jpcap 分支tcpdump抓包文件遇到的问题以及解决情况

实现功能：分析tcpdump抓包结果文件，获取出目的地址和源地址，查询ip的归属地

public static List<String> getpcapIp(String pcapFilePath) {
        List<String> dstIpList= new ArrayList<String>();
        List<String> sourceIpList= new ArrayList<String>();
        JSONObject lisJson = new JSONObject();
        try {
            // 打开pcap文件用于读取
            JpcapCaptor captor = JpcapCaptor.openFile(pcapFilePath);
            // 读取并处理数据包
            Packet packet;
            while ((packet = captor.getPacket()) != null && (null!=captor.getPacket()&&captor.getPacket().len>0)) {
//                System.out.println("packet instanceof IPPacket: " + (packet instanceof IPPacket));
                if (packet instanceof IPPacket ) {
                    IPPacket ipPacket = (IPPacket) packet;
                    String dstIp = ipPacket.dst_ip.getHostAddress();
                    String sourceIP = ipPacket.dst_ip.getHostAddress();
                    if (!dstIpList.contains(dstIp) && isValidIPV4ByValidator(dstIp)){
                        dstIpList.add(dstIp);
                    }
                    if (!sourceIP.contains(sourceIP) && isValidIPV4ByValidator(sourceIP)){
                        dstIpList.add(dstIp);
                    }
                   
                }
            }
            // 关闭pcap文件
            captor.close();
        } catch (Throwable e) {
            e.printStackTrace();
            Log.info(e.getMessage());
        }
        lisJson.put("sourceIP", sourceIpList);
        lisJson.put("dstIP", dstIpList);
        Log.info("distIpList.size: " + dstIpList.size());
//        Log.info("sourceIpList.size: " + sourceIpList.size());
        return dstIpList;
    }

遇到的问题：

1.用while ((packet = captor.getPacket()) != null）时，在windows64 本地编译和调试都没有问题，到cenots7上时一直在循环体不出来，死循环。

产生原因：当captor.getPacket().len=0时也满足(packet = captor.getPacket()) != null，所以导致一直在while循环体重循环

解决办法：加上条件(null!=captor.getPacket()&&captor.getPacket().len>0))进行过滤

2.在centos7跑的时候一直提示JVM crash，执行一段时间后报错如下：

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007fd2a312b603, pid=17034, tid=0x00007fd26f1f7700
#
# JRE version: Java(TM) SE Runtime Environment (8.0_181-b13) (build 1.8.0_181-b13)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (25.181-b13 mixed mode linux-amd64 compressed oops)
# Problematic frame:
# V  [libjvm.so+0x6f0603]  jni_GetStaticObjectField+0xc3
#
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp
#

---------------  T H R E A D  ---------------

Current thread (0x00007fd218018800):  JavaThread "http-nio-8070-exec-1" daemon [_thread_in_vm, id=17347, stack(0x00007fd26f0f7000,0x00007fd26f1f8000)]

siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0x0000000000000000

Registers:
RAX=0x00007fd2a3a06dfb, RBX=0x00007fd218018800, RCX=0x00007fd29c1cdfd0, RDX=0x00007fd218018ed8
RSP=0x00007fd26f1f4050, RBP=0x00007fd26f1f40b0, RSI=0x00007fd218018800, RDI=0x00007fd218018800
R8 =0x00007fd2a3a0b040, R9 =0x00007fd2a3a892cd, R10=0x732f746f7073746f, R11=0x0000000000000000
R12=0x0000000000000000, R13=0x00007fd26f1f4050, R14=0x00007fd2a3a0fe00, R15=0x00007fd2a3a0b040
RIP=0x00007fd2a312b603, EFLAGS=0x0000000000010246, CSGSFS=0x0000000000000033, ERR=0x0000000000000004

解决方法：jpcap.jar和libjpcap.so版本要一致，更新版本后就不报此类错误了，可能之前的版本有bug导致，如果下载一定要配套下载

原文地址：https://blog.csdn.net/tianshi1017/article/details/140386770

免责声明：本站文章内容转载自网络资源，如本站内容侵犯了原著者的合法权益，可联系本站删除。更多内容请关注自学内容网（zxcms.com）！