I actually uploaded clj-net-pcap version 1.7.1 quite some time ago. Unfortunately, I was very busy and couldn’t even write an announcement. In this post, I briefly announce the clj-net-pcap version 1.7.1 release.
I did the work on clj-net-pcap version 1.7.1 in preparation for the :clojureD conference. The most relevant changes for version 1.7.1 are:
- Use latest cli4clj version.
- Add stderr-forwarder-fn.
My motivation for these changes was to provide a better live demo of clj-net-pcap. With the latest cli4clj version, the interactive command line interface (CLI) offers more convenient functionality.
With the stderr-forwarder-fn, the output printed for each packet is printed to stderr instead of stdout. By redirecting stderr to a named pipe or file, it is now possible to use the interactive CLI without the CLI being flooded with the packet output. This, in my opinion, eases the use of clj-net-pcap for simple experiments or demonstrations a lot.
Below, a screenshot of a demo setup is shown. On the top left, the clj-net-pcap interactive CLI is shown. On the top right, another shell is shown that was used to generate traffic via the ping command. On the bottom, the output from the named pipe to which the stderr output was redirected is shown.
The following listing shows how the named pipe is created and the new stderr forwarder is used to redirect the packet capture output to it:
mkfifo stderr-pipe java -jar clj-net-pcap-1.7.1-standalone.jar -F stderr-forwarder-fn 2> stderr-pipe
The remainder of the example as shown in the screenshot above is simple to print what is written to the pipe via “cat” and to generate the traffic via “ping”.
I hope that this will be as useful for you as it was for me. Comments etc. are, as usual, highly appreciated. Thanks.
Thanks for your great work!
Can you give an example about how filter works, I tried commands like the following, but get NPE
java -jar target/clj-net-pcap-1.8.0-SNAPSHOT-standalone.jar -f “tcp.port == 8080”
java -jar target/clj-net-pcap-1.8.0-SNAPSHOT-standalone.jar -f http
Thanks a lot for your feedback.
I just quickly checked this.
Maybe you are confusing pcap fiters with Wireshark filters.
clj-net-pcap uses the pcap-filter syntax (See “man pcap-filter” for more information.).
Examples of filters you could use are:
java -jar clj-net-pcap-1.7.1-standalone.jar -f "tcp port 8080"
java -jar clj-net-pcap-1.7.1-standalone.jar -f "icmp"
I hope this helps you to go on.