So I have used jNetPcap to sniff network packets in one of my projects.
My question is how do I extract DNS query and response from UDP packets?
jNetPcap is just a Java wrapper on libpcap
, if that helps.
I know to etract DNS packets I need to look at port 53
, is it the same for UDP?
I am using something like this currently and then processing the pcap packet:
Pcap pcap = Pcap.openLive(device.getName(), snaplen, flags, timeout, errbuf);
if (pcap == null) {
System.err.printf("Error while opening device for capture: " +
errbuf.toString());
return;
}
PcapBpfProgram program = new PcapBpfProgram();
String expression = "udp dst port 53";
int optimize = 0; // 0 = false
int netmask = 0xFFFFFF00; // 255.255.255.0
if (pcap.compile(program, expression, optimize, netmask) != Pcap.OK) {
System.err.println(pcap.getErr());
return;
}
if (pcap.setFilter(program) != Pcap.OK) {
System.err.println(pcap.getErr());
return;
}
System.out.println("Filter set !!! : " + expression);
// Receive packet from the loop
PcapPacketHandler<String> jpacketHandler = packet_handler();
Any other filter suggestions?
Thanks.