Protocol Analysis

BufferUnderflowException When Loading Large Offline Files

I'm trying to use jNetPcap to decode large PCAP dump files (10-12GB), and everything works great for awhile, then crashes with the following stacktrace:

Exception in thread "Thread-3" java.nio.BufferUnderflowException
at org.jnetpcap.nio.JBuffer.check(Unknown Source)
at org.jnetpcap.nio.JBuffer.getUByte(Unknown Source)
at org.jnetpcap.protocol.tcpip.Tcp.hlen(Unknown Source)
at org.jnetpcap.protocol.tcpip.Tcp.decodeHeader(Unknown Source)
at org.jnetpcap.packet.JHeader.decode(Unknown Source)
at org.jnetpcap.packet.JPacket.getHeaderByIndex(Unknown Source)
at org.jnetpcap.packet.JPacket.hasHeader(Unknown Source)
at org.jnetpcap.packet.JPacket.hasHeader(Unknown Source)
at com.dataoffload.external.PcapDecode$1.nextPacket(

at com.dataoffload.external.PcapDecode$1.nextPacket(
at org.jnetpcap.Pcap.loop(Native Method)
at org.jnetpcap.Pcap.loop(Unknown Source)
..(rest is my classes)

Everything works fine when dealing with smaller (50-100MB) files, but cannot seem to handle the larger dumps. Any ideas? Is this a known problem? Thanks in advance for any help.

Write custom tcp payload to packet

Please do tell me how write custom bytes[] to tcp payload of PcapPacket
Task is change in recieved PcapPacket tcp.getPayload() bytes.
In other words i I want to convert from JPcap library a few lines
TCPPacket p;
byte[] customData;
........ = customData;
Sorry for my english

detect port scan from pcap file

finding packet rate


I have time stamps from the Libpcap trace. Now, I would like to know the packet rate in intervals of 100ms, 1s, 2s. Could someone please help me with this issue?

--that means how many packets are received for every 100ms from beginning to end of the trace.

Thanks in advance,

Best Regards,

SIP INVITE messages return null with getMethod()

Hi Mark, The sip.getMethod() method on our SIP messages of type INVITE returns null when you'd expect them to return the INVITE ENUM.
if (sip.getMethod() != null) {
  switch(sip.getMethod()) {
    case INVITE:
    case INFO:
else {
  if (packet.hasHeader(sdp)) {
}         }
The tcpdump I previously sent you should have INVITE messages in it that return null rather than INVITE. Using 1.4.r1380 RHEL5 x64 Cheers
Syndicate content