The following operating systems are currently supported with the latest development jNetPcap release. The table below also lists the various hardware architectures and packaging options supported.
| Operating System | Version | tar/zip | x86_32 | x86_64 | Packager |
|---|---|---|---|---|---|
| Windows XP | SP1 or above | X | X | ||
| Windows Vista | SP1 or above | X | X | ||
| Windows 7 | SP1 or above | X | X | X | |
| FreeBSD | 7.1,8.1 | X | X | X | |
| Open Solaris | 2009 | X | X | X | |
| Mac/OSX* |
The following Linux variant operating systems are supported. All linux systems can run on the "Generic Linux" tar distribution, even the ones that are not part of the list below as long as they meet the minimum "Linux Kernel" version level and minimum "libpcap" library version of 9.8 for pre jnetpcap 1.4 APIs and libpcap version 1.0.0 or above for jnetpcap 1.4.
On unix based systems permissions work differently then on Microsoft windows based systems. You need to execute your program with "root" privilege in order to see it.
Secondly, also make sure to print out the error message return in the "errbuf" parameter you passed into Pcap.findAllDevs method. It should contain information about the cause of your problem.
Hi,
I'm using Debian Lenny. When i start my program this error occurs.
The same program runs with no errors on XP.
I already installed the deb package and imported the lib (/usr/share/java/jnetpcap-1.2.rc5.jar). Then
I set the "Native library location" to /usr/lib.
Maybe someone has an idea.
Edit: ok, problem solved! I have to start my programm as root. So I started eclipse as root 
I'm doing some preliminary testing with tcpdump so that I can get a better understanding of how to use libpcap (through jNetPcap) before actually running a real test with jNetPcap. I'm sending four pings from one PC to another and capturing them on the receive side using "tcpdump 'icmp' ". This works but there's a delay of perhaps 15 seconds before tcpdump even shows the traffic. I suppose I can expect to see this same delay in jNetPcap ...right?
Why is there such a long delay ?
edited:
RESOLVED: Without the "-n" argument, tcpdump does a DNS lookup on incoming traffic. With the "-n" argument, tcpdump is fast !
Thank you!
I wanted to check jnetpcap for future use in a project. Unfortunately i can't manage to get anything running 
I get some UnsatisfiedLinkError:
Exception in thread "main" java.lang.UnsatisfiedLinkError: org.jnetpcap.PcapPktHdr.initIDs()V
at org.jnetpcap.PcapPktHdr.initIDs(Native Method)
at org.jnetpcap.PcapPktHdr.
at jnetPcapTest.Runner.main(Runner.java:15)
The problem is, whatever i try to solve this does not work. I tried
- using -Djava.library.path="correctpath" as VM argument
- placing .dll in several system folders
- placing .dll in several workspace folders
- (i am using eclipse) assigning native library location for the jar
I am running out of ideas.. and google also ^^
I think i am missing something very basic, but i don't get it..
I'm trying to run the ClassicPcapExample.java, but I can't seem to get it to run inside of Eclipse or from the command-line. I'm hoping it's something simple, but I can't figure it out yet 
Eclipse has been updated to the latest version, and I'm using Java 6 update 13.
I added the jnetpcap-1.2.rc5.jar file to the referenced libraries for my project, so it seems to build fine.
I also added the -Djava.library.path=C:\jnetpcap-1.2.rc5 to the VM arguments, and that fixed the link error. But, now when I try to run it I keep getting the following error.
java.lang.NoClassDefFoundError: examples/ClassicPcapExample
Caused by: java.lang.ClassNotFoundException: examples.ClassicPcapExample
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
Exception in thread "main"
Here is the source file that I'm currently using
package example;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.jnetpcap.Pcap;
import org.jnetpcap.PcapHandler;
import org.jnetpcap.PcapIf;
@SuppressWarnings("deprecation")
public class ClassicPcapExample {
public static void main(String[] args) {
List
StringBuilder errbuf = new StringBuilder(); // For any error msgs
/********************************************
* First get a list of devices on this system
********************************************/
int r = Pcap.findAllDevs(alldevs, errbuf);
if (r == Pcap.NOT_OK || alldevs.isEmpty()) {
Hi Mark,
How do i get the 'transport protocol' (tcp, udp, icmp etc) from IP 'protocol field' header via the IP4 class ? Is it the proctol type() OR id(). If i get int id is fine or keyword like TCP, UDP etc is better..
Cheers and Thanks !
I have just installed jNetPcap and am trying to get the "ClassicPcapExample.java" to run (RHEL Linux). I am new to Java; I have many years experience as a C/C++ Developer.
Here's what I did for the install:
1. Downloaded the RPM and installed it.
2. Verified that libpcap is installed; version 0.9.4 of libpcap.so is in /usr/lib/ (with usual softlinks).
3. > LD_LIBRARY_PATH=/usr/lib
Here's what I do to compile and run:
javac -classpath /usr/share/java/jnetpcap-1.2.rc5.jar:./ -Xlint:deprecation ClassicPcapExample.java
...this gives some warnings for PcapHandler but it does compile a .class file.
java -classpath /usr/share/java/jnetpcap-1.2.rc5.jar:./ ClassicPcapExample
...this gives java.lang.NoClassDefFoundError for ClassicPcapExample
What's going on ??
Hi Mark,
Do we know what is returned by the tcp class method flagsCompactString() when "no" tcp flags (no flags at all) are set in the tcp packet headers? a null or an empty string "" ?
public java.lang.String flagsCompactString()
Cheers and Thanks for the GREAT package !!
Thanks to Mark, after RC5 I do not need to reassemble packets myself, but it seems to have some rare problems when I handle Http packets.
Before RC4, every packet be received fully.
After RC5, some packets's payload is lost. There is still packet infomation printed out but there is no payload info although I'm sure there must be.
Here is my code.
RC5
HttpAnalyzer ha = JRegistry.getAnalyzer(HttpAnalyzer.class); ha.add(new FarmHttpHandler()); pcap.loop(-1, JRegistry.getAnalyzer(JController.class), pcap); RC4 JPacketHandlerjph = new RawCatch(); pcap.loop(-1, jph, "");
1st packet received well.
RC5 prints this out
Http: ******* Http offset=54 (0x36) length=308 protocol suite=TCP/IP Http: Http: RequestVersion = HTTP/1.1 Http: ResponseCode = 200 Http: ResponseCodeMsg = OK Http: Date = Sun, 26 Apr 2009 09:58:16 GMT Http: Content-Type = text/html Http: Connection = keep-alive Http: Cache-Control = no-cache, must-revalidate Http: Content-Encoding = gzip Http: Data: ******* Payload offset=362 (0x16A) length=1144 Data: 016a: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a 31 a.. ...........1 017a: 32 37 33 0d 0a a5 5b db 72 db 46 12 fd 15 97 1e 273...[.r.F..... //omitted
In the 2nd packet and following.
Http: ******* Http offset=54 (0x36) length=1452 protocol suite=TCP/IP Http: Http: Http: ******* Http offset=54 (0x36) length=1452 protocol suite=TCP/IP Http: Http: Http: ******* Http offset=54 (0x36) length=703 protocol suite=TCP/IP Http: Http:
Nothing?
Is there a mistake in my code? Or is it about Gzip Encoding?
The GZip Encoding data's length is more than 4k bytes.
By the way, Images/HTML reassembling works fine here.
Detailed output is in the attachment.
Thank you Mark~