Native programing refers to writing programs or additions to jNetPcap library in native machine code of the underlying platform and architecture using a language such as C or C++. Although most of the user public API is implemented in java, a lot of functionality resides in native space. Native space means written in native machine code and accessible in java through Java Native Interface or JNI which is a standard API provided by java distributors such as Sun Microsystems.

jNetPcap library is made up of three feature layers:

1. A thin libpcap wrapper (written completely in native land). Thin meaning that there isn't much code between an individual libpcap library call and a java object through which the libpcap call is invoked. Basically the native wrapper just passes parameters and invokes native libpcap functions with minimal intervention.
2. A scanner and a detailed header dissector. The quick scanner (written mainly in native land with some extensions in java land) is responsible for just noting where each header in a packet starts and where it ends, and not very interested what is inside those headers. While the dissectors are used to parse each header completely, especially when some logic has to be applied such as when a header has optional fields or sub-headers.
3. Analyzer framework (mainly in java). This is a broad and large collection of classes that work with many packets and record protocol specific state. This is a complex area that provides services such as ip fragment and tcp stream reassembly, error analysis, timeouts, incorrect sequences, etc..

Each feature layer is typically dependent on result from the previous layer. In the end a higher level program written in java utilizes the output from these layers to perform application specific tasks.

All of the layers rely on some common concepts we must understand first before we can look deeper into how the API works. We start out with memory management under jNetPcap.