October 2015

Reassemble TCP packets with 1.4 r 1425

How can i reassemble TCP packets? All examples that i found currently outdated. Like with using HttpAnalyzer.
Thanks in advance!

Read ftp conversation between a server and a client

Hi Everyone,

I am new to jnetPcap and trying to get FTP conversation between server and a client. I would need to extract the ftp file content and put them in a file as a readable content. I have the wireshark capture of the ftp transaction.

It would be a great help,if someone can share a code snippet on getting the ftp message through jnetPcap and converting to readable format.

Thanks in advance.

Charanya Natarajan

From the inside out

I just love this hill song. It never fails to inspire me and always keep me in hand. Never in my life have I thought of it. - Green Water Technologies

Love myself

Let us not forget the fact that they actually started the fight themselves. I never want to make it a habit when it started out so simple. - Green Water Technologies

Love me like you

I realized that whatever I do, some people just can't provide the things you need because there is only one person who can give it to you. - Dennis Wong YOR Health

Stone cold

I have lost all cause of loving. I feel like my heart is stone cold. It doesn't even feel anymore. I am trying to be happy for you but I just can't. - Dennis Wong YOR Health

Create raw Arp packet


i want to know how to create a raw arp packet because i cant use a captured arp packet as template

i see this example to create a raw udp packet but i tryed to use the same method to create a arp and didnt work, i cant set the opcode of the arp packet.

Get Dhcp packet type

Hello im Hector

im ding a app to analyze dhcp trafic and i want to know the type of the dhcp packet
dhcp request,ack,offer,discover,etc

maybe someone can help me

i already have done this

if(packet.hasHeader(udp) && packet.hasHeader(ip4) && packet.hasHeader(eth)){

if(udp.source()==67 || udp.destination()==68 || udp.destination()==67 || udp.source()==68){//is dhcp

String macSource=SnifferParser.macToString(eth.source());
String macDestination=SnifferParser.macToString(eth.destination());
String ipSource=SnifferParser.ip4ToString(ip4.source());
String ipDestination=SnifferParser.ip4ToString(ip4.destination());



How to get hostname from HTTP response packet?

Hi all
I'm using JNETPCAP to parse offline pcap files,
If a packet has HTTP header I can easily understand whereas is a request or response

but the problem is, How can I get hostname when I'm parsing HTTP Repsnse packet?
can Http.Response.RequestUrl field help me?

thank in advance

OSX Yosemite JNetPcap Build

First time poster here, but I have had some email contact with Mark in the past.
Recently, I have been able to build the JNetPcap dylib for use on OSX Yosemite and Mavericks.
It allows my Java project to select the device to listen on and gather packets.

The problem I have occurs in packet_jsmall_scanner.cpp in the scan method.

If I set up a PcapPacketHandler my project crashes automatically with an error that looks like the following:

# A fatal error has been detected by the Java Runtime Environment:
# SIGSEGV (0xb) at pc=0x000000011ecff655, pid=21905, tid=22019
# JRE version: Java(TM) SE Runtime Environment (8.0_25-b17) (build 1.8.0_25-b17)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (25.25-b02 mixed mode bsd-amd64 compressed oops)
# Problematic frame:
# C [libjnetpcap.dylib+0x9655] scan(JNIEnv_*, _jobject*, _jobject*, scanner_t*, packet_state_t*, int, char*, int, unsigned int)+0x14f

So I changed it to utilize a JBufferHandler instead.

when using the JBufferHandler, I can see the header and data flowing across and even print the information to screen, It looks something like this:

buffer hexdump:
0000: 02 00 00 00 45 00 00 30 5b 5b 40 00 40 06 00 00 ....E..0[[@.@...
... many lines inbetween
0030: 04 02 00 00 ....

header hexdump:
0000: 31 08 0f 56 00 00 00 00 11 1b 03 00 46 e0 45 33 1..V........F.E3
... many lines inbetween
0110: c8 b7 e3 24 01 00 00 00 ...$....

The moment I add the following line of code:

It crashes with the same fatal error as above.

I know the problem is with scan.

This is what my nextPacket method looks like to start:
public void nextPacket(PcapHeader pcapHeader, JBuffer jBuffer, Object o) {
System.out.println("buffer hexdump: \n" + jBuffer.toHexdump());
System.out.println("header hexdump: \n" + pcapHeader.toHexdump());