JPCap - cant capture TCP packets
Question
I'm trying to implement a network sniffer using JPCap library.
The problem is, it is capturing only UDP packets of other nodes. The TCP packets are not being captured. (Actually TCP packets of my computer ONLY are being sniffed)
This is the code I'm using:
captor=JpcapCaptor.openDevice(interfaceList[interfaceNumber], 65535, true, 20);
captor.setFilter("ip and tcp",true);
JpcapWriter writer=JpcapWriter.openDumpFile(captor,"pass.txt");
for(int i=0;i<10;i++){
//capture a single packet
Packet packet=captor.getPacket();
//save it into the opened file
writer.writePacket(packet);
}
writer.close();
1 answers
solution1
0
Are the UDP packets from other nodes that you're seeing being sent to the broadcast MAC address (ff:ff:ff:ff:ff:ff)? If so, then the problem isn't that you can capture UDP packets but not TCP packets, the problem is that you can't capture non-broadcast packets from other hosts (UDP packets can be broadcast packets, but most aren't; TCP packets are never broadcast packets).
I'm guessing that the third argument to the openDevice method of jpcap.JpcapCaptor specifies whether promiscuous mode is to be set or not; if so, you're requesting it, which is necessary in order to capture non-broadcast packets sent from other hosts to some other host.
If so, then the problem may be that you're on a switched network. See the CaptureSetup/Ethernet page on the Wireshark Wiki for details on what you would need to do in order to capture "third-party" traffic on a switched Ethernet network.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.