3.1.1 - Working with packets

As a networking concept, a packet is a collection of headers that are stacked one on top of the previous header in a contiguous buffer. The buffer is usually transmitted serially one byte or bit at a time.

In jNetPcap, a packet is exactly the same thing. Its a raw data buffer that has been delivered by the network interface in the system captured the sequence of octets, that make up the packet.

If we look at a PcapPacket class hierarchy, notice that a low level, a PcapPacket is just a raw buffer, a JBuffer object. You can use JBuffer methods to read any byte, integer or sub-buffer at any offset within the buffer to retrieve the raw data. JBuffer's always point to the start of the packet data, at offset 0. Their size is exactly the number of bytes that was captured. This is a little hard since you yourself need to know they structure of the buffer.

JMemory
 +-> JBuffer
     +-> JPacket
         +->PcapPacket

If a packet has been captured using libpcap, you will get PcapPacket objects, even if the API delivers them to you as a JPacket class. But what if you wanted to create a custom packet yourself?

You can use JMemoryPacket class. This class has the same super classes as PcapPacket class, but you won't be able to retrieve libpcap specific properties that you can from a PcapPacket. This makes sense, since we are creating our own packet. The class hierachy is identical of JMemoryPacket and PcapPacket.

JMemory
 +-> JBuffer
     +-> JPacket
         +->JMemoryPacket