Wednesday, July 15, 2009

Sending customized TCP packets using jpcap and libpcap

Sorry I haven't blogged for a while; I've moved to Twitter.com/sumanrs for most updates. I'm only using this blog for longer posts now.

So my task this week was to create customized TCP packets for the NetSerV experiment. I would have had to look for a user-level TCP stack ... or use the popular pcap implementation, which can generate packets on the network.

And since this has to run on Java, we have to use jpcap (there is an older version on Sourceforge, which I did not try.)

I was able to successfully create a program that can send TCP packets, both on Windows and Linux. And was able to compile and run SendTCP.java, which can send packets

To get the TCP packets to send properly in a local network and be received at the remote node, you need to know a few things:
  1. Make sure to correctly specify source and destination MAC addresses. You can get the source MAC address by doing:
    ether.src_mac = device.mac_address;
    You will have to manually set the receiver's MAC address, or look at ARP.java to figure how to do it over the network.
  2. Make sure to correctly specify source and destination IP address. Can be done through InetAddress.getByName() as in the example.
  3. For unknown TCP ports that don't have any daemons running on them, you may not get a ACK response for a SYN packet, though you will get a TCP RST packet.
  4. If you send it to a port that has a daemon, you will get a nice ACK packet, which you can handle properly.

Windows ran succesfully, but I learnt a few things for the Linux install since I had to run it on a AMD 64-bit processor:
  1. There seems to be no version of jpcap download on the jpcap site. So you will have to build it yourself.
  2. Download the source from the jpcap site.
  3. Follow instructions for source install here.
  4. You need libpcap and libpcap-dev installed. libpcap is most likely already installed; if you want libpcap-dev, do "sudo apt-get install libpcap-dev"
  5. You can install the native library and the JAR by following the instructions in #3.
Posted by at
Labels:

2 comments:

Unknown said...

I too am experimenting with jpcap. I wrote a class to get the default gateways IP address and Mac address on hosts running FreeBSD, Mac OS X, Linux, and Solaris. Still working on windows. See http://www.larush.com/DefaultGateway/javadoc/index.html

John Rushford
jjrushford@gmail.com

1:52 AM
ram said...

Hi Suman,

I am Ramakrishna Annamaneni From university of texas at san antonio.

i started using jpcap recently. I need some help from you.can you help me with how to find out the source and destination IP address and port number of captured packets using java + jpcap.

i am able to capture packets and filter it by TCP, but i couldnt able to find the above requirement.

thanks in advance

10:03 PM

Post a Comment

Subscribe to: Post Comments (Atom)