how do I get the TCP/UDP array of data split into separate components and put those individual fields into a database?

[shiv-365]

I have successfully used the pkts library to get a neat string representation of TCP and UDP packets from a packet capture class that I made. I made a void method that takes in a lambda function that prints out "UDP: ION_DP{array of details of a packet}" but I want to access that buffer and split it into individual fields and add them to a mySQL database.

[aboutsip]

I'm not sure I fully understand. If you are able to create a string out of the details that you want, why can't you just not stitch it together as a string but return it in another format, such as a map, and then you can do whatever you want. Perhaps I'm missing the point.

[shiv-365]

@aboutsip sorry I didn't clarify better. Maybe the code will help:

method throws IOException {
Pcap pcap = Pcap.openStream("output.pcap");
        pcap.loop(packet -> {

            UDPPacket udpPacket;
            Buffer buffer;
             if(packet.hasProtocol(Protocol.UDP)){

                udpPacket = (UDPPacket) packet.getPacket(Protocol.UDP);
                buffer = udpPacket.getPayload();
                if(buffer != null){
                    System.out.println(buffer);

                }

            }
            return true;
        });
}

So the output String/Array of details of what I want is the buffer object inside the lambda function. I want to access it in another class but I am not sure of how to go about doing that. Additionally, since it is a Buffer object, I cannot simply call buffer.toString() on it to get a string of it as I will only get the memory location of it. Is it possible to convert it to an array or List<> or Map<> ?

Hope this clarifies a bit more.

[shiv-365]

is there a built in Buffer method that could give a usable array that I could parse from?

[aboutsip]

ah gotcha. Well no, because it depends on the underlying protocol. As you know, the transport protocol (UDP, TCP etc) just carries a blob of some sorts so when you get the payload of the transport packet, you only get a raw byte array back. Then, if you know what the underlying protocol is, you can use one of the parsers for that particular protocol. E.g., if the payload of the UDP packet is a SIP message, pkts.io do have SIP parsers available, however, if pkts.io doesn't currently have support for that particular protocol (usually an application level protocol, such as SIP, HTTP, XMPP etc) then you will have to write it yourself.

Does that make sense? So the short answer is no, the buffer doesn't give you a usable array because it doesn't know what is encapsulates.

[shiv-365]

Ok it kinda makes sense. For my project, I am only using UDP packets so could I refactor the lambda into its own method, and use the SIP parser to parse it into a string? How would that work?

[aboutsip]

Oh, if you know it is SIP, then just use the built in support for that. I assumed it was any random protocol and you weren't sure what it could be. Checkout this example: https://github.com/aboutsip/pkts/blob/master/pkts-examples/src/main/java/io/pkts/examples/core/CoreExample002.java

it kind of contains everything you need. The key to that example and your use case is just the if-statement in the loop, which is trying to figure out what protocol the payload may be and if it is a known, then get it as that known protocol (such as SIP) and then you deal directly with a SipMessage class.

Hope that helps. If it does, please close the issue again, if not, then keep asking :-)

[shiv-365]

i fixed it! thanks! will reopen if any other issues

[aboutsip]

Awesome, glad you managed to figure it out!

[edwinokugbo]

Hi, Please could you give a hint how you solved this? I have a simiar issue currently.

Thanks

[jonbo372]

What is your actual issue? Are you also trying to frame SIP from a TCP/UDP packet or are you trying to frame something else?

[edwinokugbo]

What is your actual issue? Are you also trying to frame SIP from a TCP/UDP packet or are you trying to frame something else?

I am working on a project to read pcap files, break down the packets and view the raw texts. This is something that is done easily in scapy library for Python. Scapy reads a pcap file and gives you a class that is iterable and broken down into it's various packets easily, is readable ascii format. But pkts playload gives me Binary data and I dont have an idea how to extract this as text and to extract the content like source, destination, ports, protocals, etc.

I want to move the project from Python to Java swing and this is where I am currently stuck

Would appreciate some pointers to clues or any guiding text

Thanks

[jonbo372]

Gotcha. Pkts.io is a bit more raw in that you do need to understand the network layers (e.g. that UDP & TCP are part of the transport layer, which in turn is on top of the IP layer etc) and the content is impossible for pkts.io to guess and as such, you get the raw binary data out by default. If you do know that it is of plain text, you just have to parse it as such.

I added a new example which I hope will help you along: https://github.com/aboutsip/pkts/blob/master/pkts-examples/src/main/java/io/pkts/examples/core/CoreExample003.java