style="display:inline-block;width:728px;height:90px"
data-ad-client="ca-pub-7505528228218001"
data-ad-slot="1225241371">

October 2014

Problem reading properly the payload of a packet

When I find the payload of a packet using this code

if (packet.hasHeader(payload) && tcp.getPayloadLength() != 0 ) {
JBuffer buffer = packet.getHeader(new Payload());
System.out.println("data ======> " + buffer.toHexdump());
String buf = buffer.toString();
}

I get weird characters and not the clear message in order to read it properly.

What i get is in the attachment.

How can I solve it??

Thank you!

How to find the ip address of an interface/device and not the packet's dest source ip addresses

I want to find the ip address of an interface using jnetpcap. How can I find it ?

Is there a method in jnetpcap like this example to find the interface and not the packet ip address

Enumeration nets = NetworkInterface.getNetworkInterfaces();
for (NetworkInterface netint : Collections.list(nets))
displayInterfaceInformation(netint);

Thank u!!

Looking to get relative pcap timestamp, not arrival timestamp

Hi,

I'm new to JNetPcap. I have used it to reassemble some traffic for compliance purposes in the past, but now I am looking to use it for real time latency analysis for my trading network.

I know in wireshark, when I open a pcap , there is a hardware based timestamp from my Myricom SNF card, that is 0 indexed, not epoch indexed. I would like to access this timestamp from a JNetPcap, either a live or offline interface. Is this possible using JNetPcap, and where would this info be found?

System.out.println("UDP TIMESTAMP " + packet.getCaptureHeader().timestampInMicros());
Yields :

UDP TIMESTAMP 1414030087520274
UDP TIMESTAMP 1414030087520380

My pcap for the packets I am replaying indicates first packet marked at 0 and second packet marked at 8 usecs. Is wireshark using the same info and just 0 indexing it?

Regards,
Michael

Error while Pcap.openOffline(file, user)

Hi all,

I am trying to follow the classic example offline capture. While I am using Pcap.openOffline, there is always an error:"Error while opening device for capture: truncated dump file; tried to read 24 file header bytes, only got 0". Can anybody help me on it?

Thank you so much

Open pcap from InputStream

Hello,

Is there a way to open an offline Pcap from an InputStream and not from a local file?

In the documentation it say that you can use pcap_fopen_offline() to open Pcap from an open stream but I don't know how to use it.

Thanks.

Bandwith on a capture

I have made a capture program which captures packet from the wire and it works as it should be. Now I've tried to calculate the bandwith of the incomming packets, but I'm not sure if I am doing it correctly. in the dumphandler I made a variable to count the number of bytes captured. This is down with the folowing line of code: bcount = bcount + header.caplen(); (is this the right way to do it?) next to that I'm getting a timestamp before and after the loop starts and do some calculation on the bandwith:
 
        int x = Integer.parseInt(numberofPackets.getText());    
        long start = System.currentTimeMillis();
        bcount = 0;
        pcap.loop(x,dumpHandler, dumper); // Special native dumper call to loop 
        long end = System.currentTimeMillis();
       
       
        double bps =  (bcount /((end - start) / 1000))*8 ;
        double Kbps = (bps/1024);
        double Mbps = Kbps/1024;
        System.out.printf("Bps= %f\n",bps);
        System.out.printf("Kbps= %f\n",Kbps);
        System.out.printf("Mbps= %f\n",Mbps);
As far as my calculation goes. But here is the thing i was wondering. in a test example where I captre 10k packets it shows me a rate of 4,7Mbps but when i open the pcap file in wireshark and look at their stats they say that my rate is 4,2Mbits. the only thing I can understand is that with my calculation there is some overhead in timestamping in the pcap.loop function, but that doesn't explain why my calculated rate is HIGHER than the rate calculated by wireshark. how do I explain the >10% difference in these 2 rates? anyone anny idea on how wireshark calculates it. Or am I doing someting completely stupid in my calculation? thanks in advance, s0ulmaster

Filter expression for a word in Payload

Hi All,

I need to filter the payload for specific word. e.g if the payload has "Hello", packet should be dropped. what shall be the filter expression???

Need it urgently

Thank you

outofmemory issue while reading 13MB pcap file.

I am using jnetpcap1.3 version,when jnetpcap trying to read the pcap packets,it is throwig out of memory issue.

It is thowing error while reading 13MB file,please suggest how to resolve issue.

I am using netbeans 8.0 + ubuntu 14.04.

jvm version-1.7
Jnetpcap version 1.3
Ubuntu version -14.04
bit version -64 bit
uname -a:
Linux ep-3 3.13.0-35-generic #62-Ubuntu SMP Fri Aug 15 01:58:42 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

i tried to add jvm memory settings,but t dosn't impacted.

Could anyone suggest me how to resolve outofmemory issue in JnetPcap.

error throwing here..

offlinePackets.loop(-1, jpacketHandler, packetList);

help me if anyone fixed this kind of issue....

filename =snort.log, size =13MB

Thank you....

UnsatisfiedLinkError: com.slytechs.library.NativeLibrary.dlopen(Ljava/lang/String;)

Hello,

I'm trying to user the jnetpcap library in order to parse a PCAP file.
I'm using the Pcap.openOffline() function but i'm getting the following exception:

java.lang.UnsatisfiedLinkError: com.slytechs.library.NativeLibrary.dlopen(Ljava/lang/String;)J
java.lang.UnsatisfiedLinkError: com.slytechs.library.NativeLibrary.dlopen(Ljava/lang/String;)J
at com.slytechs.library.NativeLibrary.dlopen(Native Method)
at com.slytechs.library.NativeLibrary.(Unknown Source)
at com.slytechs.library.JNILibrary.(Unknown Source)
at com.slytechs.library.JNILibrary.loadLibrary(Unknown Source)
at com.slytechs.library.JNILibrary.register(Unknown Source)
at com.slytechs.library.JNILibrary.register(Unknown Source)
at com.slytechs.library.JNILibrary.register(Unknown Source)
at org.jnetpcap.Pcap.(Unknown Source)

I'm using NetBeans 7.4 on xbuntu 64bit, I followed the tutorial on how to setup on netbeans (http://jnetpcap.com/?q=netbeans) but still getting this exception.

Using version 1.4.r1425.

I think that the .so files are not loaded but i'm not sure (I did set the configuration with -Djava.library.path="/home/libs/jnetpcap-1.4.r1425"), can you please advise what should I do?

Thanks.