Protocol Analysis

Udp Echo Protocol

hi everybody

My problem is echo protocol.I do not know how to set port 7 on udp .help me please

How much time it take to analyze 100 MB of .pcap file??

I am trying to analyze the .pcap file of 100 MB in size using conventional way of analyzing packets using pcap.loop method.

Unfortunately, it is taking near about 53 seconds to analyze the whole 100MB .pcap file.

Will it really take so much of time to analyze 100 MB file? or there is way to do in faster way??

Please help.

Arp packets are not sniffed

JNetpcap cannot sniff arp packets at all. I am using the following code:

public void nextPacket(PcapPacket packet, String user) {
if (packet.hasHeader(arp)) {
System.out.println("Hardware type" + arp.hardwareType());
System.out.println("Protocol type" + arp.protocolType());
System.out.println("Packet:" + arp.getPacket());

This code replace by packet.hasHeader(anyOtherProtocol) works correctly. I have used a great variety of different protocols for my end of diploma thesis. When it was time to sniff arp packets nothing worked.

I have also opened wireshark to verify that although arp packets are sniffed there, jnetpcap is not able to sniff them. Can you help here?

Thanks in advance.

jNetPcap thinks IP packets have no IP Header (Bug?)

Hi, I have got a problem with the jNetPcap library, but I really like it. I am trying to analyse packets which jNetPcap receives. Here is my Code: package HDReceiver2; import java.util.ArrayList; import java.util.Date; import java.util.List; import org.jnetpcap.Pcap; import org.jnetpcap.PcapIf; import org.jnetpcap.packet.PcapPacket; import org.jnetpcap.packet.PcapPacketHandler; import org.jnetpcap.protocol.lan.Ethernet; import; import; import org.jnetpcap.protocol.tcpip.Tcp; import org.jnetpcap.protocol.tcpip.Udp; public class HDReceiver2 { public static void main(String[] args) { List alldevs = new ArrayList(); // Will be filled with NICs StringBuilder errbuf = new StringBuilder(); // For any error msgs int r = Pcap.findAllDevs(alldevs, errbuf); if (r == Pcap.NOT_OK || alldevs.isEmpty()) { System.err.println("Can't read list of devices, error is " + errbuf); return; } System.out.println("Network devices found:"); for (int i = 0; i < alldevs.size(); i++) { String description = (alldevs.get(i).getDescription() != null) ?

Match multiple headers in a packet payload - Continued

I'm trying to decode IEC104. In this protocol multiple PDU can be chained in a TCP-payload.
I found I can recursive bind to my protocol header, but in the binding method, I do not understand, how I can determine the current offset in the tcp payload to make the check for the header start byte - see line marked with HELP. Here my code and a sample of the jpacket state:

public class Iec104Packet extends JHeader {

public final static int Iec104Port = 2404;
public final static int Iec104StartByte = 0x68;

@Bind(to = Tcp.class)
public static boolean bindToTcp(JPacket packet, Tcp tcp) {
if (!((tcp.source() == Iec104Port) || (tcp.destination() == Iec104Port)))
return false;
if (tcp.getPayload().length < 1)
return false;
if (!(tcp.getPayload()[0] == Iec104StartByte))
return false;
return true;

@Bind(to = Iec104Packet.class)
public static boolean bindToTcp(JPacket packet, Iec104Packet iec) {
//HELP if (!(tcp.getPayload()[0] == Iec104StartByte))
// return false;
return true;

public static int headerLength(JBuffer buffer, int offset) {
if (buffer.size()>offset+1)
return buffer.getUByte(offset+1)+2;
return 2;

@Field(offset = 0 * 8, length = 1 * 8, description = "Start")
public byte start() {
return super.getByte(0);

@Field(offset = 1 * 8, length = 1 * 8, description = "Length")
public byte length() {
return super.getByte(1);

public int dataLength(){
return length();

@Field(offset = 2 *8, description = "Data")
public byte[] data(){
return super.getByteArray(2, length());


Registerd Protocolls and binding
scanner[0 ] class=Payload id= 0, loaded=false direct=true , scan=false bindings=0 []

Syndicate content