pcap4j 实现本地抓包以及解析DNS

/* * Project: pcap4jDemo * * File Created at 2018年9月10日 * * Copyright 2016 bd_liang * All rights reserved. * * This software is the confidential and proprietary information of * ZYHY Company. ("Confidential Information"). You shall not * disclose such Confidential Information and shall use it only in * accordance with the terms of the license. */ package com.test.pcap; import java.nio.file.Paths; import org.pcap4j.core.NotOpenException; import org.pcap4j.core.PacketListener; import org.pcap4j.core.PcapDumper; import org.pcap4j.core.PcapHandle; import org.pcap4j.core.PcapNativeException; import org.pcap4j.core.PcapNetworkInterface; import org.pcap4j.core.PcapNetworkInterface.PromiscuousMode; import org.pcap4j.packet.DnsPacket; import org.pcap4j.packet.Packet; import org.pcap4j.packet.DnsPacket.DnsHeader; /** * @Type CoreCapture.java * @Desc * @author bd_liang * @date 2018年9月10日 下午4:56:23 * @version */ public class CoreCapture extends Thread { /** * 抓包保存地址（jdk1.7） */ private static final String DUMP_FILE = Paths.get("capture.pcap").toAbsolutePath().toString(); /** * 抓包长度 */ private static final int SNAPLEN = 64 * 1024; /** * 读取超时设置 */ private static final int TIMEOUT = 10 * 1000; /** * 抓包句柄 */ private PcapHandle pcapHandle; /** * 保存本地 dumper */ private PcapDumper dumper; /** *在线抓包以及保存至本地 * * @return * @throws InterruptedException */ private boolean captureAndDumpLive() throws InterruptedException { // PcapNetworkInterface nif = PcapNIfManager.getCaptureNetworkInterface("127.0.0.1"); if (nif == null) { return false; } try { // 抓包 pcapHandle = nif.openLive(SNAPLEN, PromiscuousMode.PROMISCUOUS, TIMEOUT); // 打开抓包数据写入文件 dumper = pcapHandle.dumpOpen(DUMP_FILE); // 循环处理 -1 为持续抓包，直至中断退出,可以设定为正整数（抓包个数）， pcapHandle.loop(-1, new CoreCaptureListener()); // 也可以采用如下方式，进行循环抓包， /* while (true) { Packet packet = pcapHandle.getNextPacket(); if (packet == null) { continue; } else { if (condition) { break; } } }*/ } catch (PcapNativeException e) { e.printStackTrace(); return false; } catch (NotOpenException e) { e.printStackTrace(); return false; } return true; } @Override public void run() { try { captureAndDumpLive(); } catch (InterruptedException e) { // TODO Auto-generated catch block // e.printStackTrace(); } } /** * 停止抓包 */ public void quit() { System.out.println("======================停止抓包================"); if (pcapHandle != null) { if (dumper != null) { dumper.close(); } try { if (pcapHandle.isOpen()) { pcapHandle.breakLoop(); } } catch (NotOpenException e) { // TODO Auto-generated catch block e.printStackTrace(); } pcapHandle.close(); } } class CoreCaptureListener implements PacketListener { /* (non-Javadoc) * @see org.pcap4j.core.PacketListener#gotPacket(org.pcap4j.packet.Packet) */ @Override public void gotPacket(Packet packet) { // 解析DNS 数据信息 if (packet.contains(DnsPacket.class)) { DnsHeader dnsHeader = packet.get(DnsPacket.class).getHeader(); if (dnsHeader.isResponse()) { dnsHeader.getAnswers().get(0).getName(); } else { dnsHeader.getQuestions(); // DNS 记录类型 System.out.println(dnsHeader.getQuestions().get(0).getQType()); } } try { dumper.dump(packet); } catch (NotOpenException e) { // TODO Auto-generated catch block e.printStackTrace(); } } } } /** * Revision history * ------------------------------------------------------------------------- * * Date Author Note * ------------------------------------------------------------------------- * 2018年9月10日 bd_liang create */