June 2015

How to get website name from Packet?

Can anyone please help me to figure out how to get the website name from the packet?
some code snippet would be great.

Thanks in advance.

Get website name from Packet

I'm brand new to Jnetpcap. I've been trying to get the website name from the request/ response packet.
This is what I've tried:

        PcapPacketHandler<String> jpacketHandler = new PcapPacketHandler<String>() { 
        final Tcp tcp = new Tcp(); 
            final Http http = new Http(); 
            final Ip4 ip = new Ip4();
            public void nextPacket(PcapPacket packet, String user) {

            if (packet.hasHeader(http)) { 
                    final String content_length =     http.fieldValue(Response.Content_Length); 
                    final String response_code = http.fieldValue(Response.ResponseCode); 
            //Find if the given packet is a Request/Response Pkt : First get the TCP header  
                    Integer int_tcp_source = new Integer(tcp.source()); 
                    Integer int_tcp_destination = new Integer(tcp.destination()); 
                    if(int_tcp_source!=80 && content_length==null){ 
                        //It is a Request pkt :  
                        final String ref = http.fieldValue(Request.Referer); 
                        final String req_url = http.fieldValue(Request.RequestUrl); 
                        String page_url = http.fieldValue(Request.Host);  
                        System.out.printf("\n Referer  " +ref +req_url );//Get the URL 
                        System.out.printf("\nHost " +page_url);

But it doesn't even go inside the :

if (packet.hasHeader(http)) {

I'm using windows laptop and wireless connection.

if I try:

if (packet.hasHeader(ip)) {//Ip4

I can get into the if block and can retrieve the source and destination IP address.

How to change the flow key definition?


I working with jnetpcap in my research proyect I now I have a problem. I read in the javadoc of the JFlowkey definition that the flow key (the flows generation) is based on SRC/DST Ethernet address, SRC/DST IP, SRC/DST Port and Layer 4 protocol. The text that I read is the following:

"The criteria used for generating flow-keys is different for each packet based
on protocol headers present in the packet. As an example, a flow-key for a
Ethernet/Ip4/Tcp packet is generated based on source and destination ethernet
addresses, source and destination Ip4 address, the Ip4 protocol/type number
16 which signifies that next protocol is TCP and source and destination TCP
port numbers. The flow-key generated for this example is bidirectional,
meaning that packets belonging to the same TCP conversation in both
directions between System A and System B will have the exact same flow-key

I need to change the flow definition (the flow key heuristic) and I would like to consider only: SRC/DST IP address, SRC/DST PORT and L4 Protocol (TCP/UDP/ICMP) and I don't want to include the ethernet addresses. Is it possible? I was trying but I can't.

I would be very grateful for any possible help because I can't continue my proyect...

Thank you very much in advance.


New custom Header definition.

Hello I am trying to define a custom header. I am trying to define it for FTP. I have defined the class and registered it to jregistry also.But While capturing packet i am not able to capture FTP packets. Name of my custom header is CustomFTP. Here is the JRegistry.toDebugString() output.If any one can suggest something it would be great.

scanner[0 ] class=Payload id= 0, loaded=false direct=true , scan=false bindings=0 []
scanner[1 ] class=Ethernet id= 1, loaded=false direct=true , scan=false bindings=0 []
scanner[2 ] class=Ip4 id= 2, loaded=false direct=true , scan=false bindings=1 [CustomFTP]
scanner[3 ] class=Ip6 id= 3, loaded=false direct=true , scan=false bindings=0 []
scanner[4 ] class=Tcp id= 4, loaded=false direct=true , scan=false bindings=0 []
scanner[5 ] class=Udp id= 5, loaded=false direct=true , scan=false bindings=0 []
scanner[6 ] class=IEEE802dot3 id= 6, loaded=false direct=true , scan=false bindings=0 []
scanner[7 ] class=IEEE802dot2 id= 7, loaded=false direct=true , scan=false bindings=0 []
scanner[8 ] class=IEEESnap id= 8, loaded=false direct=true , scan=false bindings=0 []
scanner[9 ] class=IEEE802dot1q id= 9, loaded=false direct=true , scan=false bindings=0 []
scanner[10] class=L2TP id=10, loaded=false direct=true , scan=false bindings=0 []
scanner[11] class=PPP id=11, loaded=false direct=true , scan=false bindings=0 []
scanner[12] class=Icmp id=12, loaded=false direct=true , scan=false bindings=0 []
scanner[13] class=Http id=13, loaded=false direct=true , scan=false bindings=4 [WebImage,Html,Html,WebImage]
scanner[14] class=Html id=14, loaded=false direct=true , scan=false bindings=0 []
scanner[15] class=WebImage id=15, loaded=true direct=false, scan=false bindings=0 []
scanner[16] class=Arp id=16, loaded=false direct=true , scan=false bindings=0 []

Creating a new Custom Header

Hello ,

I have created a custom FTP header and registered it successfully to Jregistry. But while capturing packet this custom header shows offset -1 and length -1. So i am not able to detect ftp packets in live capture. If some one can help on this it would be great.

how to read this part of pcap

Hi all
First sorry for my English I am frensh Sad
So I'm using Jnetpcap to read a pcap file , and i want just to know how to read this part of pcap :

59 79 59 79 00 d5 42 d4 2b 8e 23 68 00 03 00 f4 YyYy..B.+.#h....
0d 83 67 d1 00 08 34 96 00 00 00 03 01 00 01 01 ..g...4.........
00 00 00 e4 02 10 00 d9 00 00 04 12 00 00 21 28 ..............!(
03 02 00 07 09 81 03 0e 19 0b 52 08 00 11 04 23 ..........R....#
84 06 00 70 03 0b 12 06 00 11 04 23 84 06 00 00 ...p.......#....
01 ab 65 81 a8 48 04 8e 00 01 c5 49 04 28 00 00 ..e..H.....I.(..

Thank you for your help

Native Libraries and Platform Dependent Issues


I have a project in which I am using jNetPcap to read packets from a .pcap file.
This project is running fine in eclipse and windows x64 with a batch file script that I created.

Now, my job is to package this project and distribute it through linux and other platforms.

However, when I tried to run the same project in linux, I get an unsatisfiedlink error on jnetpcap.
I tried to bundle the jnetpcap.so file with the program, but I get the same error.

As mentioned previously, it works fine on windows x64 with the jnetpcap.dll x64. Also on windows x32 with the jnetpcap.dll x32 version.

However it doesn't seem to work with the linux x64 with the jnetpcap.so x64 version.

Basically, what I am looking for is a platform independent solution.

I have looked into other pcap file readers such as sjpcap, but they don't offer the resources to read files that jnetpcap offers.

It would really help me out with your suggestions on this matter.

Thank you.