Hello,
I read a RTP-packet from a pcap file and want to modify the payload data as well as the paylod length. Can anyone explain me how I can do that?
Thanks,
Manson
I'm still working low level API and build scripts. The 'core' library that future jnetpcap will be dependent on is named 'jnetsoft'. I used other names too like jnetcore, jnetlib, but jnetsoft is what it will be called from now on. No other projects named as such that I could find.
Since I'm redoing the build scripts, I wrote an ANT task called 'javani' which stands for Java Network Interface, kind of like JNI but its the name of the ANT task. Its job is to help manage JNI field and method IDs. It also generates wrapper C functions around methods in any java class. So you can give 'javani' a class files in ANT build script and it will generate the necessary wrapper C and header files containing all of the code, including JNI IDs for access java resources.
It works pretty well, but still needs some work. I plan on contributing that code to ANT project if they will have it. It takes over where existing 'javah' task leaves off.
Here is a is the output from a run against the new JMemory class which is the basis of all native memory managment:
Buildfile: C:\jnetstream\jnetsoft\build.xml
prep-build:
javac:
javah:
[javah] [Loaded C:\jnetstream\jnetsoft\build\classes\org\jnetsoft\nio\JMemory.class]
javani:
[javani] javafile=org.jnetsoft.nio.JMemory
[javani] destfile=build/c/nio_jmemory.c
[javani] destfile=build/include/nio_jmemory.h
BUILD SUCCESSFUL
Total time: 797 milliseconds
You can see that the 'javani' task, takes a javafile as input and generates a C and a header file.
Here is what is inside the C file:
#include#include "nio_jmemory.h" nio_jmemory_class_t nio_jmemory_class; /* * Class: org.jnetsoft.nio.JMemory * Method: onClassLoad * Signature: ()V */ JNIEXPORT void JNICALL Java_org_jnetsoft_nio_JMemory_onClassLoad (JNIEnv *env, jclass clazz) { nio_jmemory_class_t *c = &nio_jmemory_class; memset(c, sizeof(nio_jmemory_class_t), 0);
Hi Mark
I'm running the following code and every once in a while my JVM crashed (attached dump)
the stack in the dump allowed my to narrow the problem to:
if (deviceHwAddress.equals(ethernet.source()))
which is in the block :
public void checkPacket(PcapPacket packet) { // packet was previously scanned
if (packet.hasHeader(ethernet)) {// get ethernet header from the packet
if (deviceHwAddress.equals(ethernet.source())) { // prevent flooding
pdn_total_failed_flooding.inc();
packet = inPdnQue.poll(1, TimeUnit.SECONDS);
break;
}
}
I'm using latest JDK and win 7 pro 32bit system
I have been avoiding external prerequisites with jnetpcap up until now, but I am considering including glib. Its a non issue on non-windows systems, as glib is typically available and easily attainable for those systems. Win32 isn't hard either but glib installation doesn't have win32 auto-install packaging.
None the less there is so much functionality I have been duplicating in glib that I think it makes sense to make it a prereq. GLib for win32 can easily be downloaded from here: http://www.gtk.org/download-windows.html. So its not a big issue, no one has to compile anything. I may also bundle in the runtime glib with the win32 package, but I don't think its really necessary. Glib doesn't have any other dependencies of it own, so it would just be the 1 library that is needed by jnetpcap modules.
There are lots of goodies in glib that will make protocol development at native level much easier. Especially with complex analyzers. Multi-threading utilities are also included, to provide native level RW locks and so forth. Here is a complete list of things glib provides:
http://library.gnome.org/devel/glib/stable/index.html
Also I think it would be good to start this precedent for the sake of other 3rd party libraries. For example, we probably will need to include gzip and encryption libraries as well for some protocols. I know java provides a some of this capability as well, but java's iostream/byte[] based approach doesn't work all that well with jnetpcap. Native libraries can be much more efficient when they have this data in native memory already. I think glib as always present in the core module will make all the other modules easier to write.
If anyone has any feedback, now would be a good time to comment.
I am thinking about the design of the decoder/analyzer modules along with the series of protocol modules that will allow additional bundles of protocols to be added via a package.
I have been giving hints for sometime now that Decoder and Analyzer modules will be 2 separate modules, but I'm leaning back toward a single module to perform both of these functions. In the overall scheme of things, here is what I would like to see in terms of modules and packages that users will need to install:
1) jnetcore-java package: common code
2) jnetpcap: the pcap library wrapper (without decoding or packet object support)
3) jnetdecoder: decoder/dissector/analyzer
4) jnetproto-tcpip: tcp/ip protocol suite
Here is one concept I'm bouncing around. Use of new Abstract class called "Callback". The callback subclasses provide and implement various handlers we're used to such. So for example here is a ByteBufferCallback which also implements the familiar ByteBufferHandler. Except the ByteBufferCallback is an abstract class which leaves the ByteBufferHandler implementation to the user. So to use it with Pcap:
Here is what the top of the ByteBufferCallback might look:
public abstract class ByteBufferCallback implements ByteBufferHandler {
/... the nextPacket method is left abstract/unimplemented
and here is the rest:
I have been redesigning the entire API from grounds up, starting with build system and modules. A new standalone module is nearing completion called "jnetcore". I created a new domain, jNetSoft under which I am bundling all common, non project specific code. Even have a website up for it under http://jnetsoft.com.
The main module is the 'core' module which will contain only a couple of features utilized jnetpcap and other projects. The core module mainly consists of native libraries that are glue code to be utilized by other projects.
The module is compiled 2 sets of shared and archive type libraries. There are 2 versions of the memory management library. One with JNI (java native interface) bindings included and one without. The library without the bindings is a pure C native library with only C runtime as requirement, suitable for use in any type of project. The java bindings library also contains additional API calls for binding to java. The way that the libraries are written, bindings for other languages can also be provided allowing the core libraries to be reused under variety of programing environments.
The exception-management libraries also come in JNI and non-JNI flavors. The java flavored library provides easy for converting native errors, debugging and logging into java exceptions, loggers, etc...
char *b = (char *)jns_malloc(1024);
/* Maintenance Window Notification
Date: April 10, 2010
Time: 10:00 PM CST – 1:00 AM CST April 11, 2010
Purpose: Backup Power Systems Testing & Network Equipment Upgrades
Mark,
In the 'User Guide 2.4 - Opening offline capture', a .pcap file can be opened offline to get traffic information in the file.
How about a .tcpdump file? Can the method Pcap.openOffline also fit Tcpdump files?
My work involves the experiment on DARPA 1999 dataset which simulates an offline intrusion detection environment.
So if the method mentioned above cannot do that, do you have any idea, such as indirect ways, to read packets from a .tcpdump file using JNetPcap?
By the way, usually we dump packets with Tcpdump to .cap file. Wireshark can read the file.
Thank you!
Harry
Hello.
We are developing an application that uses JNetPCap, and we want to develop a version of that application for other operating systems.
Here are a few questions:
1.- Can JNetPCap be used in other OS's different from windows (Unix, Linux, etc.)
2.- If yes, which WinPCap alternative must be used?
3.- What JNetPCap classes/objects/methods must be modified, we use the following classes:
org.jnetpcap.Pcap;
org.jnetpcap.PcapIf;
org.jnetpcap.packet.PcapPacket;
org.jnetpcap.packet.PcapPacketHandler;
org.jnetpcap.protocol.network.Ip4;
org.jnetpcap.protocol.tcpip.Http;
org.jnetpcap.protocol.tcpip.Tcp;
thanks.