Package net.i2p.client.streaming.impl

Class PcapWriter

  • All Implemented Interfaces:
    Closeable, Flushable, AutoCloseable
    public class PcapWriter
extends Object
implements Closeable, Flushable
    Write a standard pcap file with a "TCP" packet that can be analyzed with standard tools such as wireshark. The source and dest "IP" and "port" are fake but are generated from the hashes of the Destinations and stream ID's, so they will be consistent. The local "IP" will always be of the form 127.0.x.y Initial IP for a conn will be 127.0.0.0 for the local and 0.0.0.0 for the remote. Reference: http://wiki.wireshark.org/Development/LibpcapFileFormat The Jpcap library http://netresearch.ics.uci.edu/kfujii/jpcap/doc/ was close to what I want, but it requires you to instantiate a "captor" before you can write a file, and it requires a native lib to do so, and even then, it only wants to read the file, not write it. We even calculate a correct TCP header checksum to keep the tools happy. We don't, however, convert I2P-style sequence numbers, which count packets, to TCP-style byte counts. We don't track a lowest-acked-thru byte count atm, really. We do represent the window size in bytes though, so that's real confusing. This is designed to debug the streaming lib, but there are not log calls for every single packet - pings and pongs, and various odd cases where received packets are dropped, are not logged. Yes we could dump it natively and write a wireshark dissector. That sounds hard. And we wouldn't get the TCP stream analysis built into the tools.
    Since:
    0.9.4