I am using an application called Splunk, which has 2 layers of data processing on separate systems. I can connect to both systems via putty and directly logging into the GUI.
Archiecture of the system attached
I want to monitor the output port on layer 1, and input port on layer 2 and find out the below information,
i. Raw data sent out of layer 1
ii. Raw data received into layer 2.
The two layers communicate using tcp.
I do not want to use an existing packet monitors/packet capture like tcpdump or winshark as I want to heavily customize the monitor to display various information. I want to write my own packet monitor in java
I want to know,
If layer 2 is listening to layer 1, can my program connect to the same port and print the raw text being sent? - the protocol is TCP
Is (1) possible for other protocols like udp, http and ftp?
(EDIT: Architecture attached
Info on the systems in case it is relevant,
system 1 is VMWare(Linux Ubuntu 4.4.10) running on a Windows machine.
System 2 is mac os.
Both systems have different IP addresses. I am connecting to both systems from the windows machine where vmware is running.
The two systems connect to the same wifi.
)
There are some packet capture libraries written in Java, jpcap, jNetPcap, and Pcap4J.
Both #1 and #2 are possible by these libraries, I think.
If you would pick Pcap4J I can help you. It's my library.
Related
Has anybody successfully interfaced Medical Lab devices like Cell Counters /ABG instruments to mirth connect using ASTM 1381-02 or similar protocols over serial port. I am working on a small project. I need the data transmitted by the machine in ASTM format to a text file/ to a database and I cannot afford to pay $30000 for mirth commercial support. I need a low cost or open source solution.
I was expecting MLLP listener to be off use but it seems to work with TCP and I have to make it work purely on serial communication.
Secondly
I tried writing ASTM serial data receiver in Java. But control characters such as ACK, STX, ETX, ETB, and other delimiters are not visible in terminals be it in Win 7 cmd or Netbeans/Eclipse console. Making me helpless in parsing the data.
Any help will in right direction be deeply appreciated.
If you are under Linux environment you may use COM port redirector to a given TCP port and use Mirth's TCP Listener to intercept that flow.
E.g., to pipe the serial port through netcat:
netcat ipaddress port < /dev/ttyS0
Or using socat:
socat pty,link=/dev/virtualcom0,raw tcp:ipaddress:port&
(check for correct parameters)
I recognize 2 problems:
First, is it possible to raise an ftp service on the windows PC? if so, you only need to create a file reader addressed to ftp to capture the txt with the ASTM.
Second, to determine the characters of start and end of message I recommend you read the information of the provider, if you do not have it available, I suggest you use notepad ++ to see the hidden features. I hope you help.
Just FYI there is a commercial extension available that provides ASTM E1381 support: https://www.nextgen.com/products-and-services/integration-engine?extension=astm-transmission
We are working on a Android project with the below requirements.
The application should be able to send data to all the devices which are running our application which exists in the WiFi LAN.
Some payloads are expected to be of size >= 5MB.
The data shouldn't be lost and if lost the client should know the failure.
All the devices should be able to communicate with all other. There will be no message targeted to a specific device instead all the messages should be reached all the devices in the N/W.
No internet hence no remote server.
Study we have done:-
UDP Broadcasting - UDP doesn't guarantee the message delivery but this is a prime requirement in our case. Hence not an option.
TCP - TCP guarantees the message delivery but requires the receiver IP address to be known before hand and in our case we need to send the message to all the devices inside the LAN. Hence not a straight option.
Solutions we are looking into:-
A Hybrid approach - Name one of the devices in the N/W as Server. Post all the messages to a local Server. The Server keeps a open socket to all the devices(which have our application) & when there is a message from a device then it routes the message to all the devices. The disadvantages of this approach are,
Server having multiple sockets open each per device. But in our case we are expecting devices <=5 in LAN.
Server discovery using continuous UDP broadcast.
We want to have all the data in all the devices. So if we newly introduce any device into the LAN then that device needs to get all the data from the server.
So my question, have you any time worked on these kind of hybrid approaches? Or can you suggest any other approaches?
Your hybrid approach is the way to go.
Cleanly split your problem into parts and solve them independently:
Discovery: Devices need to be able to discover the server, if there is any.
Select server: Decide which of your devices assumes the server role.
Server implementation: The server distributes all data to all devices and sends notifications as necessary. Push or pull with notifications does not matter.
Client implementation: Clients only talk to the server. The device which contains the server should also contain a normal client, potentially passing data to the server directly, but using the same abstract protocol.
You could use mDNS (aka Bonjour or zeroconf) for the discovery, but I would not even recommend that. It often createsmore problems than it solves, and it does not solve your 'I need one server' problem. I would suggest you handcraft a simple UDP broadcast protocol for the discovery, which already tells you who the server is, if there is any.
Select server: One approach is to use network meta data which you have anyway, for example 'use the device with the highest IP address'. This often works better than fancy arbitration algorithms. Once you established a server new devices would use this, rather than switching the server role.
Use UDP broadcast for the discovery, with manual heuristic repeats. No fancy logic, just make your protocol resilient against repeated packets and repeat your packets. (Your WLAN router may repeat your packets without your knowledge anyway.)
You may want to use two TCP connections per client, potentially to two different server ports, but that does not matter much: One control connection (always very responsive, no big amounts of data, just a few hundred bytes per message) and one data connection (for the bulk of the data, your > 5 MB chunks). This is so that everything stays responsive.
I wrote a game that has client-server architecture. A server first runs at port 12345. Two clients connect to port 12345 and they start exchanging messages.
I want to see what client sends to server and vice versa for testing purposes, without depending on my software. How can I see them?
Using Java on Ubuntu 14
You can use a network sniffer, for example on of these two:
tcpdump http://www.rationallyparanoid.com/articles/tcpdump.html
Wireshark https://www.youtube.com/watch?v=0DBZiKpbHO0
You can use sniffers like Wireshark.
my task is to receive UDP packets on an Google Compute Engine. Given is the port, which is 300 and I already have a simple Java program which can handle these UDP packets.
My problem now. Get the UDP packets to my Java program.
For that I don't know how to do this.
What I have tried so far ist to let the Java program direct listen to the port, which didn't work. I suspect the traffic from outside the GCE must be routed to the inside?
First make sure you've added a firewall rule on your GCE VM instance's network which allows incoming traffic for UDP protocol on port 300.
You can do this by going to the Developers Console, select your project, then Compute-> Compute Engine-> Networks, click on the right network and verify firewall rules (and tags as well if you used them). If the rule is not added, then add a rule for the traffic.
"gcloud" is a command-line tool which you can use it to list and verify your firewall rules as well [1]:
$ gcloud compute firewall-rules list
If the firewall rules are good, then use a simple troubleshooting tool like netcat to test if traffic is being forwarded to your VM instance.
1. Listing Google Compute Engine firewall rules
I recommend not using Java to process UDP. I experienced inexplicable short periods where all UDP traffic arriving was being lost. This was caused by garbage collection.
The architecture that works for me is to use a GCE VM with a C++ app receiving UDP data, then using libCURL, convert the data to HTTP and dispatch it to Google App Engine for processing. To make the UDP receiver scalable and tolerant, use network balancing and multiple VMs listening for UDP.
My issue is a protocol that identifies terminals by it's sending IP. I want to manage the connections of several terminals to this server using some kind of proxy that implements that protocol.
So I have Terminal A which is identified by the server by the IP 1.2.3.4 and Terminal B which is identified by the server using the IP 5.6.7.8. Now the proxy will be in a local network with Terminal A and B.
When Terminal A wants to reach the server, it will query the proxy and the proxy needs to send the request on behalf of Terminal A using IP 1.2.3.4 to the server
When Terminal B wants to reach the server, it will query the proxy and the proxy needs to send the request on behalf of Terminal A using IP 5.6.7.8 to the server
Is it even possible to solve that issue in Java or do I have to do network voodoo on the router to achieve this?
Edit: to make things clear. I know what a network proxy is and what a router does. I also know how to solve my problem on a network level using advanced network voodoo if required. What I want to know is if my guess that the problem can't be solved using Java is correct. So the bottom line question is: can I use Java to send traffic using a specific network interface to which a specific IP has been assigned or do I have to rely on what the operating system does to route my traffic (in which case the advanced network voodoo would be required)?
Edit2: If routing of network traffic can be done in java, I'd just like a quick pointer where to look into. My own googling didn't return any useful results.
1) You already have some implementations for tcp tunelling with java. Below are some examples:
http://jtcpfwd.sourceforge.net/
http://sourceforge.net/projects/jttt/
2) Even with these existing implementations, you can still do you own by forwarding packets arriving in the proxy using java.net.Socket.
3) I still think that a better option would be a specific implementation using java.lang.Runtime.exec() and socat linux command. socat is just like the Netcat but with security and chrooting support and works over various protocols and through a files, pipes, devices, TCP sockets, Unix sockets, a client for SOCKS4, proxy CONNECT, or SSL etc. To redirect all port 80 conenctions to ip 202.54.1.5:
$ socat TCP-LISTEN:80,fork TCP:202.54.1.5:80