Dissecting network packets
Hi,
I would like to dissect some packets in Java, specifically SIP and RTP packets.
I have used jpcap to sniff the packets off the network and the contents of the packet are placed in a byte array.
Does anyone have an idea of how to split this packet up so for example I can see what codecs have been specified, ip source and destination address etc.
I tried looking at the C source code of Wireshark to give me an idea but it seemed pretty complicated.
Any suggestions welcome.
[515 byte] By [
Wimnat1a] at [2007-11-27 0:15:59]
# 3
> The problem is that within the body of the packet
> that is lots of variable length data. How can i
> search through a byte array looking for when to start
> and stop?
I suspect that the problem is that you haven't actually read the protocol documents.
Variable data occurs all the time in protocols. Protocols are useless unless there is some way to detect that in the message itself (and which the documentation defines.)
# 5
for(int i=0; i<bytearray.length; i++){
if(bytearray[i]=="certain character"){
break; //stop
}else{
continue; //move to the next byte
}
}
# 6
The data within my byte array is from a network packet. When I print out this data element by element i get a list of integer values. E.g. a UDP packet i captured returned...
a[0] = 0
a[1] = 53
a[2] = 4
a[3] = 60
a[4] = 0
a[5] = -35
a[5] = -111
a[5] = -10
What do these values represent? Will it be easier to convert them to ascii before i search through them?
# 7
well i dont know its protocol specific! see if transmitted data is raw data "binary" or character data "and if so you have to know what charset its using" in the protocol documentation, And according to it see how to cast your byte array.Hope that I ve helped you.Amr M.
# 8
> I have read the specs thanks! I am a java n00b though
> so i repeat the "How can i search through a byte
> array looking for when to start and stop?" part of
> question!
>
And again this has nothing to do with java. I have done this is C, C++, java, SQL and perl.
A simple protocol definition would be as follows
4 byte msg type
<data>
Format for Msg type = 'abcd'
2 byte int
2 byte data length
<data>
1 byte checksum
Format for Msg type = 'XXXX'
4 byte data length
<data>
1 byte checksum
The above defines the contents of messge which are significantly different depending on the needs of the messge. Both have variable data and both completely define how one needs to extract that information (excluding various misc things like endianess and character sets.)
The protocol defines how you extract the data and what it means.
Generally code based on that can be constructed (and ony constructed) using ifs and for loops. If you are unfamilar with those constructs then you might wish to choose another project. Other than that you start at the beginning of the message (as defined by the protocol) and work you way to the end.
