jNetCapture

jNetCapture is a new extensible java framework for working with network traffic. The framework provides methods to capture network traffic or read it from a file, although the jNetCapture framework does not implement these functions, and requires implementation modules such as "jNetPcap" or "jNapatech" to be included as well.

jNetCapture provides the following services:

• Low-level network packet capture (API only, not implementation). The framework works on the concept of network frames, then packets
• Attaches an extended frame header with information about layer 2 through layer 5 of the OSI stack. Low level scan is performed (in software or hardware depending on the implementing module) and certain information about offsets, lengths, error conditions is recorded in the extended header
• Calculates hashcodes based on key fields within the network frame. Hashcodes can be setup as flows, unique ids and other types of informative or identifiable keys.
• Multi-CPU support. Packets are either directly stored or rebuffered into multiple host buffers which are accessible by the user for multi-cpu support
• De-duplication of duplicate frames. Duplicate frames are removed.
• Depending on implementation module, can provide multi-gigabit and zero packet copy into user's host buffers

[MWB - 3/16/10: this is still work in progress]

This document describes the jnetpcap 2.0 design. Next major step in evolution of jnetpcap software is to make it more manageable in terms of complexity, size and efficiency. The major changes planned for jnetpcap 2.0 are as follows:

• Break up into multiple modules: jnetpcap, jnetcommon, jnetdecoder, jnetanalyzer
• Provide a multi-module build script
• Provide a simple Makefile build process for native components, in addition to existing ant scripts
• Provide additional protocol modules for specific protocol families

In addition to release structure changes the following API changes will also be implemented:

• Move common code into more general java packages and bundled into a jnetcommon module
• Remove java dependencies between modules except for the common module
• Acquire new domain for more common code: jnetsoft.org [MWB: already registered]
• Preserve most of the API syntax, but with some classes moved to other java packages in order to facilitate a clean breakup into multiple modules
• Provide a NDK for native development - specific native functionality will be provided with specific native and java API, especially in the native to java memory boundary area

The above changes will depart from the current monolithic API of jnetpcap releases. The jNetPcap module will become a standalone java wrapper for libpcap/winpcap libraries. Additional modules will provide the decode and analyzer features that will be plugged in at runtime.