This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Java API to dissect Wireless Packets captured by Wireshark ( .libcap)

0

For my project I am capturing WIRELESS traffic using wireshark ( .cap format ) and I want to read packets in that traffic. So anybody knows Java library that can be used to read contain of the packets ( WIRELESS not ETHERNET )

asked 10 Feb '14, 05:47

WIDS's gravatar image

WIDS
257713
accept rate: 0%

edited 12 Feb '14, 16:08

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196


One Answer:

1

This page lists some pcap libraries, including some for Java.

answered 10 Feb '14, 06:15

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

thank you Grahamb but these libraries are for ethernet i want for wireless

(10 Feb '14, 07:42) WIDS

i want for wireless

Can you please be more specific. What wireless specific data do you expect to read from the capture file?

(10 Feb '14, 07:48) Kurt Knochner ♦

I want netwotk layer and transport layer data from wireless packet and above layer

(10 Feb '14, 09:12) WIDS

@WIDS

I haven't checked (as I don't care for Java) but the libraries should be able to read data from the pcap file regardless of what transport layer is used. Some of the discussions about Ethernet may be about using the libraries to capture traffic, not just reading a pcap file. See also the Wiki page on the libpcap file format.

You'll only be able to read "wireless data" from the pcap file if it's actually present, regardless of what libraries you use. What gets saved in the pcap for Wireless traffic depends on what the drivers hand off to the capturing mechanism on the OS on which the captures are being made.

(10 Feb '14, 09:32) grahamb ♦

I want netwotk layer and transport layer data from wireless packet and above layer

well.... yes ....

Let me rephrase my question!

Do you need the dissection capabilities of Wireshark, meaning do you need to have access to all sorts of 'fields', like tcp.flags.syn, http.request, ssl.handshake.certificate, etc., or just a tool/library to read the capture file and you will do the dissection yourself?

(10 Feb '14, 11:36) Kurt Knochner ♦

No sir , I want As much information as I cant get with Wireshark ( including above you mention ).... for wireless network

(12 Feb '14, 10:01) WIDS

I need dissection capability but not from wireshark, using wireshark for sniffing purpose only.... i want to do that dissection by myself using java but not getting any library for it....

(14 Feb '14, 18:57) WIDS

maybe I don't understand your problem.

@grahamb posted a link which contains several Java libpcap wrappers. They all provide the capability to read a capture file. Some of them have built-in dissectors for ethernet, IP, tcp/udp, etc.

i want to do that dissection by myself using java

You said, you are going to do the dissection yourself, so you won't need the dissection functionality of those libraries??

If so, then what exactly is the problem with those libraries?

(15 Feb '14, 10:55) Kurt Knochner ♦

Or do you mean "I don't want to use the Wireshark code to dissect the packets, but I don't want to have to do all the dissection work, so I need a library that does some or all of the dissection work, the same way the libraries @grahamb listed can dissect Ethernet packets"?

I.e., "I want to do that dissection by myself" doesn't mean "I want to write my own code to take an array of raw bytes and dissect packets", it means "I don't want to use the Wireshark code to dissect it"?

(15 Feb '14, 18:24) Guy Harris ♦♦

probably the solution to your question is here:

http://ask.wireshark.org/questions/29902/running-wireshark-continuously

Instead of using a Java libpcap wrapper (that does not provide the functionality you need), run tshark and parse the output with Java.

(16 Feb '14, 03:01) Kurt Knochner ♦

yes i need all all information of TCP/IP or UDP/IP and want to save it in MYsql table

(17 Feb '14, 11:20) WIDS
showing 5 of 11 show 6 more comments