Packet Capture

C

Captain Blammo

I was wanting to write a little network monitoring tool that will sit on my
network in promiscuous mode and gather stats from a few application layer
protocols. I'd want to keep tabs on how many connections are set up, as well
as things like how many HTTP requests go back and forth (maybe even what
type of resource is requested).

I'm quite new to the more in-depth aspects of networking, and was wondering
what package anyone would recommend for doing this. I'm currently looking at
Jpcap (http://sourceforge.net/projects/jpcap). If anyone knows of a good
reason to use/not use it, or has any alternate recommendations, they'd be
greatly appreciated. It seems to be more than capable doing what I want, but
I'm not sure if it is, or if there's something better suited to my needs out
there.

Ewan
 
G

Gordon Beaton

I was wanting to write a little network monitoring tool that will
sit on my network in promiscuous mode and gather stats from a few
application layer protocols. I'd want to keep tabs on how many
connections are set up, as well as things like how many HTTP
requests go back and forth (maybe even what type of resource is
requested).

I'm quite new to the more in-depth aspects of networking, and was
wondering what package anyone would recommend for doing this. I'm
currently looking at Jpcap (http://sourceforge.net/projects/jpcap).
If anyone knows of a good reason to use/not use it, or has any
alternate recommendations, they'd be greatly appreciated. It seems
to be more than capable doing what I want, but I'm not sure if it
is, or if there's something better suited to my needs out there.

Jpcap provides a Java binding to libpcap (package capture library) as
well as a visualisation tool. Similar tools like Ethereal and Tcpdump
(and probably any other packet capture tools you'll find) are all
based on libpcap, and differ mainly in presentation.

If you want to write your tool in Java, then Jpcap is probably the way
to go. Otherwise, Ethereal has a plugin architecture that lets you add
funtionality or support for additional protocols. Finally, using
libpcap directly (from C) isn't all that difficult if you want to
write a specialized tool.

Also realize that in a switched network, you can only see broadcast
traffic and traffic specifically to and from your host. Most likely
you won't be able to collect data for several servers from a single
location unless you can use a mirroring switch or a hub.

That said, it might be easier to collect http statistics from the web
server software itself (although I don't have any concrete suggestions
here). On the other hand, if you're talking about monitoring your own
use of (other) web servers, a web proxy might be a more suitable
solution.

/gordon
 
C

Captain Blammo

If you want to write your tool in Java, then Jpcap is probably the way
to go. Otherwise, Ethereal has a plugin architecture that lets you add
funtionality or support for additional protocols. Finally, using
libpcap directly (from C) isn't all that difficult if you want to
write a specialized tool.
<snip>

I do indeed want to write my own tool, as much for learning purposes as
anything else. Thanks for the advice, I guess I'll be using Jpcap.

Ewan
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,899
Latest member
RodneyMcAu

Latest Threads

Top