jNetPcap 1.X

jNetPcap 1.X module: libpcap and packet decoder

Offline Capture

This example is the classic libpcap example in its entirety, shown in nearly every tutorial on libpcap. It opens up an offline capture (a file with packets in it). Using a packet handler it goes into a loop to catch a few packets, say 10. Prints some simple info about the packets, and then closes the pcap handle and exits.

Download Source from SVN:

package org.jnetpcap.examples;

import java.util.Date;

import org.jnetpcap.Pcap;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.packet.PcapPacketHandler;

/**
 * This example is similar to the classic libpcap example shown in nearly every
 * tutorial on libpcap. The main difference is that a file is opened instead of
 * a live network interface. Using a packet handler it goes into a loop to read
 * a few packets, say 10. Prints some simple info about the packets, and then
 * closes the pcap handle and exits.
 * 
 * Here is the output generated by this example :
 * 
 * Opening file for reading: tests/test-l2tp.pcap
 * Received at Tue Jan 27 16:17:17 EST 2004 caplen=114  len=114  jNetPcap rocks!
 * Received at Tue Jan 27 16:17:17 EST 2004 caplen=114  len=114  jNetPcap rocks!
 * Received at Tue Jan 27 16:17:18 EST 2004 caplen=114  len=114  jNetPcap rocks!
 * Received at Tue Jan 27 16:17:18 EST 2004 caplen=114  len=114  jNetPcap rocks!
 * Received at Tue Jan 27 16:17:19 EST 2004 caplen=114  len=114  jNetPcap rocks!
 * Received at Tue Jan 27 16:17:19 EST 2004 caplen=114  len=114  jNetPcap rocks!
 * Received at Tue Jan 27 16:17:20 EST 2004 caplen=114  len=114  jNetPcap rocks!
 * Received at Tue Jan 27 16:17:20 EST 2004 caplen=114  len=114  jNetPcap rocks!

Tutorial 2 - API usage


Note: There is a bug in 1.3.b4 and 1.4.r1300 with "flows". The example below fails when flows are encountered due to this bug. The bug has been fixed and will be released with next release of 1.3 and 1.4 which are currently being tested before a broader public release.

Download Source from SVN:

package org.jnetpcap.examples.packet;

import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.jnetpcap.Pcap;
import org.jnetpcap.nio.JMemory;
import org.jnetpcap.packet.JFlow;
import org.jnetpcap.packet.JFlowKey;
import org.jnetpcap.packet.JFlowMap;
import org.jnetpcap.packet.JPacket;
import org.jnetpcap.packet.JPacketHandler;
import org.jnetpcap.packet.JScanner;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.protocol.tcpip.Http;
import org.jnetpcap.protocol.tcpip.Tcp;

/**
 * This example demonstrates various usage scenerios for jNetPcap API. The test
 * file used in this example can be found under the "tests" directory located
 * under the root installation directory of the source package. The tests
 * directory is not normally provided with binary distribution of jnetpcap. The
 * test file contains 483 packets most of which are http or tcp segments.
 * 
 * @author Mark Bednarczyk
 * @author Sly Technologies, Inc.
 */
public class CommonUsageExamples {

	/**
	 * Various examples
	 * 
	 * @param args
	 *          none expected
	 */
	public static void main(String[] args) {

		/*
		 * Example #1 open offline capture file for reading packets.
		 */
		final String FILENAME = "tests/test-http-jpeg.pcap";
		final StringBuilder errbuf = new StringBuilder();

		final Pcap pcap = Pcap.openOffline(FILENAME, errbuf);

1.3 beta 1 released!

1.3b1 is released. Its an update to 1.3 alpha 1 which fixes several discovered issues. The following issues have been resolved:

jNetPcap 2.0 design

[MWB - 3/16/10: this is still work in progress]

This document describes the jnetpcap 2.0 design. Next major step in evolution of jnetpcap software is to make it more manageable in terms of complexity, size and efficiency. The major changes planned for jnetpcap 2.0 are as follows:

  • Break up into multiple modules: jnetpcap, jnetcommon, jnetdecoder, jnetanalyzer
  • Provide a multi-module build script
  • Provide a simple Makefile build process for native components, in addition to existing ant scripts
  • Provide additional protocol modules for specific protocol families

In addition to release structure changes the following API changes will also be implemented:

  • Move common code into more general java packages and bundled into a jnetcommon module
  • Remove java dependencies between modules except for the common module
  • Acquire new domain for more common code: jnetsoft.org [MWB: already registered]
  • Preserve most of the API syntax, but with some classes moved to other java packages in order to facilitate a clean breakup into multiple modules
  • Provide a NDK for native development - specific native functionality will be provided with specific native and java API, especially in the native to java memory boundary area

The above changes will depart from the current monolithic API of jnetpcap releases. The jNetPcap module will become a standalone java wrapper for libpcap/winpcap libraries. Additional modules will provide the decode and analyzer features that will be plugged in at runtime.

Started on 1.4.b0001

I started work on 1.4.b0001. The new branch-1.4 is based branch-1.3. Its using exact same code base, but will have few new features added and expanded platform support. Any bugs that will be discovered in 1.3, the fixes will be incorporated into 1.4 as well.

Here is what I'm working on right at the moment:

1) Adding the "lazy decode" feature.

2) Adding JPacketBufferHandler feature.

Lazy decode is when packet scan/decoding is triggered only when the packet contents are first accessed and not when the packet is created. This will delay packet decoding to a time when its actually needed. This will allow packet decoding to be delayed by the user, to be performed in other threads and not the capture thread.

The JPacketBufferHandler is a new dispatcher handler that is designed for efficiency and minimization of java overhead during capture. This new handler uses a new container object JPacketBuffer which is designed to allocate large user memory buffer to store multiple packets. The default allocation size is 1MB and allows storage of anywhere between 500 to 10,000 packets depending on the packet size. Both the pcap header and the packet contents are stored in the buffer. The native dispatcher copies incoming packets from libpcap into this buffer until its full. Only when the buffer is full is the buffer dispatched to java handler with all of the captured packets. The JPacketBuffer container provides an iterator to access packets within the buffer. This minimizes interaction with java as hundreds if not thousands of packets can be efficiently stored in the buffer before any interaction with java has to occur. After the buffer is dispatched to java, a new buffer is allocated to receive more packets.

Syndicate content