Protocol Analysis

Ip Assembly

Working Ip Fragment Reassembly Example

This is a bit more advanced example of jNetPcap usage. This example is an application that reads packets out of a capture file and reassembles fragmented Ip4 packets.


Download Source from SVN:

import java.util.HashMap;
import java.util.Map;
import java.util.PriorityQueue;
import java.util.Queue;

import org.jnetpcap.Pcap;
import org.jnetpcap.nio.JBuffer;
import org.jnetpcap.nio.JMemory.Type;
import org.jnetpcap.packet.JMemoryPacket;
import org.jnetpcap.packet.JPacket;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.packet.PcapPacketHandler;
import org.jnetpcap.packet.header.Ip4;

 * This is a demonstration application for reassembling IP fragments.
 * The application is intended only for show purposes on how jNetPcap
 * API can be used.
 * <p>
 * This example application captures IP packets, makes sure they are
 * IPs and creates special packets that are ip only. We will use
 * JMemoryPacket which nicely allows us to construct a new custom
 * packet. Our new packets don't care about the lower OSI layers since
 * that information is irrelavent for Ip reassembly and for the user
 * as well. If we receive a packet that is not fragmented we simply
 * pass it through, no sense in doing anything special with it.
 * </p>
 * @author Mark Bednarczyk
 * @author Sly Technologies, Inc.
public class IpReassemblyExample
    implements PcapPacketHandler<Object> {

   * Our custom interface that allows listeners to get our special
   * reassembled IP packets and also provide them with the actual
   * reassembled buffer.

Tutorial 1 - creating IP fragment reassembler

IP fragment reassembly is a bit more advanced topic. The tutorial will demonstrate more typical usage of Packet Decoding Framework, part of jNetPcap API.

In order to understand some of the networking concepts discussed in this tutorial you need to first study IP fragmentation and reassembly. Wikipedia has a nice short write up on Ip fragmentation and reassembly (link: Wikipedia). Only a cursory overview understanding is needed to follow the tutorial.

Then we will plan out our strategy for our little application and implement it.

Here are some key concepts about the API that are covered in this tutorial:

  • Building a custom handler that will dispatch reassembled datagram buffers
  • Working with multiple buffers and peering protocol headers to them
  • Overriding specific protocol header fields with our custom values
  • Working with JMemoryPacket to create our custom IP only packet and telling the scanner to decode the reassembled datagram

The complete application source code can be downloaded here:

jNetPcap 1.2 Release Overview

jNetPcap 1.2 introduces several new features and small changes to to the existing jNetPcap API.

New Features

  • Packet decoding - new extension added org.jnetpcap.packet - provides native packet scanner and protocols
  • Protocol Analysis - stateful packet inspection and analysis. Streams of packets are analyzed, sequenced and reassembled if necessary.
  • PcapUtils class - static utility methods
  • New NIO classes - JMemory, JNumber, JStruct, JFunct, JBuffer - provide efficient struct pointer like functionality.
  • Retrieval of hardware interface address - using MS and Unix extensions and a PcapUtils.getHardwareAddress(String):byte[] is provided.
  • New libpcap handlers - ByteBufferHandler class, JBufferHandler class, JPacketHandler class


  • PcapInteger class - will be replaced by JNumber class
  • PcapHandler class - replaced by ByteBufferHandler class
  • PcapPktHdr class - replaced by PcapHeader class


  • Memory leak in PcapHandler - a memory leak has been fixed in the JNI method which prevented the allocated ByteBuffer objects from being garbage collected.
  • sendqueue(int size) size parameter was ignored. Fixed.

Updates: rc2 to rc3 changes

  • Added PcapPacket(JPacket) constructor.


Release 1.2 adds significant new features and capabilities to jNetPcap library.

Memory management with org.jnetpcap.nio package

Syndicate content