This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

pipe tshark output to java program

0

i want to pipe packets from tshark to java program

when i use this command

tshark -i 1 -T fields -e frame.number -e ip.src -e tcp.window_size_value -e frame.time -e data.text -e tcp.analysis.duplicate_ack -e tcp.analysis.out_of_order -e tcp.analysis.retransmission -e tcp.analysis.fast_retransmission -e tcp.analysis.spurious_retransmission -e tcp.analysis.zero_window -e tcp.stream -E header=y -E separator=, >output.csv

it create output.csv file with columns i mentioned in the command

i want to flush packets captured by tshark to java program so i found this code

package javaapplication25;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.*;


/**
*


    

  • 

    @author shedalap
*/
public class JavaApplication25 {
    

    /**
    

      

    • 

      @param args the command line arguments
*/
public static void main(String[] args)throws IOException{
      

      BufferedReader in = new BufferedReader(new InputStreamReader(System.in));
String s;
while ((s=in.readLine())!=null&&s.length()!=0) {
System.out.println(in.read());
}
}
}

when i run the program no problems

in tshark i put this command

tshark -r 111.pcapng -T fields -e frame.number -e ip.src -e tcp.window_size_value -e frame.time -e data.text -e tcp.analysis.duplicate_ack -e tcp.analysis.out_of_order -e tcp.analysis.retransmission -e tcp.analysis.fast_retransmission -e tcp.analysis.spurious_retransmission -e tcp.analysis.zero_window -e tcp.stream -E header=y -E separator=, -l | java "C:\Users\shedalap\Documents\NetBeansProjects\JavaApplication25\build\classes\javaapplication25.class"

i get this error

tshark : an error occurred while printing packets : invalid arguments

why what is wrong ?

thank you very much

asked 08 Jan ‘15, 02:34

shady's gravatar image

shady
118813
accept rate: 0%

edited 08 Jan ‘15, 02:55

grahamb's gravatar image

grahamb ♦
19.8k330206

i think i am close when i entered this command

tshark -i 1 -f -T fields -f -e frame.number -f -e ip.src -e tcp.win dow_size_value -e frame.time -e data.text -e tcp.analysis.duplicate_ack -e tcp.a nalysis.out_of_order -e tcp.analysis.retransmission -e tcp.analysis.fast_retrans mission -e tcp.analysis.spurious_retransmission -e tcp.analysis.zero_window -e t cp.stream -E header=y -E separator=, -l > java “C:\Users\shedalap\Documents\NetB eansProjects\JavaApplication25\build\classes\javaapplication25.class”

this should be capture filter but there is syntax error what is it ??

(08 Jan ‘15, 02:57) shady

'> java …'

This will write a file named ‘java’ in the directory where you started tshark, with the output of thshark! It will NOT run java!

(08 Jan ‘15, 04:45) Kurt Knochner ♦

One Answer:

0

tshark : an error occurred while printing packets : invalid arguments

That's because nothing is reading what tshark writes to STDOUT, probably because your Java program does not work as you expect it.

You'll get the same tshark error, if you pipe thshark output to dir (not reading from STDIN).

So, please check the error message you get when you run the following command:

echo "huhu" | java "C:\Users\shedalap\Documents\NetB eansProjects\JavaApplication25\build\classes\javaapplication25.class"

And then ask your local Java guru what that means and how to fix it.

++ UPDATE ++

I did not see the package statement in the Java code in the first place. This, and the way you are running the Java code (with .class) causes the termination of your java process with errors.

So, to fix your Java problem, still ask your local Java guru, as this ia the Wireshark Q&A site!

Besides that you can try to either remove the package statement or call your Java code in a different way.

Without package statement:

java JavaApplication25 (no .class !!!)

With package statement:

mkdir JavaApplication25
copy JavaApplication25.class to JavaApplication25
run: java JavaApplication25.JavaApplication25

See the following discussion (and google) for an explanation: http://stackoverflow.com/questions/3081689/why-cant-i-run-my-java-hello-world-program-if-it-is-inside-a-package

Regards
Kurt

answered 08 Jan '15, 05:32

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 08 Jan '15, 07:10

thank you very much

removing package statement helped me very much it worked now tshark capture packets and flushes them to javaapplication25 by using this command in tshark

C:\Program Files\Wireshark>tshark -r 111.pcapng -T fields -e frame.number -e ip.src -e tcp.window_size_value -e frame.time -e data.text -e tcp.analysis.duplicate_ack -e tcp.analysis.out_of_order -e tcp.analysis.retransmission -e tcp.analysis.fast_retransmission -e tcp.analysis.spurious_retransmission -e tcp.analysis.zero_window -e tcp.stream -E header=y -E separator=, -l | java JavaApplication5

also i compiled the code by using netbeans and copied JavaApplication.class file to wireshark folder and entered the mentioned command and worked

unfortunately nothing appeared in java console as you can see in this image http://www.mediafire.com/view/z26tlvl66ouzozg/Untitled3.jpg

any help here ?

(09 Jan '15, 02:37) shady

unfortunately nothing appeared in java console as you can see in this image

If I take the Java code you posted and run the following command, it does not work either:

echo "Hhuhu" | java JavaApplication25

Output: -1

So, that's clearly a Java problem and not a tshark problem. Please ask your local Java guru how to fix that!

(09 Jan '15, 07:02) Kurt Knochner ♦

ok i will thank you very much for helping me

(09 Jan '15, 07:16) shady