I am looking for HTTPS packet capturing code in java . But i am getting procedure for HTTP. As per our requirement we need HTTPS packet capturing code. Can anybody give me the link for that or would tell me where can I find it?.
jNetPcap might be what you're looking for: it is a java wrapper around the native libpcap library that sarnold mentions. From the basic capture example provided, it seems that it would be fairly straightforward to write a PcapPacketHandler to time the arrival of packets on an HTTPS stream.
It will, however, add native dependencies to your project, which will complicate packaging up your software.
I would suggest starting with libpcap (or its sibling, winpcap on Windows), and then interpreting the saved captures; the libpcap team has done a fantastic job making a very reliable and fast mechanism to interface with the kernel's raw sockets support to run as efficiently as possible. (The Linux kernel provides a BPF-like interface for specifying which packets to offload to userspace; see Documentation/networking/filter.txt for Linux details.)
Related
I am working in a desktop application, where application is deployed in both windows and mac platforms. As part of the application, it should communicate with native layer. Currently the communication between native layer and Java layer is done using sockets. Recently some one in the team suggested to use zeroMQ. Can any one of you guys please clarify my doubts.
How zeroMQ better than sockets
Is it possible to install zeroMQ library as part the Desktop client installation
I gone through the link 'https://github.com/zeromq/clrzmq4', it given libraries specific to amd64 and i386 processor family. Do I need to build it separately from the source code for different processors?
Do I still require .dll files to use zeroMQ in Java?
Do I require Visual studio to build zeroMQ libraries in windows (Since my native layer written in C#, my C# application communicate with zeroMQ socket socket written java)?
How zeroMQ better than sockets
http://zeromq.org/topics:omq-is-just-sockets
Is it possible to install zeroMQ library as part the Desktop client installation?
Yes, you need to build the libraries depends on the processor and embed them in your application.
Do I need to build it separately from the source code for different processors?
Yes, you need to build the libraries from source. zeroMQ is processor centric.
Do I still require .dll files to use zeroMQ in Java?
Yes, Following link may help you
Exception in thread "main" java.lang.UnsatisfiedLinkError: ... \jzmq.dll: Can't find dependent libraries
Do I require Visual studio to build zeroMQ libraries in windows?
Yes
This link may help you to get basic examples.
Regarding ZeroMQ in a desktop application on Windows talking to another process on the same machine, bear in mind that zmq_ipc is not supported (see zmq_ipc(7)). Or at least, that's the last I heard. This is because it's fundamentally impossible to implement anything like quite like select() or epoll() for named pipes in Windows. Just use zmq_tcp instead.
The same basic problem plagued the development of the select() implementation in Cygwin and its derivatives. They got round the problem by starting a thread for every non-socket file descriptor (i.e. named pipes, serial ports, etc) being selected, with each thread polling the HANDLE for whether any data had arrived (or whatever events were being set in select()). Not very efficient. Yeurk.
Proactor vs Reactor
Windows is proactor (which can do only proactor), everything else (*nix, VxWorks) is reactor (which can also be used to implement a proactor). The development of the boost.asio library for C++ was influenced by this, and is a proactor design as a result so that it could be run on Windows. RabbitMQ is proactor too.
ZeroMQ with zmq_poll() is reactor.
Proactor - you pro-actively start up an asynchronous routine to handle whatever turns up in the future.
Reactor - you react to the arrival of whatever has turned up by starting a synchronous call to whatever routine you wish to handle it knowing that it will complete very quickly because the data is already there.
The difference is key. In a proactor design, once you have started up that asynchronous routine to read a message, you cannot (easily) stop it or change it until it has done its thing. That is very annoying if you change your mind, for example as a result of reading some message from somewhere else.
Small caveat - Windows does support select() for network sockets (thus reactor programming is possible with network sockets, but only network sockets), and is the only reason why ZMQ is supported to any extent whatsoever on Windows.
Mixing ZMQ with Desktop Application Event Callbacks
Anyway, proactor means that Windows and C# fundamentally expects everything to be served by callbacks. This basically means you won't be using the zmq_poll() call to tell you if new messages have arrived if you also have callbacks handling GUI events. Instead you'd most likely be making asynchronous calls to zmq_revcmsg(). Trying to mix zmq_poll() in with callbacks is asking for trouble (you'd be blending proactor and reactor).
Message Formats
ZeroMQ and sockets both transfer bytes (as discrete messages with ZeroMQ, as a byte stream with sockets). One still has the challenge of deciding what the bytes mean to applications.
I can recommend using something like Google Protocol Buffers to serialise messages for transport by ZeroMQ. It's available for both C# and Java, but it doesn't demarcate message boundaries. Fortunately, ZeroMQ does. [Using GPB over a socket stream can be painful, you have to demarcate the message boundaries oneself]. So you can serialise a message to a buffer, hand the buffer over to ZeroMQ as a message, the recipient receives the message and knows for absolute certain that there is one single solitary GPB within. If you like you can use GPB's "oneof" to smuggle arbitrary message types across, which can be very liberating. You can accomplish the same with other serialisation technologies too of course, my personal favourite being ASN.1.
I'd like to somehow get control over active sockets on my computer with java/scala. For example, if a program has stablished a tcp connection, i want to be able to retrieve and listen/write onto this socket.
So, the first question is: is that possible?
And the second: how?
You can do this by writing a custom Socket factory. This is fairly complicated and I don't suggest you do this unless you are trying a to hack a program you have no control over (again a very bad idea)
Instead I suggest you monitor your own usage. When you read/write from a Socket you also keep any information you need. i.e Its your program so change it to do what you need.
I found a java wrapper of lipcap http://jnetpcap.com/ that let me do the sort of things i was after. From the web:
jNetPcap is an open-source java library. It contains:
A Java wrapper for nearly all libpcap library native calls
Decodes captured packets in real-time
Provides a large library of network protocols (core protocols)
Users can easily add their own protocol definitions using java SDK
jNetPcap uses a mixture of native and java implementation for optimum packet decoding performance
I am planning on implementing a NIDS (Net Intrusion Detection System) in the Java programming language.
After searching, I found two libraries for this.
1) Jpcap
2) jNetPcap
Which one should I use and why?
Which is more preferable to use?
It appears development has stopped on Jpcap. Their last release was 2007. In contrast, jNetPcap has had very recent releases. The underlying libpcap C library that they both wrap has continued to evolve, so I would go with jNetPcap for that reason.
On the other hand, libpcap is a fairly simple API. If you are comfortable with C, then you may gain performance advantages by using the library directly instead of going through a Java wrapper. Something to consider, anyway.
One simple idea I've had for network intrusion was to listen for messages on the braodcast IP address. New comers to the network may likely need an IP address from the DHCP server. If this is so, then they will have to send out a broadcast that a DHCP server will respond to . You could write a program that sits on client A and displays popups whenever it hears something on the broadcast address.
If it's still an issue, use .NET version jnetpcap. I built a NIDS for a master's term project and I tried to use Java and get jpcap and similar working but it was near impossible. So I went for the most viable option c# and it worked alot easier, even thought I didn't know it then.
Also use ikvm since you will need to use weka.jar from .NET as well.
I need to transfer files fast over the Internet from a Java server to C++ clients, where often many clients would need the same files. I was looking at say transferTo() in Java which sounds like it would be a decently optimized function to send files. However, I'm not sure when I use transferTo() how to best receive that in C++ (i.e. is it just a raw data transfer, how do I determine when the file is over on the client side, etc.). I need this to work on both Windows and Linux. Also, other than transferTo(), would there be some way to be more efficient, especially by taking advantage of the fact that many clients will usually need the same files? I'm not sure how to do say multicast etc. Also, I'm using application-level security rather than a VPN, and on the Java server, encrypting with AES and using MAC digital signing, so I'm also looking for a cross-platform library recommendation to deal with the crypto on the C++ side with minimal pain.
I'm very proficient in C++ but have no previous experience with network programming, so please consider than in any suggestions.
Thanks.
An embedded webserver? http-transfers are efficient enough for you?
The simplest embeddable Java webserver I remember seeing is http://acme.com/java/software/Acme.Serve.Serve.html. We use embedded Jetty 6 in production at work, but that takes more elbow grease.
If your clients doesn't know where to find your webserver in the first place, consider announcing using Zeroconf. http://jmdns.sourceforge.net/
For scalability reasons, Thorbjørns suggestion of using http seems like a very good idea as it would allow you to easily set up http proxies for caching, use standard load balancing tools and so forth.
If you are looking to transfer more than just a blob of data, you might want to have a look at googles protocol buffers. They allow for very easy and fast encoding/decoding on the java and c++ end.
Consider chunking the file and sending via UDP datagram. C++ can re-compile as it receives it. Have you considered implementing/embedding an existing P2P protocol implementation?
If you need effecient transfer to many clients then your bottleneck is the server.
For this please look at the bit-torrent protocol as it distributes the transfer between the clients.
I want to know the exact amount of data which is getting transferred through a particular network interface for logging purpose, is there any standard library or api call from which I can do this in a cross platfrom way?
This seems to do what you'd like. At least, I think it will point you in the right direction:
http://jnetpcap.com/
edit: While not strictly cross-platform, libpcap has libraries for all major platforms so I wouldn't consider that a show-stopper, but I'm not the one that needs it.
jNetPcap uses Sigar in some of its unit tests. Sigar advertizes itself as a "portable interface for gathering system information" including network interface detection, configuration info and metrics. Take a look at its NetInterfaceStat class.
Note that Sigar also relies on platform specific JNIs, i.e. Rob H's remark still applies.
SNMP4J will let you read the interface mib of any SNMP-compliant device. Linux and OSX (probably) have an SNMP daemon already running; Windows has an SNMP service that you can install though Programs and Features in Control Panel.