Libpcap wrapper

Reading Winshark pcap file and getting seperated packets from pcap file in java

Hello ,

My name is amol.

I am new to the System. I want to implement following functionality :

1. Converting winshark created .pcap file to text file .
2. fetching one by one packets from that converted file and storing them to database. I need to separate packets depending on their protocol type. so basically i should be able to fetch packet object from that converted text file.

language i am using isn JAVA.

So is this possible to implement using jNetPcap?

Is there standard code available with anybody ? please provide me that.

Thanks a ton

Pcap.openOffline to PcapPacketArrayList?


I have a PCAP file, which I am reading in to a Pcap object like:

final String file = "c:/dumpFiles/theFile.PCAP";

Pcap pcap = Pcap.openOffline(file, errbuf);

But, I need to get this offline file (theFile.PCAP) into a PcapPacketArrayList object, with PcapPackets within that, so that I can iterate through each packet and play with the various parts of each individual packet (timestamp, sourceIP, sourcePort, destinationIP, destPort, etc.).

I've looked through (I believe..!) all of your examples, and still can't find out how to perform this Pcap > PcapPacketArrayList conversion.

Could you tell me if this is at all possible? and possibly (sorry!) offer any example code for doing this?

Thanks in advance!

Writing a corrupt HTTP client

Hi All

I'm trying to write a basic HTTP client with jnetpcap to troubleshoot a possible FIN,PSH,ACK flag combination being returned by a hardware load balancer [1]. I am not able to reproduce this problem with any Java program, as this is a violation of the TCP protocol as I understand, and hence my selection of jnetpcap.

Unlike a packet dump, I need to be able to send a basic HTTP request, and then receive the response, and close the connection with the closing packet having FIN,PSH,ACK set. Any samples or help on how I could do this is greatly appreciated



Ethernet packet injections


I've a small piece of code that use for injection and dumping of packets on an Ethernet link.

I'm using inject(byte[] buf) to send packets through the link, and everything is running smoothly except for this issue.

For what I can see, the problems arises with the speed of injection of the packets, meaning that
injecting the packets too fast is generating an increment errors that goes unreported (inject() doesn't return -1)

In fact, when inserting a Thread.sleep() in this method, the errors go away. But this approach inserts a latency, is
architecture dependent and is very inaccurate. I'm monitoring the outgoing traffic on wireshark. Without the sleep() call,
some packets disappear on the capture.

The questions are:

- Is there a way to check in advance if the interface is ready for injection?
- Is always ready for injection? (I think not)

Thanks in advance

On Android: "socket: Operation not permitted"

Syndicate content