These are complex classes that fortunately most users will never have to touch. All the default protocol headers and scanners are already registered for core protocols provided with jNetPcap.
When a packet is first created, it is a blank packet. It contains references to the data buffer, but it doesn't know about which headers exist in the packet. The packet is first scanned using a low level native scanner that starts at the beginning of the packet buffer, reading and discovering which protocol headers it knows about and if they are found.
When a header is found, information about that header is recorded within a unique packet's state structure. This is a native structure and the
PcapPacket object is given a reference to it. No other information is actually copied into the packet itself. If the packet needs to look something up, it uses native JNI methods to retrieve that information directly from the native structures. This way structures can be simply passed around by reference both in java and native land.
JRegistry class maintains a database of all known protocol headers, java bindings and native and java header scanners. This information is automatically recorded whenever the registry is first accessed. This is a pure java class, that maintains the relationships between protocols.
There are only 3 circumstances that a user would actually have to access the data in this class.
JScanner class is used for decoding packets. That is, recording which headers, at what offset and how long those headers are in a packet state structure.
By default, a scanner is used to scan all incoming packets before they are dispatched to the user's
PcapPacketHandler callback method. It is however possible to rerun the packet scan manually. This may be needed if packet content has changed. For simplicity
JPacket.scan() method is provided that reruns the scan using the default scanner, but it is also possible to setup a different scanner manually.