September 2015

Decrypting SSH packets from a pcap file

I am quite new to jNetPcap.I have a pcap file which contains few SSH-encrypted packets. I have a private key and a public key file. I am supposed to get the decrypted payload of these packets. Is there any way to do that? Thanks.

Decrypt SSL packets


I have a .pcap file with HTTPS encrypted packets and the .pem private key. From Wireshark GUI, I am able to decrypt the packets by passing the private key and ssl key information. But requirement is to decrypt the .pcap file outside the wireshark ( which means not from wireshark GUI ).
Is there a way to decrypt the ssl packets and get payloads through jNetPcap?

Note: I am able to get Payloads of http and facing issue only with HTTPS, as they are encrypted

Please share some code snippet on how to do this or share some link for the same.


Charanya Natarajan

jNetPcap v2 - Implementation

As to implementation of jNetPcap v2 API and library here are my thoughts. This is all up for discussion, so please comment.

Of course, as they say, "the devil is in the details", it is very true.

Technologies to utilize

Here are some technologies that I believe we could benefit from. These are chosen to be have least amount of development and runtime depencies.

Gradle for builds

Gradle is the latest and most configurable build system, supplanting 'maven'.

Simple and designed for multi-modular builds. Available as extensions and great support for all of the major IDEs including eclipse.

CCNI for JNI implementation

Sly Techs has a new compiler developed for JNI. This is called CCNI and provides super easy integration of native and java code.

Over the years JNA has also been suggested as it is widely supported on various platforms. However, I personally do not like JNA because code overhead, too generic and too many encapsulations even of simple things as well as it has runtime requirements.

CCNI is easier to follow as it follows the same style as jsni from Google/GWT toolkit but for C and C++ languages. It is easy to integrate into builds. The CCNI compiler is pure java and thus able to run on any platforms as long as it can generate the target code (OS specific). There are no runtime prerequisites, it still generates a static or shared library with all of the user code included.

Here is a quick "HelloWorld" example of code written using CCNI:

public class HelloWorld {

	public native static String createString()
		jstring strObj = (*env)->NewStringUTF(env, "Hello World!");
		return strObj;

	public static void main(String[] args) {
		String str = HelloWorld.createString();

Code Trivia: Enforcing Java Singletons is Very Hard

Here is my response to an article posted by Per-Ake Minborg on Javalobby:

Article link: Enforcing Java Singletons is Very Hard

Decrypt HTTPS Traffic payload

Hi Everyone,

I am new to jnetPcap and trying to capture HTTPS packet and decrypt its payload. Not sure how to do the same
Searched for some code snippets but couldn't find one.

It would be helpful if someone share me the code snippet or give me hint on how to capture https packet and decrypt its payload, as i am stuck with this for days. Sad

PS:I am able to get payload for HTTP request and facing issues with HTTPS.
Found this post on https decoding "". But no code snippet

Thanks in advance.

Charanya Natarajan

Edit : Changed Subject line and i am able to capture the Https payload in encypted format. Unable to decrypt it.
PS: I have the Private key (.pem file)

802.1x and jnetpcap

I want to use jnetpcap to implement EAP AKA auth

anybody know how to work?

Heusistic Java Scanner for DRDA

Great product, thanks. I'm trying to use it to write a protocol decoder for DRDA. (A Distributed database client / server protocol.) Since I can't use Port Numbers as a reliable indicator of DRDA, I believe I need a heurustic approach. I have read your post about this work, but as far as I can see, enabling heutistic checking for a given binding only works in C++ land.

What is the correct way to do this in Java?


Grab non-enumerated http headers.

Trying to extract x-forwarded-for, via and any other x-headers from http packets.
When I bounce through my test proxy and I do a straight dump of the http information it isn't present. After about 5 pages of google foo, I haven't came up with much.

PcapPacketHandler<String> jpacketHandler = new PcapPacketHandler<String>() {

    Http http = new Http();
    Tcp tcp = new Tcp();

    public void nextPacket(PcapPacket packet, String user) {

    if (packet.hasHeader(tcp) && packet.hasHeader(http)) {

        if (tcp.destination() == 80) {

            System.out.printf("http header::%s%n", http);



http header::
Http:  ******* Http offset=66 (0x42) length=535 protocol suite=TCP/IP
Http:    RequestMethod = GET
Http:       RequestUrl = /path/images/logo.png
Http:   RequestVersion = HTTP/1.1
Http: IF-MODIFIED-SINCE = Wed, 26 Aug 2015 15:45:50 GMT
Http:             HOST = x.x.x.x
Http:       USER-AGENT = Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20140610 Firefox/24.0 PaleMoon/24.6.2
Http:           ACCEPT = image/png,image/*;q=0.8,*/*;q=0.5
Http:  ACCEPT-LANGUAGE = en-US,en;q=0.5
Http:  ACCEPT-ENCODING = gzip, deflate
Http:          REFERER = http://x.x.x.x/path/login.php
           COOKIE = PHPSESSID=xxxxxxxxxxxxxxx
Http:    IF-NONE-MATCH = "4ad94-1063-xxxxx"
Http:    CACHE-CONTROL = max-age=0
Http:       CONNECTION = keep-alive


X-Forwarded-For is present: (tcpdump from other test server side)
Cookie: _ga=xxxxxxxxxx;._gat=x..X-Forwarded-For:.x.x.x.x..Cache-Control:.max-age=259200..Connection:.keep-alive..

jnetpcap 1.3.0,

What is the purpose of the "user" field in the nextPacket() method?

What is the intention of the 'user' field in:

public void nextPacket(PcapPacket packet, T user);

Thanks in advance for your help. Great product.

OutOfMemoryError with JnetPcap 1.4.0


I am trying to run the following snippet on a 95MB trace, and i Keep getting outofMemoryError . I am using the latest JnetPcap jar version.

JFlowMap superFlowMap = new JFlowMap();

System.out.println("Gathering Flows...");
pcap.loop(Pcap.LOOP_INFINITE, superFlowMap, null);


Error is :

Exception in thread "main" java.lang.OutOfMemoryError:
at org.jnetpcap.nio.JMemory.allocate0(Native Method)
at org.jnetpcap.nio.JMemory.allocate(Unknown Source)
at org.jnetpcap.nio.JMemory.(Unknown Source)
at org.jnetpcap.nio.JMemoryPool$Block.(Unknown Source)
at org.jnetpcap.nio.JMemoryPool.newBlock(Unknown Source)
at org.jnetpcap.nio.JMemoryPool.getBlock(Unknown Source)
at org.jnetpcap.nio.JMemoryPool.allocate(Unknown Source)
at org.jnetpcap.packet.JPacket.allocate(Unknown Source)
at org.jnetpcap.packet.JPacket.getMemoryBuffer(Unknown Source)
at org.jnetpcap.packet.PcapPacket.transferStateAndDataTo(Unknown Source)
at org.jnetpcap.packet.PcapPacket.(Unknown Source)
at org.jnetpcap.packet.JFlowMap.nextPacket(Unknown Source)
at org.jnetpcap.Pcap.loop(Native Method)
at org.jnetpcap.Pcap.loop(Unknown Source)
at Main.main(

Can anyone please help me in resolving this issue.