WebImage reassembly from HTTP packets

For those looking for more advanced capabilities. Here is an example, that using older jNetPcap release (1.3.b0001) is using TCP reassembly and HttpAnalyzer objects to reconstruct all images that are transmitted and captured via http protocol.

The example using a GUI application, part of the test source tree under tests/java1.5 directory, that displays all images found in a file full of http packets that were transmitting various images. All images span multiple TCP segments. They are seamlessly reassembled and passed over to my handler for processing. The handler creates an AWT image out of them and adds it to a SWING application.

The SWING application is very simple. It creates a single panel using BoxLayout and puts the list of images up on top of the window using regular swing List component. In the mid section of the panel it displays the image that is selected. Here is what it looks like:

And here is the entire application (minus the GUI stuff). You need the dev snapshot jnetpcap-1.3.b0001-milestone1 (downloadable from download section) to run this, incase you are wondering:

package org.jnetpcap.protocol.tcpip;

import java.awt.Image;

import org.jnetpcap.packet.JPacket;
import org.jnetpcap.packet.JRegistry;
import org.jnetpcap.packet.TestUtils;
import org.jnetpcap.packet.analysis.JController;
import org.jnetpcap.protocol.application.WebImage;
import org.jnetpcap.protocol.tcpip.Http.ContentType;
import org.jnetpcap.protocol.tcpip.Http.Request;
import org.jnetpcap.protocol.tcpip.Http.Response;

 * @author Mark Bednarczyk
 * @author Sly Technologies, Inc.
public class TestWebImage
    TestUtils {

	public static void main(String[] args) {
		new TestWebImage().test1();

	public void test1() {

		 * This is part of our SWING application. It takes a list of images and
		 * labels and puts them up in 2 different areas of a panel using BoxLayout.
		 * When you click on any item in the list, it changes the image.
		final ListOfPanels swingDisplay = new ListOfPanels();

		 * Now display our SWING application with images already in it. Remember
		 * these images were reconstructed from packets within the capture file.

		javax.swing.SwingUtilities.invokeLater(new Runnable() {
			public void run() {

		 * Step 1 - add our Http handler to HttpAnalyzer. Get HttpAnalyzer from
		 * registry, it should already be registered.
		HttpAnalyzer httpAnalyzer = JRegistry.getAnalyzer(HttpAnalyzer.class);
		httpAnalyzer.add(new HttpHandler() {
			private WebImage web = new WebImage();

			 * Step 2 - our handler routine.
			public void processHttp(Http http) {
				if (http.getMessageType() != Http.MessageType.RESPONSE) {

				JPacket packet = http.getPacket(); // Packet this http belongs to
				final long frame = packet.getFrameNumber();
				final String cmd = http.fieldValue(Request.RequestMethod);
				final String code = http.fieldValue(Response.ResponseCode);
				final String ct = http.fieldValue(Response.Content_Type);
				String cl = http.fieldValue(Response.Content_Length);
				final int payload = http.getPayloadLength();

				if ((code != null && code.equals("200") == false)) {
					return; // Skip error messages

				if (cl == null) {
					cl = Integer.toString(payload);

				 * Responses always have a content type, since we are looking for
				 * specific content that has been predefined, we can use enum constants.
				 * We're not interested in anything else, otherwise we'd have to use
				 * http.contentType() method which returns a string.
				ContentType type = http.contentTypeEnum();

				switch (type) {
					case GIF:
					case PNG:
					case JPEG:
						 * WebImage header has been integrated as a core protocol.
						WebImage image = packet.getHeader(web);
						Image img = image.getAWTImage();

						 * Now add image to our SWING application. Label it with content
						 * type for now.
						String label = "#" + frame + " " + ct + " " + cl + " bytes";
						swingDisplay.add(img, label);



		 * TestUtils.openLive is a short cut method used by many jUnit tests during
		 * testing, there others such as openOffline.