Parse pcap Ethereal file SNMP messages

Discussion in 'Java' started by pavel.orehov@gmail.com, Oct 2, 2007.

  1. Guest

    Hi,

    I am looking for a way to parse Ethereal pcap file with SNMP messages.

    Need to integrate this code into my application without installing any
    other applications or libraries such as WinPcap. But can include other
    jars into my distribution package.

    Checked:
    - JNetStream: don't have SNMP messages ready parser
    - JPCap: require WinPCap installation

    Thanks,
    Pavel
    , Oct 2, 2007
    #1
    1. Advertising

  2. On Tue, 02 Oct 2007 09:29:49 -0000, wrote:
    > I am looking for a way to parse Ethereal pcap file with SNMP messages.
    >
    > Need to integrate this code into my application without installing any
    > other applications or libraries such as WinPcap. But can include other
    > jars into my distribution package.
    >
    > Checked:
    > - JNetStream: don't have SNMP messages ready parser
    > - JPCap: require WinPCap installation


    So you want to open and parse a file created by pcap, without using
    the pcap library? Is there any reason your application can't use the
    existing library?

    Seems simple enough, just reimplement it yourself.

    A smarter way though, is to use the pcap library.

    /gordon

    --
    Gordon Beaton, Oct 2, 2007
    #2
    1. Advertising

  3. Guest

    On Oct 2, 6:23 pm, Gordon Beaton <> wrote:
    > On Tue, 02 Oct 2007 09:29:49 -0000, wrote:
    > > I am looking for a way to parse Ethereal pcap file with SNMP messages.

    >
    > > Need to integrate this code into my application without installing any
    > > other applications or libraries such as WinPcap. But can include other
    > > jars into my distribution package.

    >
    > > Checked:
    > > - JNetStream: don't have SNMP messages ready parser
    > > - JPCap: require WinPCap installation

    >
    > So you want to open and parse a file created by pcap, without using
    > the pcap library? Is there any reason your application can't use the
    > existing library?
    >
    > Seems simple enough, just reimplement it yourself.
    >
    > A smarter way though, is to use the pcap library.
    >
    > /gordon
    >
    > --


    I don't have any problem to use PCap library. I just need the library
    in jars and not as setup installer in order to add these jars to my
    collection of already used jars.
    , Oct 2, 2007
    #3
  4. On Tue, 02 Oct 2007 19:44:59 -0000, wrote:
    > I don't have any problem to use PCap library. I just need the library
    > in jars and not as setup installer in order to add these jars to my
    > collection of already used jars.


    In that case, I really can't see what the problem is.

    Build the package, get the jars and package them with your application
    (if the author lets you distribute his code that way). Failing that,
    tell your users that the library is a prerequisite for using your
    application.

    /gordon

    --
    Gordon Beaton, Oct 3, 2007
    #4
  5. Roedy Green Guest

    On Tue, 02 Oct 2007 09:29:49 -0000, ""
    <> wrote, quoted or indirectly quoted someone
    who said :

    >I am looking for a way to parse Ethereal pcap file with SNMP messages.


    Ethereal has a new name and home, and left no forwarding address.

    Perhaps wireshark docs may help. See
    http://mindprod.com/jgloss/wireshark.html
    --
    Roedy Green Canadian Mind Products
    The Java Glossary
    http://mindprod.com
    Roedy Green, Oct 4, 2007
    #5
  6. Guest

    If someone is looking for this solution it is possible to do this with
    JNetStream and SNMP4J libraries in a pretty easy way.

    The algorithm is as follows:
    - Parse pcap file stream with JNetStream decoder and run over all
    packets in pcap file

    Decoder decoder = new Decoder(pcap_filename);
    Packet packet = null;
    byte[] buff = null;

    while ((packet = decoder.nextPacket()) != null)
    {
    buff = packet.getDataValue();

    // get timestamp
    TimePrimitive timePrimitive =
    (TimePrimitive)packet.getProperty("timestamp");
    Timestamp sqlTimestamp = (Timestamp)timePrimitive.getValue();
    timestamp = sqlTimestamp.getTime();

    // get source IP address
    Field saddrField = packet.getHeader("IPv4").getField("saddr");
    com.voytechs.jnetstream.primitive.address.IpAddress saddr =

    (com.voytechs.jnetstream.primitive.address.IpAddress)saddrField.getValue();
    String saddrStr = saddr.getInetObject().getHostAddress();

    // skip not udp packets
    if (packet.getHeader("UDP") == null)
    {
    continue;
    }

    // send this buffer, timestamp and source IP to SNMP4J
    // you should oi
    }
    , Nov 13, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kevin Holleran

    Re: Parse a Wireshark pcap file

    Kevin Holleran, Jan 23, 2013, in forum: Python
    Replies:
    0
    Views:
    230
    Kevin Holleran
    Jan 23, 2013
  2. Dave Angel

    Re: Parse a Wireshark pcap file

    Dave Angel, Jan 23, 2013, in forum: Python
    Replies:
    0
    Views:
    98
    Dave Angel
    Jan 23, 2013
  3. Kevin Holleran

    Re: Parse a Wireshark pcap file

    Kevin Holleran, Jan 23, 2013, in forum: Python
    Replies:
    0
    Views:
    156
    Kevin Holleran
    Jan 23, 2013
  4. Dave Angel

    Re: Parse a Wireshark pcap file

    Dave Angel, Jan 23, 2013, in forum: Python
    Replies:
    0
    Views:
    141
    Dave Angel
    Jan 23, 2013
  5. Kevin Holleran

    Re: Parse a Wireshark pcap file

    Kevin Holleran, Jan 23, 2013, in forum: Python
    Replies:
    0
    Views:
    168
    Kevin Holleran
    Jan 23, 2013
Loading...

Share This Page