How to implement ping like functionality using pcap4j library

Question

I want to implement basic network check functionality to test if the provided url is responding or not (eg. ping www.google.com).It must provide operational information indicating, for example, that a requested service is not available or that a host could not be reached. I am able to achive it using icmp4j library. But i want to achieve the same using pcap4j library. I want to put the url in text box and click on connect button which will call pcap4j api to check whether the host is responding or not.

Answer 1

You can create ICMPv4 Echo (ping) on Ethernet packets using the Builders of IcmpV4EchoPacket, IcmpV4CommonPacket, IpV4Packet, and EthernetPacket and send them by PcapHandle.sendPacket(). Please refer to org.pcap4j.sample.SendFragmentedEcho in pcap4j-sample project.

You will need to implement ARP to resolve IP addresses to MAC addresses like org.pcap4j.sample.SendArpRequest in pcap4j-sample project.

And you will also need to implement a feature to find the next hop (default gateway or so) from the given IP address somehow. Pcap4J doesn't provide API to support this implementation. (Java doesn't provide API to get routing table...)

You'd maybe better use java.net.InetAddress#isReachable() instead.

Answer 2

It took me more than a year to figure this out, as I wanted to make a traceroute with pcap4j, so here is what I did:

1. Get your IPv4 Address and Mac Address, this can be easily achieved by querying the PcapNetworkInterface
2. Get target IP Address, if you have a DNS Name you need to resolve it beforehand.
3. Get target Mac Address.
   1. Target is in the same subnet: send an ARP Request to resolve the mac (alternatively, a mac broadcast will likely work fine too).
   2. Target is in different subnet: you need to get the mac of your gateway server then, this is not as easy. Assuming you have other network traffic going on, you could listen for incoming packets and get the source mac, where the source IP address is from a different subnet, this is likely the mac address of your gateway server.
4. Create IcmpV4EchoPacket and sent it
5. Listen for incoming ICMP traffic, you will get one of these three:
   1. A IcmpV4EchoReplyPacket which is likely to be an answer to your request (check identifier and sequence number to be sure)
   2. A IcmpV4TimeExceededPacket if the target could not be reached with the time-to-live you specified
   3. Nothing, routers and pinged targets are free to ignore and not answer your request

Variables that need to be filled:

short IDENTIFIER; // identifer may be any 16 bit interger
short SEQUENCE; // sequence may be any 16 bit integer
byte TTL; // time to live (1-255)
Inet4Address IP_TARGET; // ip address of your ping target
Inet4Address IP_ORIGIN; // your own ip address
MacAddress MAC_TARGET; // target or gateway mac address
MacAddress MAC_SOURCE; // your own mac address
PcapNetworkInterface PCAP4J_NETWORK_INTERFACE; // network interface used to execute the ping

How to make a ICMP Echo Request Packet (as payload of IcmpV4CommonPacket of IpV4Packet of EthernetPacket):

    public Packet buildPacket() {
        IcmpV4EchoPacket.Builder icmpV4Echo = new IcmpV4EchoPacket.Builder()
                .identifier(IDENTIFIER) // optional, default zero
                .sequenceNumber(SEQUENCE); // optional, default zero
        IcmpV4CommonPacket.Builder icmpV4Common = new IcmpV4CommonPacket.Builder()
                .type(IcmpV4Type.ECHO) // type is echo
                .code(IcmpV4Code.NO_CODE) // echo request doesn't need this
                .payloadBuilder(icmpV4Echo)
                .correctChecksumAtBuild(true);
        IpV4Packet.Builder ipv4Builder = new IpV4Packet.Builder()
                .correctChecksumAtBuild(true)
                .correctLengthAtBuild(true)
                .dstAddr(IP_TARGET) // IPv4 Address where tp send the request
                .payloadBuilder(icmpV4Common)
                .protocol(IpNumber.ICMPV4) // payload is ICMPV4
                .srcAddr(IP_ORIGIN) // Your own IPv4 Address
                .tos(IpV4Rfc1349Tos.newInstance((byte) 0))
                .ttl(TTL) // time to live (1-255)
                .version(IpVersion.IPV4); // IP Version is IPv4
        EthernetPacket.Builder etherBuilder = new EthernetPacket.Builder()
                .dstAddr(MAC_TARGET) // the targets mac address
                .srcAddr(MAC_SOURCE) // your own mac address
                .type(EtherType.IPV4) // payload protocl is IPv4
                .payloadBuilder(ipv4Builder)
                .paddingAtBuild(true);
        return etherBuilder.build(); // build your packet
    }

Listener for ICMP Echo Answers or timeouts:

    public PacketListener buildListener() {
        return new PacketListener() {
            @Override
            public void gotPacket(Packet packet) {
                if (!(packet instanceof EthernetPacket))
                    return;
                EthernetPacket ethernetPacket = (EthernetPacket) packet;
                packet = ethernetPacket.getPayload();
                if (!(packet instanceof IpV4Packet))
                    return;
                IpV4Packet ipV4Packet = (IpV4Packet) packet;
                IpV4Header ipV4Header = ipV4Packet.getHeader();
                packet = ipV4Packet.getPayload();
                if (!(packet instanceof IcmpV4CommonPacket))
                    return;
                IcmpV4CommonPacket icmpPacket = (IcmpV4CommonPacket) packet;
                packet = icmpPacket.getPayload();
                // successful reply just measure time and done
                if (packet instanceof IcmpV4EchoReplyPacket) {
                    IcmpV4EchoReplyPacket icmpV4EchoReplyPacket = (IcmpV4EchoReplyPacket) packet;
                    IcmpV4EchoReplyHeader icmpV4EchoReplyHeader = icmpV4EchoReplyPacket.getHeader();
                    if (icmpV4EchoReplyHeader.getIdentifier() != identifier)
                        return;
                    if (icmpV4EchoReplyHeader.getSequenceNumber() != sequence)
                        return;
                    // here you got an echo reply
                    System.out.println(packet);
                    return;
                }
                // try handle time to live exceeded messages
                if (packet instanceof IcmpV4TimeExceededPacket) {
                    packet = packet.getPayload(); // original IPv4
                    if (!(packet instanceof IpV4Packet))
                        return;
                    packet = packet.getPayload(); // original ICMP common
                    if (!(packet instanceof IcmpV4CommonPacket))
                        return;
                    packet = packet.getPayload(); // original ICMP echo
                    if (!(packet instanceof IcmpV4EchoPacket))
                        return;
                    IcmpV4EchoHeader icmpV4EchoHeader = ((IcmpV4EchoPacket)packet).getHeader();
                    if (icmpV4EchoHeader.getIdentifier() != IDENTIFIER)
                        return;
                    if(icmpV4EchoHeader.getSequenceNumber() != SEQUENCE)
                        return;
                    // HERE you got an answer, that the time to live has been used up
                    System.out.println(packet);
                    return;
                }
            };
        }

Combining it togther:

    public static void main(String[] args) throws IOException, PcapNativeException, NotOpenException, InterruptedException {
        try (PcapHandle handle = PCAP4J_NETWORK_INTERFACE.openLive(1024, PromiscuousMode.PROMISCUOUS, 1000)) {
            // set filter to only get incoming ICMP traffic
            handle.setFilter("icmp and dst host " + Pcaps.toBpfString(IP_ORIGIN), BpfCompileMode.OPTIMIZE);
            // send ARP request
            Packet p = buildPacket();
            handle.sendPacket(p);
            // wait (forever) for ARP answer
            PacketListener listener = buildListener();
            handle.loop(-1, listener);
        }
    }