1
Is it possible to do a simple, port forwarding type capture on localhost (Windows) with WireShark?
I have been using the following Java code to do this:
package tapnet;
import java.net.*;
import java.io.*;
public class tapnet {
public static String getHexString(byte[] buffer, int buflen) {
StringBuffer sb = new StringBuffer();
for (int i=0; i < buflen; i++ ) {
String hexByte = "00" + Integer.toHexString(buffer[i]);
sb.append(hexByte.substring(hexByte.length()-2));
}
return sb.toString();
}
public static void forwardComms(Socket fromClient, Socket toServer) throws Exception {
byte[] buffer;
int buflen;
InputStream clientIn = fromClient.getInputStream();
InputStream serverIn = toServer.getInputStream();
OutputStream clientOut = fromClient.getOutputStream();
OutputStream serverOut = toServer.getOutputStream();
while (true) {
Long waitTime = 0L;
while ((clientIn.available() == 0) && (serverIn.available() == 0)) {
Thread.currentThread().sleep(1);
waitTime = waitTime + 1;
}
System.out.println("QUIET for "+waitTime+" ms");
if (clientIn.available() > 0) {
buflen = clientIn.available();
buffer = new byte[buflen];
clientIn.read(buffer,0,buflen);
System.out.println("CLIENT: "+getHexString(buffer,buflen));
serverOut.write(buffer,0,buflen);
}
if (serverIn.available() > 0) {
buflen = serverIn.available();
buffer = new byte[buflen];
serverIn.read(buffer,0,buflen);
System.out.println("SERVER: "+getHexString(buffer,buflen));
clientOut.write(buffer,0,buflen);
}
}
}
public static void main(String[] args) throws Exception {
if (args.length < 2) {
System.out.println("Usage: tapnet.tapnet <serverPort> <clientPort> [<serverHost>]");
System.exit(1);
}
int serverPort = Integer.valueOf(args[0]);
int clientPort = Integer.valueOf(args[1]);
String serverHost = "127.0.0.1";
if (args.length == 3) {
serverHost = args[2];
}
System.out.println(clientPort + " to " + serverHost + ":" + serverPort);
ServerSocket listenPort = new ServerSocket(clientPort);
while (true) {
Socket fromClient = listenPort.accept();
Socket toServer = new Socket(serverHost,serverPort);
forwardComms(fromClient,toServer);
}
}
}
However, I would prefer to use WireShark so I can use the filtering, etc.
How can I set up something similar in WireShark?
Miner_Glitch
Posted 2015-10-21T07:02:19.983
Reputation: 113
No, I want all packets forwarded - I don't want the traffic changed in any way. I just want to filter when I analyse the traffic. I will have a look at NetCat. – Miner_Glitch – 2015-10-21T23:50:41.850
"I don't think WireShark can do forwarding" It was not designed to do so, it does not use a mechanism that does so (it uses the mechanisms used by libpcap/WinPcap, which are designed to passively capture traffic), and it most definitely cannot do so. – None – 2015-10-22T00:37:56.580
@GuyHarris. I agree, just didn't want to be absolute since not 100% sure. As for libpcap wrappers, I am proposing it as an easy way to do DPI (not capturing). For example, using
– urban – 2015-10-22T07:35:41.630JMemoryPacketfrom http://sourceforge.net/projects/jnetpcap/ to do the decoding.