Bug#2981951 - intermittent crashes in scanner

Found a new bug#2981951 - Intermittent crashes in scanner. The problem is in the native protocol implementation of the scan functions. There is a combination of validate_* and scan_* functions called on various protocols. I found 2 problems:

1) http and sip scanners would rely on tcp header residing within the packet.

2) some headers did not check buffer boundary properly and would cause VM crashes, especially for mal-formed or truncated packets.

Dev 2.0.b0001 released

Latest snapshot of the development trunk has been released as jnetpcap-2.0.b0001. This is a development release which contains analysis and all the latest features.

This release fixes and contains the same features and bug fixes as official jnetpcap-1.3.a1 release.

The development build can be downloaded from here:

Official release 1.3.a1 (alpha1) is released

The official release jnetpcap-1.3.a1 is released. This release freezes new feature development. Only bug and documentation fixes will be allowed on this release branch.

This is the recommended release for environments not looking for very latest features and which require code stability in production environments.

Release 1.3 contains the following features:

  1. All the libpcap wrapper API
  2. Header decoder (the quick native scanner)
  3. Existing core protocols (Ethernet, 802.3, Ip4, Tcp, Icmp, etc..)
  4. Native checksum generation and verification for various protocol CRC fields
  5. No changes to existing native memory model.
  6. Flow-key generation

Nearing official 1.3 stable release

I am working toward the official 1.3 stable release. Just wanted to update everyone ahead of time what will be part of this release and what the changes are in the SVN repository.

The release jnetpcap-1.3.a1 (a1 == alpha 1) contains all of the features found so far with the exception of the "analysis". All analyzers, reassemblers, sequencers, analysis events and the getAnalysis methods have been removed from the API in 1.3 release. This feature is still present in the main development trunk and is designated to be released after 1.3 into one of the jnetpcap-2.X releases sometime Q1 of next year. Not exactly sure if this will be in 2.0 or later since there are other features such as native-dissector, that need to be included before full analysis support can be officially provided. Analysis feature will continue to be released with more frequent development builds.

1.6 - Using in Eclipse projects

jNetPcap is a java project that comes with a required native shared library. The requirement of a native library typically adds confusion and presents difficulty for many as to how properly setup a project in eclipse to reference jNetPcap library correctly.

There are several ways that jNetPcap can be added to your existing java project in Eclipse IDE. Let me briefly outline them here and then lets go through the detailed steps of actually creating a proper build path so your project will compile with jNetPcap.

What do our customers have to say?

Dimentrix recommends jnetpcap as the Java library of choice when reading packets off the network. We have used this library extensively in our flagship "sqlShark" ( and it has performed admirably. Even under tremendous load, the memory usage was low and response time high. We are also very satisfied with the support given to us by Sly Technologies. Their engineers were prompt in resolving any issues, proficient in network programming and level of commitment was at par with any ISO certified organization.

Vikram Roopchand
Dimentrix, Inc.

Posted by wkunes — 2012-04-24
Nice and Easy to use.
Posted by Ian — 2012-03-27
jnetpcap works perfectly, thanks
Posted by DimitrisK
Great, it's interesting.