Hi I will be changing the roadmap of future jnetpcap releases. I am deprecating current "analyzer" functionality as a SVN tag (to preserve it), and will replace the main trunk with branch-1.4 code. Another words the trunk will be based completely on 1.3/1.4 code with all analyzer features and protocol classes removed.
You will still be able to access the code but only as a tag, not a working/mutable branch. This is because I can't support that part of the code anymore. I realize that analyzer features is extremely needed and will be reimplemented under the previously announced 2.0 branch.
Furthermore, because of my limited amount of time I have been able to dedicate to jnetpcap lately, I will forgo the 1.5 release and move the libpcap 1.0.0 dependency into the trunk (based on 1.4 code).
The effect of this is, that jnetpcap 1.4 will only work on systems with compatible libpcap 1.0.0 version. It won't work under older systems with pre 1.0.0 versions.
I have jnetpcap 2.0 planned out and it will be a major diversion of the API from the current monolithic module. The future releases will be modular with clear separation of libpcap wrapper API, decoder API and analyzer APIs. This means that jnetpcap, decoder and analyzer will have independent release version numbers and each will be able to function standalone from the other modules.
I'm also contemplating moving away from SVN to GIT after final 1.4 release is complete. SVN is fine and more than capable for what we need, but the problem is with sourceforge.net. Constant SVN interruptions and extremely slow SVN operations are the main reason for the move. Git allows one to work with a local copy repository that is then synchronized with the master repository on sf.net, bypassing any sf.net related delays or interruptions. I think the IDE git plugins have matured enough to make it a compelling replacement for SVN.
Hi,
Can you tell me how can I make a copy of a PcapPacket which holds everything in Java memory(or at least at some memory which won't be freed/overwritten)?
I've modified the Pcap.nextEx example to process the incoming packets and in some cases I have to store these packets. The problem is that in some cases the "packet.scan(id);" call makes my previously stored packets invalid. Somehow it overwrites the memory area belonging to the stored packet and the stored packet throws an exception whenever I call toString on it(it worked fine when I stored the packet). So I would like to prevent this behavior somehow.
Thanks in advance,
Miklos
Our visual traffic analysis software makes peripheral use of 1.2 rc4 (the API changes for rc5 would force us to rework some things that don't really make any practical difference, though we'll probably update this at some point) for hex display and pcap exporting. For more information see http://www.eqnets.com. We're in beta; for details see our last blog post.
Hi,
Per this thread: http://jnetpcap.com/node/506
I was able to be jNetPcap for Centos 64-bit, kind of following: http://jnetpcap.com/compile/redhat
But the svn in those instructions brought down the jNetPcap 2.0.xxx source, i.e., I endedup up building 2.0.xxx.
Most (actually) all of the jNetPcap apps I have worked on so far uses jNetPcap 1.3.b00010, so I now need to build THAT on Centos 64-bit, but can anyone tell me how I pull down the source for 1.3.b00010 instead of the "latest" source?
Thanks,
Jim
The native IO, memory and buffer management package provides java classes and native API work working with objects and native memory structures. This package will provide the already familiar JMemory and JBuffer java classes but also a standard native library of functions for performing memory management and manipulation tasks.
Specifically new set of function calls are provided for much greater flexibility in memory management. The key purpose of this module is to ensure that any binding between java and native memory, have the same life-cycle and when either one is no longer needed, both are properly and released. The nio NDK provides operations on the following 3 classes of memories:
Memory allocated using nio NDK is not a simple monolithic block of memory, but rather a chain of memory blocks that are linked together that act as a single allocated unit, that when no longer needed, will properly release all of its previously allocated components. This new memory model at the native level, allows various previously static structures to be expanded/contracted at runtime and at will, while still being tied to the life-cycle of the parent java object. When a java object holding reference to previously allocated nio memory is garbage collected by java, the native memory is also released at the same time.
Native structures can reference other java objects and have those references released when their parent object is GCed. There is additional information attached to the native nio memory chain which keeps track of JNI object references to be released when the nio memory is deallocated. This ensures that any JNI references held by nio memory, releases the JNI references allowing those referenced objects to be eventually GCed.
The 2.0 releases will be released as multiple modules with the following top level java packages defined for each module:
[MWB - 3/16/10: this is still work in progress]
This document describes the jnetpcap 2.0 design. Next major step in evolution of jnetpcap software is to make it more manageable in terms of complexity, size and efficiency. The major changes planned for jnetpcap 2.0 are as follows:
In addition to release structure changes the following API changes will also be implemented:
The above changes will depart from the current monolithic API of jnetpcap releases. The jNetPcap module will become a standalone java wrapper for libpcap/winpcap libraries. Additional modules will provide the decode and analyzer features that will be plugged in at runtime.
I am trying to achieve following:
1) Load packets from PCAP file
2) Send packets with SAME rate as in PCAP file (same time between packets)
Basically, I want to replay a dump, with exact timing as it was recorded.
Is this possible?
Thanks in advance.
I used a dispatch() method for the convenience of setting up a timeout.
///
public
JPacketHandler
T user)
///
and set 10 seconds timeout in
///
int timeout = 10 * 1000; // 10 seconds in millis
Pcap pcap =
Pcap.openLive(device.getName(), snaplen, flags, timeout, errbuf);
///
and finally invoke the dispatch() method as followed
///
pcap.dispatch(-1, jpacketHandler, "jNetPcap rocks!");
///
But the result always is that once the first packet is captured, the process finishes. The 10-second timeout does not work.
In the note of dispatch(): on some platforms, the read timeout isn't supported, and, on other platforms, the timer doesn't start until at least one packet arrives.
But in my case, the timeout seems to be 'instant' after receiving the first packet.
Thanks for any suggestion or advice on the problem!
Hello, everyone.
I am developing an application that is going to monitor the incoming/outgoing files to and from a computer in order to process them.
Here's how it should work:
If the application detects a file is being received, using a port sniffer that uses JNetPCap (downloading using a web browser, FTP or chat), and if it corresponds to a given type of file (for example, an MS Word Document), then the application must process that file in a certain way.
If the application detects a file (lets call it A) is going to be sent (uploading using a web browser, FTP or chat) then the application must process the file (obtaining a file A*) that is going to be sent, before it is sent.. so the processed file (A*) is the one that must be sent.
I already detect when a file is being downloaded using a web browser, and process the file once it has been downloaded. Though, using JNetPcap I haven't been able to detect when the last part of the file has been received, I believe because I am connected using a router.
But, I am having problems when a file is going to be uploaded. I detect when the file is already being uploaded, is there any way to temporally suspend the uploading process using JNetPcap while the file is being processed, and after it has been processed then reinitialize the uploading??...
thanks in advance