June 2014

Empty payload?


I'm currently using tcpflow to get the network payload on a specific port. I want to move that to a java application.
Using JNetCap I tried the following code:

public void nextPacket(PcapHeader header, ByteBuffer buffer, PrintStream user) {
PcapPacket packet = new PcapPacket(header, buffer);

Ip4 ip = new Ip4(); // This should be a field, its reusable

if (packet.hasHeader(ip)) { // Acquired ip header and checked at the same time
int payload = ip.getOffset() + ip.size();

for (int i = payload; i < packet.size(); i++) {
// print out all bytes, but only from data, not from headers
System.out.print(packet.getUByte(Sleepy + " ");

if (packet.getHeader(new Payload()) != null)
System.out.println(packet.getHeader(new Payload()).toHexdump());

I never get anything on the header section nor on the payload section. getHeader(new Payload) always returns null. But I know there is some data in the network because I can see it using command line apps. Also, a code like this:

byte[] array = jbuffer.getByteArray(0, size);

for (int i = 0; i < size; i++) {
user.print((array[i] & 0xFF) + " ");

gives me a lot of data including the source IP, dest IP, etc.

What's wrong with my code? Is it the way I instanciate the PcapPacket? I know the port and the source IP of what I want to get. I have added that to the filter. I don't need the headers, just want to payload. Any simpler way to get it?



Compile error with exmaple code

I try compiling classic exmaple and packet sender. I end up getting the same error with both of them. The error that I get from compiler is "Exception in thread "main" java.lang.Error: Unresolved compilation problem".

Dns protocol header

Hi, i'm trying to write header definition for Dns. I'm following user guide and explanation provided there. I wanted to write something minimal, i.e. instead of implementing all @Fields that DNS have, implement only one. For example code looks like:

public class Dns extends JHeader {

try {
} catch (Exception e) {

@Field(offset=0, length=12*8)
public byte[] id(){
return super.getByteArray(0, 12);


But, it looks like Dns header isn't recognized when i try to do offline pcap parsing that has DNS packets inside.

Do i need to provide full blown DNS implementation or this example should work?

More information, i also add @Bind to UDP like this(at least this is what i understand i need to do looking at examples):

public static boolean bindToUdp(JPacket packet, Udp udp){
return true;//just to make as simple as possible

JRegistry.toDebugString() print the following(which i guess means that protocol is registered fine):
scanner[5 ] class=Udp id= 5, loaded=false direct=true , scan=false bindings=1 [Dns]
scanner[64] class=Dns id=64, loaded=true direct=false, scan=false bindings=0 [] //do i need to have [Udp]? I think i saw in example of MyHeader something like that.

When i reach the DNS packet in the handler
packet.getState().toDebugString() prints the following:

JMemory: JMemory@437706class org.jnetpcap.packet.JPacket$State: size=304 bytes
JMemory: owner=PcapHeader.class(size=16/offset=86)
JPacket.State#002: sizeof(packet_state_t)=184
JPacket.State#002: sizeof(header_t)=40 and *3=120
JPacket.State#002: pkt_header_map[0]=0x0000000000000026
JPacket.State#002: pkt_header_map[1]=0x0000000000000000
JPacket.State#002: pkt_header_map[2]=0x0000000000000000

How to use PF_RING with jNetPcap?

Is there any guide lines to use jnetpcap together with PF_RING?

I searched and found following 2 threads:
Both of them were updated several years ago. I assume that there should've some updates on integrate jnetpcap and PF_RING to support bigger throughput.

How do I find out the kind of hardware that communicating with the network?

I am starting my experience with JnetPcap and need to create a network scanner. Until then, all right. However, I need to select packages from mobile devices, dropping packets that come from a Desktop.

How do I find out the kind of hardware that communicating with the network?

I appreciate the help.