jNetPcap 1.X

jNetPcap 1.X module: libpcap and packet decoder

Official release 1.3.a1 (alpha1) is released

The official release jnetpcap-1.3.a1 is released. This release freezes new feature development. Only bug and documentation fixes will be allowed on this release branch.

This is the recommended release for environments not looking for very latest features and which require code stability in production environments.

Release 1.3 contains the following features:

  1. All the libpcap wrapper API
  2. Header decoder (the quick native scanner)
  3. Existing core protocols (Ethernet, 802.3, Ip4, Tcp, Icmp, etc..)
  4. Native checksum generation and verification for various protocol CRC fields
  5. No changes to existing native memory model.
  6. Flow-key generation


Here is an example that demonstrates how to use Pcap.nextEx method. The example uses various peering methods, Libpcap DLT to jNetPcap protocol ID mapping, initiating a new PcapPacket object and invoking the scanner on a newly created packet.
Download Source from SVN:

package org.jnetpcap.examples;

import org.jnetpcap.Pcap;
import org.jnetpcap.PcapHeader;
import org.jnetpcap.nio.JBuffer;
import org.jnetpcap.nio.JMemory;
import org.jnetpcap.packet.JRegistry;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.packet.format.FormatUtils;
import org.jnetpcap.protocol.lan.Ethernet;
import org.jnetpcap.protocol.network.Ip4;

 * This example opens up a capture file found in jNetPcap's installation
 * directory for of the "source" distribution package and iterates over every
 * packet. The example also demonstrates how to property peer
 * PcapHeader, JBuffer and initialize a new
 * PcapPacket object which will contain a copy of the peered
 * packet and header data. The libpcap provide header and data are stored in
 * libpcap private memory buffer, which will be overriden with each iteration of
 * the loop. Therefore we use the constructor in PcapPacket to
 * allocate new memory to store header and packet buffer data and perform the
 * copy. The we
 * @author Mark Bednarczyk
 * @author Sly Technologies, Inc.
public class NextExExample {

	 * Start of our example.
	 * @param args
	 *          ignored
	public static void main(String[] args) {
		final String FILE_NAME = "tests/test-l2tp.pcap";
		StringBuilder errbuf = new StringBuilder(); // For any error msgs


Fast PcapDumper API


Memory, API change and 1.2 release

After careful review and a long design session about "Dissectors/containers" (analyzers are also part of this decision), I have made a decision that this feature can not be properly implemented using current memory model used in jNetPcap when managing natively allocated memory. This is something I will be working on, but only after 1.2.alpha is released. Therefore I am almost ready to freeze the feature set and get things ready for an official 1.2 release.

1.1 - Getting Around

Let briefly go over all of the packages in jNetPcap SDK and what they contain:

  +-> jnetcap - this is the main libpcap wrapper package. It contains
      +         all of the API for accessing libpcap functionality.
      |         These classes and methods do very little of their own
      |         logic and simply pass your requests over to native
      |         libpcap which handles those the requested actions.
      +-> winpcap - extension to libpcap wrapper that provides WinPcap 
      |          functions. This is operating system dependent package
      |          and you must use WinPcap.isSupported() call before
      |          using any classes and methods in this package.
      +-> nio - native IO and memory classes. This package defines
      |         memory management classes that allocate native memory,
      |         peer native structures and functions to java classes. 
      |         This is also where the very important JBuffer class resides.
      +-> util - various utility classes. This is where you will find
      |          logging helpers, JConfig class which manages configurations
      |          through property files and address resolvers. 
      +-> protocol - a library of supported CORE protocol headers.
      |              This is where you will find Ip4, Tcp, Udp, Ethernet
      |              and a host of other header definitions, ready for you
      |              to use.
      +-> packet - packet decoding framework. This package defines important 
          |      components of the decoder. JScanner, PcapPacket, and the very
          |      important baseclass JHeader. JScanner decodes packets
          |      and stores the packet state information in native structures.
          |      PcapPacket class reads this state information and can
          |      peer (or reference via native memory) header objects. 
Syndicate content