Build jnetpcap-1.3.b0003 available

Development build jnetpcap-1.3.b0003 is available for download. This is the latest snapshot of the main development trunk. It looks stable on all the platforms tested.

Key updates:

  • Sip, Sdp, Rtp, Arp, Rip, SLL protocols are all now CORE protocols.
  • Protocol heuristics (bindings are guessed based on evaluation of raw header data for matches against protocols.)
  • Low level header-state-structure has been expanded to take into account a header prefix, the header itself, a gap between header and payload, payload length and a postfix.
  • Packet truncation is now also applied at low level to scanner and appropriate packet and header specific flags are set to indicate packet fragments and/or truncated packets.
  • Checksum calculation class and package is provided. Checksum validation is supported through a new interface JHeaderChecksum which is implemented by Ip4, Tcp, Udp, Icmp headers.
  • a number of bug fixes in protocols and analyzers.

You can download the build package for MsWindows, Linux and Debian from file release system:

org.jnetpcap.util.checksum package

I SVN checked in the above package. This package is responsible for calculating various types of checksum and CRCs. Also appropriate Tcp, Udp, Ip4, Ip6 and Icmp headers received new methods calculateChecksum and dynamic description method checksumDescription which compares the claculated checksum with the computed one and displays "correct" or "incorrect" next to the checksum field in each of the above protocols. Both Tcp and Udp over Ip4 and Ip6 are supported with pseudo headers.

Truncated packet support

I've updated the scanner to keep track packets that have been truncated. Until now, headers assumed certain header properties based on the current length of the buffer, which might have been truncated during capture by pcap (i.e. by using snaplen parameter during capture). Although this approach worked OK most of the time, it did not work all the time when dealing with a truncated packet.

I have enhanced the scanner to keep track of both buffer length and original packet wire length, where wire length (wirelen) is the length of the packet during transmission. The scanner keps track of 3 packet length properties: buffer-length, memory-length, wire-length.

Update to header structure

I have updated how the header structure is represented in jnetpcap. Currently the header was simply described in native structures in 2 properties: offset and length. The offset is the offset into the overall packet buffer where the header starts and length property stored how many bytes long the header is. So offset + length pointed at the first byte past the header.

Website forum and iPhone support

I have updated the website forum with new and more forum like look and feel. This should make it easier for most of us to actually move around in there.

Also the website is now completely iPhone friendly. So please feel free to check it out. Hopefully I will be able to make it blackberry friendly as well, but for now iPhone looks real good. No zooming in required and all the unnecessary fluff you don't want on the small screen is gone.

What do our customers have to say?

Dimentrix recommends jnetpcap as the Java library of choice when reading packets off the network. We have used this library extensively in our flagship "sqlShark" ( and it has performed admirably. Even under tremendous load, the memory usage was low and response time high. We are also very satisfied with the support given to us by Sly Technologies. Their engineers were prompt in resolving any issues, proficient in network programming and level of commitment was at par with any ISO certified organization.

Vikram Roopchand
Dimentrix, Inc.

Posted by wkunes — 2012-04-24
Nice and Easy to use.
Posted by Ian — 2012-03-27
jnetpcap works perfectly, thanks
Posted by DimitrisK
Great, it's interesting.