This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Anyone knows how to convert .pcap file to plain text file in Java ?

0

I want to convert pcap files in plain text files like Wireshark does, from Java source code. Anyone knows how can I do it?

asked 28 Jul '15, 13:25

Miguel%20Freitas's gravatar image

Miguel Freitas
11224
accept rate: 0%


2 Answers:

1

There are at least two libraries: pcap4j and jNetPcap.

It seems as though pcap4j is working on OS X, while the other is not. (And it is newer).

There is a sample for reading a file:

package org.pcap4j.sample;

import java.io.EOFException; import java.util.concurrent.TimeoutException; import org.pcap4j.core.NotOpenException; import org.pcap4j.core.PcapHandle; import org.pcap4j.core.PcapHandle.TimestampPrecision; import org.pcap4j.core.PcapNativeException; import org.pcap4j.core.Pcaps; import org.pcap4j.packet.Packet;

@SuppressWarnings("javadoc") public class ReadPacketFile {

private static final int COUNT = 5;

private static final String PCAP_FILE_KEY = ReadPacketFile.class.getName() + ".pcapFile"; private static final String PCAP_FILE = System.getProperty(PCAP_FILE_KEY, "src/main/resources/echoAndEchoReply.pcap");

public static void main(String[] args) throws PcapNativeException, NotOpenException { PcapHandle handle; try { handle = Pcaps.openOffline(PCAP_FILE, TimestampPrecision.NANO); } catch (PcapNativeException e) { handle = Pcaps.openOffline(PCAP_FILE); }

for (int i = 0; i < COUNT; i++) {
  try {
    Packet packet = handle.getNextPacketEx();
    System.out.println(handle.getTimestamp());
    System.out.println(packet);
  } catch (TimeoutException e) {
  } catch (EOFException e) {
    System.out.println("EOF");
    break;
  }
}

handle.close();

} }

answered 21 Oct ‘15, 10:49

user1234's gravatar image

user1234
56237
accept rate: 50%

0

While there are some pcap libraries for Java (as mentioned by @user1234), they don't have (by far) the dissection functionality of Wireshark. As there is no (official) Wireshark library to use, you can run tshark (CLI tool) and parse the output with Java.

See the following similar questions:

https://ask.wireshark.org/questions/38939/pipe-tshark-output-to-java-program
https://ask.wireshark.org/questions/11153/does-wireshark-have-an-api
https://ask.wireshark.org/questions/29902/running-wireshark-continuously

In my answer to the following question I mentioned some links to the 'unofficial' libwireshark. Maybe you can adapt some of the methods for your Java tool.

https://ask.wireshark.org/questions/33630/library-for-display-filters

Regards
Kurt

answered 21 Oct '15, 13:22

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%