Home ยป Monthly archive

May 2010

PDF Convert

Getting header information from existing Pcap file (offline)

by elisus | Thu, 05/20/2010 - 16:38

Hi,
I am new to jNetPcap and I am trying to read an existing Pcap file and do the following:

1) "Parse" the different protocol headers (IP, UDP, RTP) and extract the information to store it in another variable. I have seen the NextEx example and it has helped me with this. However, I still have some issues with the RTP header. Depending on the Pcap file I provide, the "packet.hasHeader(rtp)" will return false even if there really is an RTP header present. Any ideas of how I can fix this or bypass this error? The reason I need the RTP is because I want its payload (in fact I only want RTP packets from the Pcap file). If there's another way to get the payload from such a packet and store it as a string, that would be perfect for me.

2) I want to store the IP, UDP and RTP headers as a (hex) string in their original form. For example:
45b800c8660b00007e112d3ec00a58e7c00a62e7520c296800b443f98000497f000d32209b470000ffffffffff...

My problem is that the JHeader.toString() method gives this information with TOO MUCH detail. Is there a simpler method that I can use to only get the header as a simple string?

Thanks for your help

Simple and quick reading of ToS

by colinmadere | Wed, 05/12/2010 - 19:23

v1.2 (via Maven)

Looking at: http://jnetpcap.com/docs/javadoc/jnetpcap-javadoc/index.html

I'm a little confused about how I get the ToS from the header

when using the javadoc-mentioned Pcap.dispatch() method that takes a ByteBufferHandler (does not mention the other dispatch methods are thread-safe, so if another version would give me better return objects for this purpose that would be good to know).

The handler interface's returned PcapHeader doesn't seem to have an API for IP header values, though I see in one of the examples an annotation-based class that would provide such an API call (but this is a different header, that maybe I have to peer to the ByteBuffer returned), though don't see that class actually in the API. Wondering if I should be "peering" something to tease this value out... ?

All suggestions welcome.

Thanks.

64 bit support for Linux

by Dieter | Mon, 05/10/2010 - 09:22

Hi everyone,

I'm currently looking at jNetPcap (and jNetStream) for usage in a product of ours.

I'm running a amd64 Ubuntu (Lucid) with Java 1.6.

I wanted to ask two questions:
- Is there a ready-available 64 bit package hidden somewhere?
- If not: is there a clear, successful way of compiling the source on a 64 bit machine?

For the latter:
I've been trying to compile the 2.0 and the 1.3 branches, but have absolutely no luck.
The biggest error message that seems to pop up is
" : error: "not" cannot be used as a macro name as it is an operator in C++ "
I'm not sure what to make of that Smile

Any help is greatly appreciated.
Thanks in advance,

Dieter

Example of code to reassemle TCP packets to build a full http packet

by the dali | Fri, 05/07/2010 - 10:20

Hi,

I am using jnetpcap since few days and I have an issue to reassemble TCP packets to have a complete http packet. I tried to use TcpAssembly, TcpSequencer, and TcpAnalyser but no success.
I read many topics in this forum (like nodes 97, 219, 156, 519 ) but I didn't find a working example
Could someone help me to a working TCP packet assembly code ?

Thank you in advance

I am using jnetpcap 2.0b0001.1 on Windows

JStruct - C like structures

by Mark B. | Mon, 05/03/2010 - 10:30

I have been experimenting with something that I think may come in handy. A C like structures defined via annotation. There are other libraries that do this kind of thing such as NPL in http://jnetstream project and google code Protocol Buffers. The difference here is that no external language is required and all is accomplished with a single annotation. The classes look very much like C structures and their behavior and limitations are nearly identical.

The advantage of such as a structure in jnetpcap pcap, would be if someone wanted to copy the values of a particular header and load them into a class. More specifically load values of a binary structure into fields of a class. This should, at least in theory, improve performance with working with such as structure since the code is simply accessing class fields, vs. using native methods to read a single primitive value out of a buffer. There should especially be noticeable performance increase if a structure has to be access many times.

The copy of data into the class fields is accomplished using JNI calls only once, thereafter the structure values are access via java fields (not methods). Theoretically increasing performance as java is greatly optimized for accessing values from class fields.

Here is the struct annotation javadoc comment that contains examples of how this API can be used:

Java C like structure. The annotation allows class fields to designated to be
applied as a C structure in the order of elements defined. The
{@link #value()} property defines the order of the structure elements within
the structure.

The following C structure has corresponding java counter part:

struct Abc {
  int a;
  int b;
  int c;
};

public class Abc {
 public @struct(0) int a; 
 public @struct(1) int b;
 public @struct(2) int c;

H.323(Q.931, H.225, H.245)

by dfranusic | Mon, 05/03/2010 - 06:13

Hi everybody

I have been using JnetPcap for quite some time now and have been involved in writing protocol dissectors for various protocols. After spending the last month working only on H.323, I started realizing how complicated this thing really was, and I was amazed with the lack of Java support in this area.

I am planning to release this H.323 packet decoder which will function as a standalone components which can easily be used with the current JnetPcap architecture. Mark and I are also planning to make it compatible with the new JnetPcap's protocol dissection architecture. This decoder will be able to dissect Q.931, H.225 Call Signalling and H.245 protocols. I still have more work to do but the majority is already finished.

I am just curious whether anyone will actually benefit from this decoder, and if so, please share your thoughts with me.

Thank you,
Damir

Sending ARP packet, detecting network

by zidaane | Sat, 05/01/2010 - 17:30

The problem I'm working on involves detecting when the router is available.
For reasons I won't get into this is the only way to determine the link is really up
as it's between some mini-hubs that keep the local link up even though the router on the other side is gone. I was planning on ARP'ing the gateway.

So, I need an example of sending an ARP packet through the interface.