Parse pcap Ethereal file SNMP messages

[pavel.orehov]

Hi,

I am looking for a way to parse Ethereal pcap file with SNMP messages.

Need to integrate this code into my application without installing any
other applications or libraries such as WinPcap. But can include other
jars into my distribution package.

Checked:
- JNetStream: don't have SNMP messages ready parser
- JPCap: require WinPCap installation

Thanks,
Pavel

 

[Gordon Beaton]

I am looking for a way to parse Ethereal pcap file with SNMP messages.

Need to integrate this code into my application without installing any
other applications or libraries such as WinPcap. But can include other
jars into my distribution package.

Checked:
- JNetStream: don't have SNMP messages ready parser
- JPCap: require WinPCap installation

So you want to open and parse a file created by pcap, without using
the pcap library? Is there any reason your application can't use the
existing library?

Seems simple enough, just reimplement it yourself.

A smarter way though, is to use the pcap library.

/gordon

--

 

[pavel.orehov]

So you want to open and parse a file created by pcap, without using
the pcap library? Is there any reason your application can't use the
existing library?

Seems simple enough, just reimplement it yourself.

A smarter way though, is to use the pcap library.

/gordon

--

I don't have any problem to use PCap library. I just need the library
in jars and not as setup installer in order to add these jars to my
collection of already used jars.

 

[Gordon Beaton]

I don't have any problem to use PCap library. I just need the library
in jars and not as setup installer in order to add these jars to my
collection of already used jars.

In that case, I really can't see what the problem is.

Build the package, get the jars and package them with your application
(if the author lets you distribute his code that way). Failing that,
tell your users that the library is a prerequisite for using your
application.

/gordon

--

 

[Roedy Green]

I am looking for a way to parse Ethereal pcap file with SNMP messages.

Ethereal has a new name and home, and left no forwarding address.

Perhaps wireshark docs may help. See
http://mindprod.com/jgloss/wireshark.html

 

[pavel.orehov]

If someone is looking for this solution it is possible to do this with
JNetStream and SNMP4J libraries in a pretty easy way.

The algorithm is as follows:
- Parse pcap file stream with JNetStream decoder and run over all
packets in pcap file

Decoder decoder = new Decoder(pcap_filename);
Packet packet = null;
byte[] buff = null;

while ((packet = decoder.nextPacket()) != null)
{
buff = packet.getDataValue();

// get timestamp
TimePrimitive timePrimitive =
(TimePrimitive)packet.getProperty("timestamp");
Timestamp sqlTimestamp = (Timestamp)timePrimitive.getValue();
timestamp = sqlTimestamp.getTime();

// get source IP address
Field saddrField = packet.getHeader("IPv4").getField("saddr");
com.voytechs.jnetstream.primitive.address.IpAddress saddr =

(com.voytechs.jnetstream.primitive.address.IpAddress)saddrField.getValue();
String saddrStr = saddr.getInetObject().getHostAddress();

// skip not udp packets
if (packet.getHeader("UDP") == null)
{
continue;
}

// send this buffer, timestamp and source IP to SNMP4J
// you should oi
}