Libpcap wrapper

How to get hostname from HTTP response packet?

OutOfMemoryError with JnetPcap 1.4.0


I am trying to run the following snippet on a 95MB trace, and i Keep getting outofMemoryError . I am using the latest JnetPcap jar version.

JFlowMap superFlowMap = new JFlowMap();

System.out.println("Gathering Flows...");
pcap.loop(Pcap.LOOP_INFINITE, superFlowMap, null);


Error is :

Exception in thread "main" java.lang.OutOfMemoryError:
at org.jnetpcap.nio.JMemory.allocate0(Native Method)
at org.jnetpcap.nio.JMemory.allocate(Unknown Source)
at org.jnetpcap.nio.JMemory.(Unknown Source)
at org.jnetpcap.nio.JMemoryPool$Block.(Unknown Source)
at org.jnetpcap.nio.JMemoryPool.newBlock(Unknown Source)
at org.jnetpcap.nio.JMemoryPool.getBlock(Unknown Source)
at org.jnetpcap.nio.JMemoryPool.allocate(Unknown Source)
at org.jnetpcap.packet.JPacket.allocate(Unknown Source)
at org.jnetpcap.packet.JPacket.getMemoryBuffer(Unknown Source)
at org.jnetpcap.packet.PcapPacket.transferStateAndDataTo(Unknown Source)
at org.jnetpcap.packet.PcapPacket.(Unknown Source)
at org.jnetpcap.packet.JFlowMap.nextPacket(Unknown Source)
at org.jnetpcap.Pcap.loop(Native Method)
at org.jnetpcap.Pcap.loop(Unknown Source)
at Main.main(

Can anyone please help me in resolving this issue.


Get DNS query

Hi all,
I need to extract DNS query and response from UDP packets,
Does Anyone know how can I do this?
Maybe this is an old topic but I didn't found details.

Thanks in advance

Can I create a TCP packet by combining mulitple TCP packets together?

Hi All,

I am new to jnetpcap.

I have a pcap file. I want to combine multiple TCP packets (say, some 10 to 20 packets. I know the maximum size of a TCP packet is 64K bytes.) in the pcap file into one TCP packet and save it in another pcap file.

Is it possible to do this using jnetpcap?

Thank you very much!

Null Packet header and body

//		 Will be filled with NICs
		final List<PcapIf> deviceList = new ArrayList<PcapIf>(); 
// 		For any error msgs		
		final StringBuilder errorBuffer = new StringBuilder();     
//		Get a list of devices on this system
//		optional metadata, good to debug - can skip down to open Device directly..
		int result = Pcap.findAllDevs(deviceList, errorBuffer);
		if (result == Pcap.ERROR || result == Pcap.WARNING || deviceList.isEmpty()) {
			System.err.printf("Can't read list of devices, error is %s\n", errorBuffer.toString());
		PcapIf deviceToCapture = null;
		for (final PcapIf device : deviceList) {
			if (device.getName().contains(deviceNameToCapture)){
				deviceToCapture = device;
		if (deviceToCapture == null){
			System.err.printf("Can't read specified device in "+deviceList+", error is %s\n", errorBuffer.toString());
		final int snaplen = 64 * 1024;           // Capture all packets, no truncation
		final int flags = Pcap.MODE_PROMISCUOUS; // capture all packets
//		Open the desired device
		final Pcap pcap = Pcap.openLive(deviceToCapture.getName(), snaplen, flags, timeout, errorBuffer);
		if (pcap == null) {
			System.err.printf("Error while opening device for capture: %s\n",  errorBuffer.toString());
		final PcapBpfProgram program = new PcapBpfProgram();  
		int optimize = 0;         // 0 = false 
//		Set filter
		if (pcap.compile(program, filterExpression, optimize, netmask) != Pcap.OK) {
		if (pcap.setFilter(program) != Pcap.OK) {
		ByteBufferHandler<IPacketHandler<PcapHeader, ByteBuffer>>bufferHandler = new ByteBufferHandler<IPacketHandler<PcapHeader, ByteBuffer>>() {
Syndicate content