Packet Filtering using JPCAP

import java.net.*;
import java.io.*;
import jpcap.JpcapCaptor;
import jpcap.JpcapSender;
import jpcap.NetworkInterface;
import jpcap.NetworkInterfaceAddress;
import jpcap.packet.*;
class Main
{
/* variables */
JpcapCaptor captor;
NetworkInterface[] list;
String str,info;
int x, choice;
public static void main(String args[])
{
new Main();
}
public Main()
{
/* first fetch available interfaces to listen on */
list = JpcapCaptor.getDeviceList();
System.out.println("Available interfaces: ");
for(x=0; x<list.length; x++)
{
System.out.println(x+" -> "+list[x].description);
}
System.out.println("-------------------------\n");
choice = Integer.parseInt(getInput("Choose interface (0,1..): "));
System.out.println("Listening on interface -> "+list[choice].description);
System.out.println("-------------------------\n");
/*Setup device listener */
try
{
captor=JpcapCaptor.openDevice(list[choice], 65535, false, 20);
/* listen for TCP/IP only */
captor.setFilter("ip and tcp", true);

}
catch(IOException ioe) { ioe.printStackTrace(); }
/* start listening for packets */
while (true)
{
Packet info = captor.getPacket();
if(info != null)
System.out.println(info);
}
}
/* get user input */
public static String getInput(String q)
{
String input = "";
System.out.print(q);
BufferedReader bufferedreader = new BufferedReader(new
InputStreamReader(System.in));
try
{
input = bufferedreader.readLine();
}
catch(IOException ioexception)
{
}
return input;
}
} /*end class*/

OUTPUT:
C:\Packet Capturing\jSniff>javac Main.java
C:\Packet Capturing\jSniff>java Main
Available interfaces:
0 -> MS Tunnel Interface Driver
1 -> Realtek 10/100/1000 Ethernet NIC
(Microsoft's Packet Scheduler)
------------------------Choose interface (0,1..): 1
Listening on interface -> Realtek 10/100/1000 Ethernet NIC
(Microsoft's Packet Scheduler)
------------------------1319000427:719763 /172.10.0.81->/172.10.0.132 protocol(6) priority(0) hop(128)
offset(0) ident(2203) TCP 445 > 1140 seq(2709085387) win(64592) ack 1006552375
P
1319000427:720418 /172.10.0.132->/172.10.0.81 protocol(6) priority(0) hop(128)
offset(0) ident(714) TCP 1140 > 445 seq(1006552375) win(64567) ack 2709085526
P
1319000427:721224 /172.10.0.81->/172.10.0.132 protocol(6) priority(0) hop(128)
offset(0) ident(2204) TCP 445 > 1140 seq(2709085526) win(64452) ack 1006552515
P
1319000427:721667 /172.10.0.132->/172.10.0.81 protocol(6) priority(0) hop(128)
offset(0) ident(715) TCP 1140 > 445 seq(1006552515) win(64516) ack 2709085577
P
1319000427:721972 /172.10.0.81->/172.10.0.132 protocol(6) priority(0) hop(128)
offset(0) ident(2205) TCP 445 > 1140 seq(2709085577) win(64389) ack 1006552578
P
1319000427:722751 /172.10.0.132->/172.10.0.81 protocol(6) priority(0) hop(128)
offset(0) ident(716) TCP 1140 > 445 seq(1006552578) win(64384) ack 2709085709
P
1319000427:930959 /172.10.0.81->/172.10.0.132 protocol(6) priority(0) hop(128)
offset(0) ident(2206) TCP 445 > 1140 seq(2709085709) win(65535) ack 1006553370

ALGORITHM:
JPCAP
Jpcap can be used to develop many kinds of network applications, including (but not
limited to):
network and protocol analyzers
network monitors
traffic loggers
traffic generators
user-level bridges and routers
network intrusion detection systems (NIDS)
network scanners
security tools
Jpcap captures and sends packets independently from the host protocols (e.g., TCP/IP).
This means that Jpcap does not (cannot) block, filter or manipulate the traffic generated
by other programs on the same machine: it simply "sniffs" the packets that transit on the
wire. Therefore, it does not provide the appropriate support for applications like traffic
shapers, QoS schedulers and personal firewalls.

1. Obtain the list of network interfaces

To capture packets from a network, obtain the list of network interfaces.
JpcapCaptor.getDeviceList()
It returns an array of NetworkInterface objects.
A NetworkInterface object contains some information about the corresponding network
interface, such as its name, description, IP and MAC addresses, and datatlink name and
description.

2. Open a network interface

Choose which network interface to captuer packets from, open the interface by
using JpcapCaptor.openDevice() method.
JpcapCaptor.openDevice()
The following piece of code illustrates how to open an network interface
Name:
NetworkInterface intrface
int snaplen
boolean promics

Purpose
Network interface that you want to open.
Max number of bytes to capture at once.
True if you want to open the interface in promiscuous
mode, and otherwise false.
In promiscuous mode, you can capture packets every

int to_ms

packet from the wire

In non-promiscuous mode, you can only capture packets
send and received by your host.
Set a capture timeout value in milliseconds.

3. Capture packets from the network interface

There are two major approaches to capture packets using a JpcapCaptor instance: using a
callback method, and capturing packets one-by-one.
Capturing packets one-by-one
capture packets using the JpcapCaptor.getPacket() method.
getPacket() method simply returns a captured packet.
getPacket() method multiple times to capture consecutive packets.

4. Set capturing filter

In Jpcap, you can set a filter so that Jpcap doesn't capture unwanted packets. For
example, if you only want to capture TCP/IPv4 packets, you can set a filter as following:
The filter expression "ip and tcp" means to to "keep only the packets that are both IPv4
and TCP and deliver them to the application".
By properly setting a filter, you can reduce the number of packets to examine, and thus
can improve the performance of your application.