我正在尝试在 Java 中构建一个透明代理,该代理能够记录通过的数据,以便稍后在 Wireshark 中查看。
我能够使用此代码段使代理正常工作
private static final int BUFFER_SIZE = 8192;
...
public void run() {
PcapHandle handle = null;
PcapDumper dumper;
try {
InetAddress addr = InetAddress.getByName("localhost");
PcapNetworkInterface nif = Pcaps.getDevByAddress(addr);
int snapLen = 65536;
PcapNetworkInterface.PromiscuousMode mode = PcapNetworkInterface.PromiscuousMode.PROMISCUOUS;
int timeout = 10;
handle = nif.openLive(snapLen, mode, timeout);
dumper = handle.dumpOpen("cap.pcap");
byte[] buffer = new byte[BUFFER_SIZE];
try {
while (true) {
int bytesRead = mInputStream.read(buffer);
if (bytesRead == -1)
break; // End of stream is reached --> exit
mOutputStream.write(buffer, 0, bytesRead);
dumper.dumpRaw(Arrays.copyOfRange(buffer, 0, bytesRead));
mOutputStream.flush();
}
} catch (IOException e) {
// Read/write failed --> connection is broken
}
dumper.close();
} catch (PcapNativeException e) {
e.printStackTrace();
} catch (UnknownHostException e) {
e.printStackTrace();
} catch (NotOpenException e) {
e.printStackTrace();
}
}
正如您可能注意到的,我使用 Pcap4J 将原始字节存储到 pcap 文件中。字节的保存效果很好,但是当我尝试在wireshark上打开它时,它会显示以下消息:
每个数据包都显示为格式错误。理想情况下,我会看到 TCP 和 CQL (Cassandra) 数据包。
谁能告诉我我在这里做错了什么?