Carnivore library byte format is unfamiliar, little basic help please?

prismspecsprismspecs
edited October 2013 in Library Questions

Hey all,

Using this lib: http://r-s-g.org/carnivore/installation.html to do an art project involving sniffing network traffic. The problem is that println("Payload: " + p.data); spits out something like this: Payload: [B@ef4504 which looks like hex to me, but what's up with '[B@' ? Just a header for hex data or something?

Doing an unhex on that specific data

println(unhex("ef4504"));

spits out 15680772. So I'm guessing this is because data is an array, so all the data is being compressed into hex somehow. If I do data[index] then I get small manageable numbers that seem to be between -127 and 128, that sound about right?

Another issue is that by changing it to spit out a particular index of the array data, I get tons of errors.

at sketch_CP5_example1.packetEvent(sketch_CP5_example1.java:47)
    ... 6 more
java.lang.reflect.InvocationTargetException
    at sun.reflect.GeneratedMethodAccessor2.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.rsg.carnivore.CarnivoreP5.newCarnivorePacket(CarnivoreP5.java:90)
    at org.rsg.carnivore.Core.dispatch(Core.java:227)
    at org.rsg.carnivore.PacketCacheThread.run(PacketCacheThread.java:37)
Caused by: java.lang.ArrayIndexOutOfBoundsException: 1
    at sketch_CP5_example1.packetEvent(sketch_CP5_example1.java:47)
    ... 6 more

Any info about this would be greatly appreciated. I will open source this project in the hopes that what I learn here helps others.

Answers

  • prismspecsprismspecs

    Upon more consideration, I believe the most pressing question is: Why is Carnivore returning the bytes as signed? I'd like them to be 0-255 :(

  • GoToLoopGoToLoop
    edited October 2013

    In order for println() to know it's supposed to list a structure content, we gotta use that as its sole argument: (~~)

    print("Payload: ");
println(p.data);

    That spit hex value is the supposedly object's physical memory address (pointer reference)! 8-X

  • koogskoogs

    that's an address, the address of the object in memory and absolutely no use to anyone. the [ and B tells you it's probably a byte array.

    If I do data[index] then I get small manageable numbers that seem to be between -127 and 128, that sound about right?

    yep. that's the range for a byte.

  • koogskoogs
    edited October 2013

    actually, that page you link to tells you all this.

    "CarnivorePacket" Class members

    byte[] data The content of the packet as bytes.

    also there are 3 examples that look useful...

  • prismspecsprismspecs

    Yes, I am actively using the examples and came from that page, hence the link...

    According to what has been mentioned, moreover, that is wrong; it's not the content of the packet, but its address in memory?

    And there is a difference between a signed and unsigned byte, no?

    So if I invoke this: println(binary(p.data[i])); Is it binar-izing the memory address, or correctly returning the packet's content, bit by bit?

  • prismspecsprismspecs
    edited October 2013

    Code in full:

    import org.rsg.carnivore.*;
import org.rsg.lib.Log;

CarnivoreP5 c;

void setup() {
  size(600, 400);
  background(255);
  c = new CarnivoreP5(this); 
  //c.setVolumeLimit(4); //limit the output volume (optional)
  //c.setShouldSkipUDP(true); //tcp packets only (optional)
}

void draw() {
}

// Called each time a new packet arrives
void packetEvent(CarnivorePacket p) {
  for (int i = 0; i < p.data.length; i++) {
    //println("Payload: " + p.data[i]);
    println(binary(p.data[i]));
    //println("(" + p.strTransportProtocol + " packet) " + p.senderSocket() + " > " + p.receiverSocket());
  }
}
Sign In or Register to comment.