April 2015

how to get HTTP Payload


i have a pcap file say xyz.pcap which I captured from wireshark. I want to read HTTP Payload "ONLY" from pcap file via jnetpcap. How can I do this..? Please help.

Can I create a TCP packet by combining mulitple TCP packets together?

Hi All,

I am new to jnetpcap.

I have a pcap file. I want to combine multiple TCP packets (say, some 10 to 20 packets. I know the maximum size of a TCP packet is 64K bytes.) in the pcap file into one TCP packet and save it in another pcap file.

Is it possible to do this using jnetpcap?

Thank you very much!

BufferUnderflowException while decoding tcp header

Error: java.nio.BufferUnderflowException
at org.jnetpcap.nio.JBuffer.check(JBuffer.java:118)
at org.jnetpcap.nio.JBuffer.getUByte(JBuffer.java:372)
at org.jnetpcap.protocol.tcpip.Tcp.hlen(Tcp.java:1768)
at org.jnetpcap.protocol.tcpip.Tcp.decodeHeader(Tcp.java:1387)
at org.jnetpcap.packet.JHeader.decode(JHeader.java:518)
at org.jnetpcap.packet.JPacket.getHeaderByIndex(JPacket.java:996)
at org.jnetpcap.packet.JPacket.getHeader(JPacket.java:962)
at org.jnetpcap.packet.JPacket.hasHeader(JPacket.java:1220)
at hadoop.ZTEPacketParse.Tools.get_TCP1_infor(Tools.java:302)
at hadoop.ZTEPacketParse.packetParse$pcapngMapper.map(packetParse.java:102)
at hadoop.ZTEPacketParse.packetParse$pcapngMapper.map(packetParse.java:1)

above is the description.
JNetPcap version is 1.4, the latest!

my app works fine when there is one thread, but when there are more than one threads, my app reports errors just like above!

Slow Send Speed

I am able to send about 15kpps (thousand packets per second), and that uses up about 25 mb/s for what I am using it for. Changing the bandwidth has no effect on the pps unless I approach my 1gbps limit.

I am running JNetPcap 1.3.0 on Windows 8.1. My program only uses 5% of the CPU, leaves 12GB ram free, no noticeable disk I/O, and there is a 1gbps line.

The code I am using is very basic, taken from the example and ran in a loop. b in this case is a bytebuffer of a valid packet, and returns 0 each time.

int snaplen = 0;
int flags = Pcap.MODE_NON_BLOCKING;
int timeout = 0;
Pcap pcap = Pcap.openLive(device.getName(), snaplen, flags, timeout, errbuf);

for(int i=0; i<packetCount; i++) {

I have tried multi-threading, which had no effect on the pps. I noticed that the sendPacket method does return an integer after the packet has been sent, so the method itself might be blocking execution.

How can I read all the mac addresses from a captured pcap file

I have a pcap file.
I want to read all the mac addresses present in it.
How can I do that?

Thanks in advanced.