Network学习8_Java之Pcap⽂件解析(三:解析⽂件)前⾔ 数据结构已经定义好了,那么现在就开始正式解析Pcap⽂件了。 注:以下仅贴出核⼼代码,项⽬全部代码会在⽂章结尾处给出下载链接 解析Pcap⽂件
1 读取整个Pcap⽂件到内存
FileInputStream fis = null;
try {
fis = new FileInputStream(pcap);
int m = ad(file_header);
//....
} catch // .....
2 读取⽂件头
/**
* 读取 pcap ⽂件头
*/
public PcapFileHeader parseFileHeader(byte[] file_header) throws IOException { PcapFileHeader fileHeader = new PcapFileHeader();
byte[] buff_4 = new byte[4]; // 4 字节的数组
byte[] buff_2 = new byte[2]; // 2 字节的数组
int offset = 0;
for (int i = 0; i < 4; i ++) {
buff_4[i] = file_header[i + offset];
}
offset += 4;
int magic = DataUtils.byteArrayToInt(buff_4);
fileHeader.setMagic(magic);
for (int i = 0; i < 2; i ++) {
buff_2[i] = file_header[i + offset];
}
offset += 2;
short magorVersion = DataUtils.byteArrayToShort(buff_2);
fileHeader.setMagorVersion(magorVersion);
for (int i = 0; i < 2; i ++) {
buff_2[i] = file_header[i + offset];
}
offset += 2;
short minorVersion = DataUtils.byteArrayToShort(buff_2);
fileHeader.setMinorVersion(minorVersion);
for (int i = 0; i < 4; i ++) {
buff_4[i] = file_header[i + offset];
}
offset += 4;
int timezone = DataUtils.byteArrayToInt(buff_4);
fileHeader.setTimezone(timezone);
for (int i = 0; i < 4; i ++) {
buff_4[i] = file_header[i + offset];
}
offset += 4;
int sigflags = DataUtils.byteArrayToInt(buff_4);
fileHeader.setSigflags(sigflags);
for (int i = 0; i < 4; i ++) {
buff_4[i] = file_header[i + offset];
}
offset += 4;
int snaplen = DataUtils.byteArrayToInt(buff_4);
fileHeader.setSnaplen(snaplen);
for (int i = 0; i < 4; i ++) {
buff_4[i] = file_header[i + offset];
}
offset += 4;
int linktype = DataUtils.byteArrayToInt(buff_4);
fileHeader.setLinktype(linktype);
// LogUtils.printObjInfo(fileHeader);
return fileHeader;
}
3 读取数据头
/**
* 读取数据包头
*/
public PcapDataHeader parseDataHeader(byte[] data_header){
byte[] buff_4 = new byte[4];
PcapDataHeader dataHeader = new PcapDataHeader();
int offset = 0;
for (int i = 0; i < 4; i ++) {
buff_4[i] = data_header[i + offset];
}
offset += 4;
int timeS = DataUtils.byteArrayToInt(buff_4);
dataHeader.setTimeS(timeS);
for (int i = 0; i < 4; i ++) {
buff_4[i] = data_header[i + offset];
}
offset += 4;
msinfoint timeMs = DataUtils.byteArrayToInt(buff_4);
dataHeader.setTimeMs(timeMs);
for (int i = 0; i < 4; i ++) {
buff_4[i] = data_header[i + offset];
}
offset += 4;
/
/ 得先逆序在转为 int
int caplen = DataUtils.byteArrayToInt(buff_4);
dataHeader.setCaplen(caplen);
// LogUtils.printObj("数据包实际长度", Caplen()); for (int i = 0; i < 4; i ++) {
buff_4[i] = data_header[i + offset];
}
offset += 4;
// int len = DataUtils.byteArrayToInt(buff_4);
int len = DataUtils.byteArrayToInt(buff_4);
dataHeader.setLen(len);
// LogUtils.printObjInfo(dataHeader);
return dataHeader;
}
读取数据头后,我们将整个数据存⼊ content 字节数组中,⽅便以后的解析
private byte[] content;
content = new Caplen()];
4 读取数据帧
数据帧数据对我们没啥⽤,不做过多解析
/**
* 读取 Pcap 数据帧
* @param fis
*/
public void readPcapDataFrame(byte[] content) {
PcapDataFrame dataFrame = new PcapDataFrame(); int offset = 12;
byte[] buff_2 = new byte[2];
for (int i = 0; i < 2; i ++) {
buff_2[i] = content[i + offset];
}
short frameType = DataUtils.byteArrayToShort(buff_2); dataFrame.setFrameType(frameType);
// LogUtils.printObjInfo(dataFrame);
}
5 读取IP头
private IPHeader readIPHeader(byte[] content) {
int offset = 14;
IPHeader ip = new IPHeader();
byte[] buff_2 = new byte[2];
byte[] buff_4 = new byte[4];
byte varHLen = content[offset ++]; // offset = 15 // LogUtils.printByteToBinaryStr("varHLen", varHLen);
if (varHLen == 0) {
return null;
}
ip.setVarHLen(varHLen);
byte tos = content[offset ++]; // offset = 16
ip.setTos(tos);
for (int i = 0; i < 2; i ++) {
buff_2[i] = content[i + offset];
}
offset += 2; // offset = 18
short totalLen = DataUtils.byteArrayToShort(buff_2);
ip.setTotalLen(totalLen);
for (int i = 0; i < 2; i ++) {
buff_2[i] = content[i + offset];
}
offset += 2; // offset = 20
short id = DataUtils.byteArrayToShort(buff_2);
ip.setId(id);
for (int i = 0; i < 2; i ++) {
buff_2[i] = content[i + offset];
}
offset += 2; // offset = 22
short flagSegment = DataUtils.byteArrayToShort(buff_2); ip.setFlagSegment(flagSegment);
byte ttl = content[offset ++]; // offset = 23
ip.setTtl(ttl);
byte protocol = content[offset ++]; // offset = 24 ip.setProtocol(protocol);
for (int i = 0; i < 2; i ++) {
buff_2[i] = content[i + offset];
}
offset += 2; // offset = 26
short checkSum = DataUtils.byteArrayToShort(buff_2);
ip.setCheckSum(checkSum);
for (int i = 0; i < 4; i ++) {
buff_4[i] = content[i + offset];
}
offset += 4; // offset = 30
int srcIP = DataUtils.byteArrayToInt(buff_4);
ip.setSrcIP(srcIP);
// 拼接出 SourceIP
StringBuilder builder = new StringBuilder();
for (int i = 0; i < 4; i++) {
builder.append((int) (buff_4[i] & 0xff));
builder.append(".");
}
builder.deleteCharAt(builder.length() - 1);
String sourceIP = String();
protocolData.setSrcIP(sourceIP);
for (int i = 0; i < 4; i ++) {
buff_4[i] = content[i + offset];
}
offset += 4; // offset = 34
int dstIP = DataUtils.byteArrayToInt(buff_4);
ip.setDstIP(dstIP);
// 拼接出 DestinationIP
builder = new StringBuilder();
for (int i = 0; i < 4; i++) {
builder.append((int) (buff_4[i] & 0xff));
builder.append(".");
}
builder.deleteCharAt(builder.length() - 1);
String destinationIP = String();
protocolData.setDesIP(destinationIP);
// LogUtils.printObjInfo(ip);
return ip;
}
6 读取TCP头
private TCPHeader readTCPHeader(byte[] content2, int offset) {
byte[] buff_2 = new byte[2];
byte[] buff_4 = new byte[4];
TCPHeader tcp = new TCPHeader();
for (int i = 0; i < 2; i ++) {
buff_2[i] = content[i + offset];
// LogUtils.printByteToBinaryStr("TCP: buff_2[" + i + "]", buff_2[i]); }
offset += 2; // offset = 36
short srcPort = DataUtils.byteArrayToShort(buff_2);
tcp.setSrcPort(srcPort);
String sourcePort = validateData(srcPort);