Packet sniffering by jpcap

Question

I am sniffering packets on ethernet (eth0) in java with the help of jpcap library... So, In my project I have a JpcapCaptor ...

    //Open an interface with openDevice(NetworkInterface intrface, int snaplen, boolean promics, int to_ms)
        JpcapCaptor captor=JpcapCaptor.openDevice(devices[index], 65535, false, 20);
        captor.setFilter("icmp", true);
        captor.loopPacket(-1, new PacketPrinter()); 

Then I have Packet printer which prints a body of sniffered packets ...

    public class PacketPrinter implements PacketReceiver {
@Override
public void receivePacket(Packet packet) {
    InputStream is = new ByteArrayInputStream(packet.data);
    try {
        String sstr = IOUtils.toString(is, "UTF-8");
        System.out.println("STRING " + sstr);
    } catch (IOException e1) {
        // TODO Auto-generated catch block
        e1.printStackTrace();
    }
       String ss;
    try {
        ss = new String(packet.data, "UTF-8");
        System.out.println("STRING " + ss);
    } catch (UnsupportedEncodingException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } 
} 

But there is a problem... packet.data is a byte[]... And console prints it as

    STRING W�xQ��       !"#$%&'()*+,-./01234567
    STRING W�xQ��       !"#$%&'()*+,-./01234567
    STRING W�xQ��       !"#$%&'()*+,-./01234567 

As I understand it is because of problem with encoding??? What is the solution to decide this problem?

Answer 1

As I understand it is because of problem with encoding?

That may be correct. It also may be that the stuff you are trying to turn into a String is not text at all. In fact, if that is a raw network packet that you have sniffed, it is pretty much guaranteed that some of the packet (the IP/ICMP packet headers) won't be text.

What is the solution to this problem?

The solution is to understand what it is you are trying to decode and whether or not it is appropriate to decode it as if it was encoded text. If not, you need to decode / display it differently ... depending on what the relevant RFC says about the packets you are trying to display.