Well I m working on Java project.in order to make an application that will capture all packets in my lan , and be able to see HTTP traffics . I m currently using Jnetpcap API , i succeed listing interface and do a live capture and extract HTTP PACKETS . the problem I m having is I only Capture traffic of my own machine . I have already look up about this in google . the only solution I have found so far is to enable promiscuous mode , i did that using ifconfig cmd , unfortunately the problem remains . I don't how to solve that . any solutions ..??
You can only ever capture traffic that is actually passing through the box you are listening on. Promiscuous mode only means that if traffic happens to arrive at your box but is not addressed to it, it would read that traffic. You are only going to get into that situation if you are using a network hub however. On a switched network, only traffic actually intended for your machine ever gets to your machine.
You would need to use a switch that has a SPAN port in order to monitor all the traffic going through that switch, or run your monitoring program on a system that all your network traffic passes through (a machine on the border of your network, for example).
I use winpcap (not Jnetpcap) but I think somethings are constatnt.
Whether you enable promiscuous mode in your OS or not, you must pass the promiscuous mode flag when you open tour network adapter. For example, in winpcap we do like as below code:
pcap_open(d->name, 65536, PCAP_OPENFLAG_PROMISCUOUS /* promiscuous mode */ , 1000, NULL, errbuf)
For more information please check the official winpcap documentation.
Good luck
Ya Ali.
Related
So, I've built a server manager in java to boot and close game servers on the extra box that I have lying around, but now I'm looking for a way to close down servers that aren't in use automatically.
My current thought was to check if a port was receiving any data with the server manager, and if it goes for a period without any data being caught, to close the server. That's where I run into the issue of being unable to read ports because java can't bind to a port that is already in use. Is there some way to monitor activity on a port without specifically binding to it?
Any help you could provide would be greatly appreciated!
Thanks in advance!
-Mot
[EDIT]
OS:
Windows 7 Home Premium
What I've tried thus far:
-ServerSockets to bind to the port and listen
-DatagramSockets to bind to the port and listen
I'm currently looking into netstat via cmd to see if I can pull any valuable details from there, but no dice thus far
I'm trying to use AWS as a scalable analytics tool. I'm using apache zeppelin as an interactive shell to a Spark cluster and trying to plot using wisp. This is causing a problem as the plotting approach in wisp is to start a web app based on what I think is a jetty server. This works well on my local machine but on AWS it does not work as it picks up the private IP address rather than the public one.
Within wisp, it uses java.net.InetAddress.getLocalHost.getCanonicalHostName
to retrieve the IP address of the machine. This always returns the private FQDN address. How can I make the java function return the public IP address or FQDN AWS provides without hardcoding something in wisp every time I spin up a cluster and rebuilding?
I have tried changing /etc/hosts and /etc/hostname but both have no effect. I don't really know where java.net.InetAddress.getLocalHost.getCanonicalHostName
is getting it's address from.
Any help or advice greatly appreciated.
Dean
I'm an idiot. It was a port issue. It appears that despite displaying the private IP, it's still available on the public IP.
Turn off the internal firewall with sudo ufw disable (on an ubuntu vm anyway, look up the alternative command for your flavour of vm).
Next, go to the AWS EC2 Management page for your account and click on the security group of your instance.
On the security group page, edit the inbound rules and add a custom tcp rule.
Under ports, put in '1 - 65536' and under source put in '0.0.0.0/0'. Please note, that what you have just done is open all ports on your instance to all incoming traffic from everywhere. You have just put down a welcome mat to the internet. I do not recommend doing this long term and it is extremely stupid. It worked for my proof of principle set up though and that is all I was aiming to do. I'll now be looking at ways to make it secure.
Thanks to everyone for their restraint in not mocking me for being a moron.
What method could I use to login to a Cisco or Juniper routers? I know I can use telnet to make a connection to the router itself but I am not aware of an API or anything that allows me to login non-interactively. So how could I do this?
Are there any libraries I can use to achieve this?
I have seen people use scripts that implement things like expect to know when to send the username and the password. But that is for shell scripting. How can I do this in java? I would prefer to keep strictly in java too.
The goal of this is allow a java program login into a router so I can query the router for interface states and execute commands on the router.
Any ideas?
You need to use some Java library for doing the same. http://www.pitman.co.za/projects/jssh/ is a good Java SSH client. http://commons.apache.org/proper/commons-net/ has a good telnet implementation
As far as extracting information, you should be able to do it by using SNMP to query the router. Pretty much everything is available over SNMP. Now, as far as command execution, there are SNMP set commands used to "write" information to a router, but you will need to look into that more carefully as I doubt the full command set can be replaced with SNMP set commands.
For Cisco, find out what the IOS image filename is for your device, then you can get the MIB file here: http://tools.cisco.com/Support/SNMP/do/MIBSupport.do?local=en&step=3. Review the MIB file and you will see what is available via SNMP for that device.
You should be able to do something similar for Juniper on their site.
Now, I don't know much about Java, but I do know that there are SNMP libraries available for it (like http://www.snmp4j.org/ ).
With that you will not need to worry about logging into the router, or about any interactive stuff.
Note that, in the case of Cisco, it's common to connect using a serial port on a PC directly into the service port on the router. This connection uses a programming protocol called IOS.
The easiest way to utilize this is with a programming language called expect. This name describes the language in that you expect to get a prompt from the port and then you respond. Sending that message (your response), you expect to get another response, to which you respond, ad completum - my term ;)
Note that this cable is proprietary to Cisco, I'm sure there are pin-outs available though.
Finally, it would be possible to emulate this program on java, via a serial port library.
How to do it using JAVA? I can find what port is used or not used by iteration through all ports
tcp = new Socket(remote_address, i); // i [0 - 65535]
tcp.setReuseAddress(true);
But how to find what application is using this port?
Its really hard to find this using java . You have to write a quite large codes checking various characteristics of ports for this . If u google about this , you can get more details regarding this . Actually some requests has to be send to the port . Now various applications running behind that port will respond with particular headers/banners/format which you will be using to check against various pre set conditions . But this is not a 100% accurate way .
Smart Net Admins can fake you by putting up decoys behind the port .
Instead ,you can use Nmap for this . Its a command line tool used in linux/windows/mac that can help you find quite a lot information about port.
You can't really determine this. Any application can send any stream of data over TCP, and for security reasons, this information is not exposed remotely. You can, however, probe the port with different messages and see what happens, allowing you to experimentally infer the application.
In addition, some services/protocols will have distinctive greetings, headers, and messages, and can even expose debugging information.
my apologies if this is a trivial question.
I've recently begun doing some android programming and I'm writing a simple app that allows you to use your android device as a controller for your windows PC. Specifically it allows the user to do things like turn off the machine, make it sleep, reboot it etc etc. I'm currently using a python library called CherryPy as a server on the windows machine to execute the actual win32api calls to perform the desired function. What i'm not sure about is how to discover (dynamically) which machine on the network is actually hosting the server. Everything is working fine if I hardcode my machines public IP into the android app, but obviously that is far less than ideal. I've considered having the user manually enter their machines public IP in the app, but if there's a way to, say, broadcast a quick message to all machines on the WiFi and check for a pre-canned response that my Python server would send out, that'd be wonderful. Is that possible?
Thanks in advance guys.
Try sending a UDP packet to the special broadcast address 255.255.255.255. Every device in the network should receive a copy of that packet (barring firewalls), and you can arrange to have the server reply to the packet with its identity.
Write your app using the alljoyn framework. AllJoyn will handle these details for you.