style="display:inline-block;width:728px;height:90px"
data-ad-client="ca-pub-7505528228218001"
data-ad-slot="1225241371">

January 2016

JNetPcap unable to parse RouterAlert correctly

Hi,

See: http://jnetpcap.com/sites/jnetpcap.com/files/Faulty.pcap

In both 1.4.0 Latest and 1.3.0 both with WinPcap 4.1.3 a println(packet) returns the following output + exception.

Wireshark is (correctly?) able to display this packet.

Is this a JNetPcap error, or is the PCAP wrong? How can we solve this?

Thanks Jos

Frame:
Frame: number = 0
Frame: timestamp = 2007-10-08 15:21:55.749
Frame: wire length = 66 bytes
Frame: captured length = 66 bytes
Frame:
Eth: ******* Ethernet - "Ethernet" - offset=0 (0x0) length=14 protocol suite=LAN
Eth:
Eth: destination = 00:11:22:33:44:55
Eth: .... ..0. .... .... = [0] LG bit
Eth: .... ...0 .... .... = [0] IG bit
Eth: source = 66:77:88:99:aa:bb
Eth: .... ..0. .... .... = [0] LG bit
Eth: .... ...0 .... .... = [0] IG bit
Eth: type = 0x800 (2048) [ip version 4]
Eth:
Ip: ******* Ip4 - "ip version 4" - offset=14 (0xE) length=24 protocol suite=NETWORK
Ip:
Ip: version = 4
Ip: hlen = 6 [6 * 4 = 24 bytes, Ip Options Present]
Ip: diffserv = 0x0 (Innocent
Ip: 0000 00.. = [0] code point: not set
Ip: .... ..0. = [0] ECN bit: not set
Ip: .... ...0 = [0] ECE bit: not set
Ip: length = 52
Ip: id = 0x2C23 (11299)
Ip: flags = 0x2 (2)
Ip: 0.. = [0] reserved
Ip: .1. = [1] DF: do not fragment: set
Ip: ..0 = [0] MF: more fragments: not set
Ip: offset = 0

[SOLVED] TCP/IP headers not properly parsed by JNetPcap 1.3

Hi,

I have a problem with offline capturing a particular pcap file with the stable version of jNetPcap in combination with the latest winpcap/packet dlls.

The following PCAP contains 1 packet: http://jnetpcap.com/sites/jnetpcap.com/files/t_0.pcap

With WireShark the TCP/IP headers parses correctly: http://jnetpcap.com/sites/jnetpcap.com/files/wireshark_0.jpg

However if I dump this pcap with jNetPcap I do not get the TCP and IP header, only Ethernet and Payload.

How to get everything?

This:

public void nextPacket(PcapPacket packet, String user) {
System.err.println(packet);
System.err.println("TCP "+packet.hasHeader(new Tcp()));

final JHeaderPool headers = new JHeaderPool();
final int count = packet.getHeaderCount();
for (int i = 0; i < count; i++) {
final int id = packet.getHeaderIdByIndex(i); // Numerical ID of the header
final JHeader header = headers.getHeader(id);
final String name = header.getName();
System.err.println("Found Header "+name);
}

Prints:

Frame:
Frame: number = 0
Frame: timestamp = 2007-10-08 15:21:55.749
Frame: wire length = 52 bytes
Frame: captured length = 52 bytes
Frame:
Eth: ******* Ethernet - "Ethernet" - offset=0 (0x0) length=14
Eth:
Eth: destination = 46:00:00:34:2c:23
Eth: .... ..0. .... .... = [0] LG bit
Eth: .... ...0 .... .... = [2] IG bit
Eth: source = 40:00:7f:06:3f:c6
Eth: .... ..0. .... .... = [0] LG bit
Eth: .... ...0 .... .... = [2] IG bit
Eth: type = 0xAC10 (44048)
Eth:
Data: ******* Payload offset=14 (0xE) length=38
Data:
000e: 02 0d cb 45 2a 23 94 04 57 50 06 c4 00 50 a5 5f ...E*#..WP...P._
001e: a8 4b 00 00 00 00 70 02 40 00 4a da 00 00 02 04 .K....p.@.J.....

decoding tags, values and keys from pcap file using java or jnetpcap

Hello everyone,

I am new for jnetpcap. I have newer version of wireshark 2.0.1,
I am trying to capture offline packet bytes string, and wireshark itself decodes pcap files like and display as follows
(I have only mentioned those values, keys and tags which I am looking for)
--
--
--
Form item: "Type_0_3" = "6"
Form item: "Value_0_3" = "National Instruments"
Form item: "Tag_0_4" = "1005000"
--
--
--
Form item: "Tag_0_5" = "1006000"
Form item: "Type_0_5" = "6"
Form item: "Value_0_5" = "cRIO-9074"
--
--
--
Form item: "Tag_0_28" = "1050000"
Form item: "Type_0_28" = "6"
Form item: "Value_0_28" = "NI Real-Time VxWorks-PPC603 6.3"

I have attached screen shot of it,

Can you please give me some hints, can jnetpcap decodes and displays the result like above, I have not seen any example

I will appreciate help and suggestion.

Performance -- Offline PCAP file reading

I want to know, if any performance test has been done for this API? And if yes, what are the results

I am looking for an API that can:
1. Parse 1 million packets per second
2. On each packet
a. Parse GTP-C, and GTP-U headers
b. Parse TCP headers
c. Parse WebSession (HTTP, HTTPs)

Want to know, if that is possible using this API or not?

Can we attempt parallel reads (Multi Threaded)? Any Limits?

Exception in thread "WinPcap version 4.1.1...

Hi there

I am using jNetPcap for decoding rtp packets. Whilst attempting to do so, I keep getting an exception error of the form:

Exception in thread "WinPcap version 4.1.1 (packet.dll version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b (20091008)" org.jnetpcap.packet.structure.AnnotatedMethodException: [Sdp.] java.lang.NullPointerException
at org.jnetpcap.packet.structure.AnnotatedHeaderLengthMethod.getHeaderLength(Unknown Source)
at org.jnetpcap.packet.JHeaderScanner.setAllLengths(Unknown Source)
at org.jnetpcap.packet.JHeaderScanner.scanHeader(Unknown Source)
at org.jnetpcap.Pcap.loop(Native Method)
at org.jnetpcap.Pcap.loop(Unknown Source)
at rtp_simple.rtp_extract$2.run(rtp_extract.java:139)
at org.jnetpcap.PcapTask$1.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
at org.jnetpcap.protocol.voip.Sdp.headerLength(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
... 8 more

I am using PcapPacketHandler when looping through the pcap:

this.result = pcap.loop(end - start, new PcapPacketHandler() {
int i = 0;
public void nextPacket(PcapPacket packet, Pcap pcap) {
if (i >= start) {
try {
barrier.exchange(packet);
} catch (InterruptedException e) {
throw new IllegalStateException(e);
}
}
i++;
}
}, pcap);

Does anyone have an idea what might be the issue?

Thanks Shiv

jnetpcap for ip and tcp reassembly

I am trying to reassemble packets sent from a tun interface on linux. The code in IpReassemblyExample.java looks like a good reference for me. For TCP packets do I need to do similar reassembly -could not find the source file. Also, are there any caveats when reassembling packets from tun interface ?