Hi Mark,
when I'm trying to open, let's say, 2 large pcap files (600-700 MB) and store the packets in a list, I'm getting an OutOfMemoryException, despite the fact that I started the program with a maximum heap size of 2 GB. The exception is thrown from the native/c code.
Perhaps you have any suggestions, how to avoid that.
Best wishes
Philipp
P.S.:
Attached you'll find the crash dump and the printout of a small test program to check the actual available memory.
Hi Mark I implemented a simple IMAP4 ,
I wanted to share for people that need something like this.
Also I made changes that you offered me before. Please have a look that 
import org.jnetpcap.nio.JBuffer;
import org.jnetpcap.packet.JHeader;
import org.jnetpcap.packet.JPacket;
import org.jnetpcap.packet.JRegistry;
import org.jnetpcap.packet.RegistryHeaderErrors;
import org.jnetpcap.packet.annotate.Bind;
import org.jnetpcap.packet.annotate.Header;
import org.jnetpcap.packet.annotate.HeaderLength;
import org.jnetpcap.packet.annotate.ProtocolSuite;
import org.jnetpcap.protocol.tcpip.Tcp;
/**
*
* @author Mehmet Emin PACA
*/
@Header( suite = ProtocolSuite.TCP_IP)
public class IMAP4 extends JHeader
{
private final Tcp tcp = new Tcp();
public boolean isServer;
public boolean isClient;
@Override
protected void decodeHeader()
{
super.getPacket().hasHeader(tcp);
if( tcp.source() == 143 )
{
isServer = true;
isClient = false;
}
else
{
isServer = false;
isClient = true;
}
}
@HeaderLength
public static int headerLength( JBuffer buffer, int offset)
{
return buffer.size() - offset;
}
static{
try{
JRegistry.register( IMAP4.class);
}
catch( RegistryHeaderErrors error )
{
error.printStackTrace();
}
}
public String getContent()
{
String content = super.getUTF8String(0, this.getHeaderLength());
return content;
}
@Bind( to = Tcp.class)
public static boolean bindToTcp( JPacket packet , Tcp tcp )
{
return ( tcp.source() == 143 || tcp.destination() == 143 );
}
@Override
public String toString()
{
return getContent();
}
}
Hi,Mark B.
I need to catch packets out of the data analysis should be how to do it, thank you.
Hi Mark, I started to POP3 protocol and I wrote a protocol. I wanted to share. It is working
( I made some tests and I did not see any problems). If you see any errors please feedback.
/*
* POP3 protocol header definition
*/
import org.jnetpcap.nio.JBuffer;
import org.jnetpcap.packet.JHeader;
import org.jnetpcap.packet.JPacket;
import org.jnetpcap.packet.JRegistry;
import org.jnetpcap.packet.RegistryHeaderErrors;
import org.jnetpcap.packet.annotate.Bind;
import org.jnetpcap.packet.annotate.Header;
import org.jnetpcap.packet.annotate.HeaderLength;
import org.jnetpcap.packet.annotate.ProtocolSuite;
import org.jnetpcap.protocol.tcpip.Tcp;
/**
*
* @author Mehmet Emin PACA
*/
@Header( suite = ProtocolSuite.TCP_IP)
public class POP3 extends JHeader
{
@HeaderLength
public static int headerLength( JBuffer buffer, int offset)
{
return buffer.size() - offset;
}
static{
try{
JRegistry.register(POP3.class);
}
catch( RegistryHeaderErrors error )
{
error.printStackTrace();
}
}
public String getContent()
{
byte [] byteArray = super.getByteArray(0, this.getHeaderLength());
String content = new String(byteArray);
return content;
}
@Bind( to = Tcp.class)
public static boolean bindToTcp( JPacket packet , Tcp tcp )
{
return ( tcp.source() == 110 || tcp.destination() == 110 );
}
public boolean isServer()
{
Tcp tcp = new Tcp();
if (super.getPacket().hasHeader(tcp) )
if( tcp.source() == 110 )
return true;
return false;
}
public boolean isClient()
{
return !isServer();
}
}
Dear Mark,
is it somehow possible to capture packets by the process id
of the process which sent or received them?
The only possibility I found so far, is to grep continuously
netstat and adjust the libpcap filter. But this seems like
a dirty hack. Do you know any other possibilities?
Thanks a lot
Philipp
Hi, trying to open an offline file in a different location to the actual jNetPcap program I've made. Is there are syntax to traverse up and down directories or would I have to give a full location?
I have a test folder at the moment that is separate to the source, and would like to be able to pass something like:
Pcap pcap = Pcap.openOffline("..\testCaptures\sample.pcap", errbuf)
Allowing for the escape of backslashes of course. Doing this on a Windows box at the moment, is there something I'm missing?
(By the way, amazing piece of code!)
Cheers,
Ben
Hello everyone
I need to read some winpcap file using jnetpcap. I captured my desired traffic by wireshark and i need to read them. can you tell me which classes does support that?
yours
jNetPcap is a java project that comes with a required native shared library. The requirement of a native library typically adds confusion and presents difficulty for many as to how properly setup a project in netbeans to reference jNetPcap library correctly.
There are several ways that jNetPcap can be added to your existing java project in Netbeans IDE. Let me briefly outline them here and then lets go through the detailed steps of actually creating a proper build path so your project will compile with jNetPcap.
We recommend approaches #1 and #2 for development.
Note: the native library is only required for running/executing the application. It is not required for compilation. It is needed only at runtime.
First thing you have to do is download and install (or unzip) the jNetPcap installation package. You do not have to install (unzip or untar) the installation package under an Netbeans workspace, unless you want to for a specific reasons. The installation can be external to the workspace. Since each jNetPcap installation package installs under a unique directory path, you can easily have multiple versions of the library and switch between them when needed. Both installable and extractable unix and windows packages are provided. Under unix the packager installed packages are intended for production environments, that have a jNetPcap requirement. At same time the JAR and unzip packages are provided incase you need multiple versions of the library where you can extract on your own and easily switch between them.
Hello everyone
I am trying to install the jnetpcap under the vista, but I faced a problem.
I moved the .dll file to the system32. But there is another .jar file which I dont know what to do with it. I tried to extract it first, then found out I need to buy an associations editor utility to open .jar file on vista.
Please help me to find the way to install it.
Your help will be appreciated.
Hi I am trying to implement a too simple smtp protocol and i am getting this error :
Exception in thread "main" org.jnetpcap.packet.UnregisteredHeaderException: header [21] not registered
at org.jnetpcap.packet.JRegistry.lookupAnnotatedHeader(JRegistry.java:581)
at org.jnetpcap.packet.JRegistry.lookupAnnotatedHeader(JRegistry.java:575)
at org.jnetpcap.packet.JHeader.(JHeader.java:380)
at jnetpcapadvance.SMTP.(SMTP.java:23)
at jnetpcapadvance.Test$1.nextPacket(Test.java:52)
at jnetpcapadvance.Test$1.nextPacket(Test.java:48)
at org.jnetpcap.Pcap.loop(Native Method)
at org.jnetpcap.Pcap.loop(Pcap.java:2385)
at jnetpcapadvance.Test.main(Test.java:111)
The code is below ; i need some help .
package jnetpcapadvance;
import org.jnetpcap.packet.JHeader;
import org.jnetpcap.packet.annotate.Bind;
import org.jnetpcap.packet.annotate.Header;
import org.jnetpcap.packet.annotate.HeaderLength;
import org.jnetpcap.packet.annotate.ProtocolSuite;
import org.jnetpcap.protocol.network.Ip4;
import org.jnetpcap.protocol.tcpip.Tcp;
@Header( suite = ProtocolSuite.TCP_IP )
public class SMTP
extends JHeader
{
private int length = 0;
private static Ip4 ip = new Ip4();
private static Tcp tcp = new Tcp();
@HeaderLength
public int headerLength()
{
getPacket().getHeader(ip);
getPacket().getHeader(tcp);
length = ip.length() - ip.hlen() * 4 - tcp.hlen() * 4;
return length;
}
public String getMessage()
{
byte [] byteArray = super.getByteArray(0, length);
String message = new String(byteArray);
return message;
}
@Bind( to = Tcp.class )
public static boolean bindToTcp()
{
return ( tcp.source() == 25 || tcp.destination() == 25 );
}
}