package com.yourcompany;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.SQLException;
public class DatabaseManager {
private static final String DB_URL = "jdbc:mysql://localhost:3306/cot";
private static final String USER = "root";
private static final String PASS = "root";
// Insert for non-XML payloads
public static void insert(String sourceIp, String destinationIp, int sourcePort, int destinationPort, String sequenceNumber, String acknowledgmentNumber, String flags, String payload, String pktDump) {
String insertSQL = "INSERT INTO cot_messages2 (source_ip, destination_ip, source_port, destination_port, sequence_number, acknowledgment_number, flags, payload, pkt_dump) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)";
try (Connection conn = DriverManager.getConnection(DB_URL, USER, PASS);
PreparedStatement pstmt = conn.prepareStatement(insertSQL)) {
pstmt.setString(1, sourceIp);
pstmt.setString(2, destinationIp);
pstmt.setInt(3, sourcePort);
pstmt.setInt(4, destinationPort);
pstmt.setString(5, sequenceNumber);
pstmt.setString(6, acknowledgmentNumber);
pstmt.setString(7, flags);
pstmt.setString(8, payload);
pstmt.setString(9, pktDump);
pstmt.executeUpdate();
System.out.println("Non-XML record inserted successfully");
} catch (SQLException e) {
e.printStackTrace();
}
}
// Insert for XML payloads
public static void insert2(
String eventUid, String eventDetail, String eventTime, String eventStart, String eventStale, String eventHow,
String pointLat, String pointLon, String pointHae, String pointCe, String pointLe, String detail,
String sourceIp, String sourcePort, String destinationIp, String destinationPort, String payload, String pktDump) {
String insertSQL = "INSERT INTO cot_messages (event_uid, event_detail, event_time, event_start, event_stale, event_how, " +
"point_lat, point_lon, point_hae, point_ce, point_le, detail, sourceAddress, sourcePort, destinationAddress, destinationPort, pkt_dump) " +
"VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
try (Connection conn = DriverManager.getConnection(DB_URL, USER, PASS);
PreparedStatement pstmt = conn.prepareStatement(insertSQL)) {
pstmt.setString(1, eventUid);
pstmt.setString(2, eventDetail);
pstmt.setString(3, eventTime);
pstmt.setString(4, eventStart);
pstmt.setString(5, eventStale);
pstmt.setString(6, eventHow);
pstmt.setString(7, pointLat);
pstmt.setString(8, pointLon);
pstmt.setString(9, pointHae);
pstmt.setString(10, pointCe);
pstmt.setString(11, pointLe);
pstmt.setString(12, detail);
pstmt.setString(13, sourceIp);
pstmt.setString(14, sourcePort);
pstmt.setString(15, destinationIp);
pstmt.setString(16, destinationPort);
pstmt.setString(17, pktDump);
pstmt.executeUpdate();
System.out.println("XML record inserted successfully");
} catch (SQLException e) {
e.printStackTrace();
}
}
}
package com.yourcompany;
import org.jnetpcap.Pcap;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.packet.PcapPacketHandler;
import org.jnetpcap.protocol.network.Ip4;
import org.jnetpcap.protocol.tcpip.Tcp;
import org.jnetpcap.packet.format.FormatUtils;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import java.io.ByteArrayInputStream;
public class ParseTcpPackets {
public static void parse(String filename) {
StringBuilder errbuf = new StringBuilder();
Pcap pcap = Pcap.openOffline(filename, errbuf);
if (pcap == null) {
System.err.printf("Error while opening file for capture: %s%n", errbuf.toString());
return;
}
PcapPacketHandler<String> packetHandler = new PcapPacketHandler<String>() {
Ip4 ip = new Ip4();
Tcp tcp = new Tcp();
public void nextPacket(PcapPacket packet, String user) {
if (packet.hasHeader(tcp) && packet.hasHeader(ip)) {
String sourceIp = FormatUtils.ip(ip.source());
String destinationIp = FormatUtils.ip(ip.destination());
int sourcePort = tcp.source();
int destinationPort = tcp.destination();
String sequenceNumber = String.valueOf(tcp.seq());
String acknowledgmentNumber = String.valueOf(tcp.ack());
String flags = String.format("0x%02x", tcp.flags());
byte[] payloadBytes = tcp.getPayload();
String payload = payloadBytes.length > 0 ? new String(payloadBytes) : "";
String pktDump = packet.toString(); // Capture the entire packet dump
// Debugging statement to print payload
System.out.println("Payload: " + payload);
// Check if pktDump contains "<?xml"
if (pktDump.contains("<?xml")) {
System.out.println("XML payload found. Inserting into cot_messages.");
insertXmlPayload(payload, sourceIp, String.valueOf(sourcePort), destinationIp, String.valueOf(destinationPort), pktDump);
} else {
System.out.println("Non-XML payload. Inserting into cot_messages2.");
DatabaseManager.insert(sourceIp, destinationIp, sourcePort, destinationPort, sequenceNumber, acknowledgmentNumber, flags, payload, pktDump);
}
}
}
};
pcap.loop(Pcap.LOOP_INFINITE, packetHandler, "jNetPcap rocks!");
pcap.close();
}
private static void insertXmlPayload(String payload, String sourceIp, String sourcePort, String destinationIp, String destinationPort, String pktDump) {
try {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
Document doc = builder.parse(new ByteArrayInputStream(payload.getBytes()));
// Extract fields from XML
Element event = (Element) doc.getElementsByTagName("event").item(0);
if (event == null) {
System.err.println("No event element found in XML payload.");
return;
}
String eventUid = event.getAttribute("uid");
String eventDetail = event.getAttribute("detail");
String eventTime = event.getAttribute("time");
String eventStart = event.getAttribute("start");
String eventStale = event.getAttribute("stale");
String eventHow = event.getAttribute("how");
Element point = (Element) event.getElementsByTagName("point").item(0);
String pointLat = point != null ? point.getAttribute("lat") : "";
String pointLon = point != null ? point.getAttribute("lon") : "";
String pointHae = point != null ? point.getAttribute("hae") : "";
String pointCe = point != null ? point.getAttribute("ce") : "";
String pointLe = point != null ? point.getAttribute("le") : "";
Element detail = (Element) event.getElementsByTagName("detail").item(0);
String detailText = detail != null ? detail.getTextContent() : "";
// Debugging statements to verify extracted fields
System.out.println("Event UID: " + eventUid);
System.out.println("Event Detail: " + eventDetail);
System.out.println("Event Time: " + eventTime);
System.out.println("Event Start: " + eventStart);
System.out.println("Event Stale: " + eventStale);
System.out.println("Event How: " + eventHow);
System.out.println("Point Lat: " + pointLat);
System.out.println("Point Lon: " + pointLon);
System.out.println("Point Hae: " + pointHae);
System.out.println("Point Ce: " + pointCe);
System.out.println("Point Le: " + pointLe);
System.out.println("Detail: " + detailText);
DatabaseManager.insert2(
eventUid, eventDetail, eventTime, eventStart, eventStale, eventHow,
pointLat, pointLon, pointHae, pointCe, pointLe, detailText,
sourceIp, sourcePort, destinationIp, destinationPort, payload, pktDump
);
} catch (Exception e) {
e.printStackTrace();
}
}
}
I wanna undersstand under the hood
New contributor
Bill W is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.