Sniffer4J Wiki
A java packet sniffer and forger that wraps pcap libs.
Status: Beta
Brought to you by:
bernardobl
Menu
▾
▴
Home
Attachments
BaseClass.png
(11054 bytes)
Frame.png
(10070 bytes)
classDiagram.png
(51985 bytes)
winProject.png
(53791 bytes)
Sniffer4J
Sniffer4J is a java packet capture and manipulation tool that allows full analysis of a network.
It is built upon pcap libs (winpcap, and libpcap) and can run in Windows and most Linux flavors.
The current stable version (2.0) provides shared libraries (.dll and .so) compiled and tested for both x86 and x64 architectures.
Installing
For instructions on how to install such libraries see [Installation].
For compiling o Sniffer4J libraries see [Compiling Sniffer4J Libraries].
Learning Sniffer4J
The best way to learn how to use Sniffer4J is using it. You may start in the [Tutorial] section for practical examples on how to sniff and forge packets.
Overview
Sniffer4J work’s by parsing packets in a comprehensive Pdu format. Each Pdu encapsulates the next one, making easy to navigate through the Frame. The image Bellow show the basic class structure for Frame and Pdu inside Sniffer4J.
Frames can be forged in the same manner allowing them to be injected in the network. As a matter of fact, there is no packet that Sniffer4J can parse that it cannot forge and send back to network.
Classes
The core packet of Sniffer4J is:
br.com.sniffer4j.capture
And the main class is
br.com.sniffer4j.capture.Capture
This class is the one responsible for capturing, parsing, saving to and read from files, forging packets and gathering information about pcap library. This class extends from
br.com.sniffer4j.capture.CaptureBase
which is a class that have all the native methods to communicate with JNI Sniffer4J library.
The native functions in CaptureBase are as close as possible from raw pcap functions. In a later tutorial we will show how you can extends **CaptureBase ** and use Sniffer4J libraries for your own purpose without Sniffer4J parser.
In order for the Capture class to work, a listener have to be added to it. This listener receives ether a CaptureAdapter to received parsed packets in form of Frame, or CaptureRawAdapter to receive a plain stream of bytes as returned from pcap library (wrapped around a ByteBuffer).
As stated before, the
br.com.sniffer4j.capture.Frame
class have information about the capture, and a linked list of Pdu classes
br.com.sniffer4j.capture.Pdu
class is an abstract class with the basic functionalities of a Pdu. All other Pdus extends from Pdu class. Some Pdu, likeIcmpBasicPdu have different data types according to some parameters of the Pdu itself.
Bellow we can see a synthetic class diagram of Sniffer4J core classes and its relation with Sniffer4J Libraries and Pdus Classes.
Project Members:
- Bernardo Bulgarelli Labronici (admin)
Related
