheader(icmp).source();         sourceip = org.jnetpcap.packet.format.formatutils.ip(sip); 

but apparently, isn't valid. ideas? thank in advance

update: used

if(packet.hasheader(ip, 1)) {     sip=ip.source();     sourceip = org.jnetpcap.packet.format.formatutils.ip(sip);} 

but got error:
exception in thread "main" java.lang.nullpointerexception @ diplomatiki.ex2.main(ex2.java:83)

line 83 contains command:

 sip=packet.getheader(ip,1).source(); 

i tried hit mark's advice, , added

system.out.println(packet.getstate().todebugstring()); 

i realized program got stuck on third packet, tried what's in fourth. got:

jmemory: jmemory@4b8838class org.jnetpcap.packet.jpacket$state: size=240 bytes jmemory: owner=packet.jscanner.class(size=136528/offset=35128) jpacket.state#004: sizeof(packet_state_t)=120 jpacket.state#004: sizeof(header_t)=40 , *3=120 jpacket.state#004:   pkt_header_map=0x16 jpacket.state#004:        pkt_flags=0x0 jpacket.state#004: pkt_header_count=3 jpacket.state#004:      pkt_wirelen=62 jpacket.state#004   : [  protocol(id/flag) | start | prefix | header | gap | payload | postfix ] jpacket.state#004[0]: [  ethernet( 1/0800) |     0 |      0 |     14 |   0 |      48 |       0 ] jpacket.state#004[1]: [       ip4( 2/0800) |    14 |      0 |     20 |   0 |      28 |       0 ] jpacket.state#004[2]: [       tcp( 4/0800) |    34 |      0 |     28 |   0 |       0 |       0 ] 

does you?

hi correct usage use packet.hasheader(ip, 1). second instance of ipv4 , binding packet. note usage of getheader redundant. hasheader automatically binds header packet if header exists.

i.e. if(packet.hasheader(ip, 1)) { sip=ip.source(); sourceip = org.jnetpcap.packet.format.formatutils.ip(sip); }

to visualize , debugging purposes , see headers have been dissected , stored in packet state table use following code snippet dump contents:

system.out.println(packet.getstate().todebugstring());

hope helps.


Comments

Popular posts from this blog

c++ - Difference between pre and post decrement in recursive function argument -

php - Nothing but 'run(); ' when browsing to my local project, how do I fix this? -

php - How can I echo out this array? -