jNetPcap SDK

Welcome to jNetPcap SDK project website.

jNetPcap is a software library written in Java that provides APIs (Application Programming Interface) similar to the popular libpcap native library. It allows developers to capture, analyze, and manipulate network packets within Java applications.

The library offers a convenient way to work with network traffic data, providing functionality for capturing packets from network interfaces, parsing protocols, extracting data, and performing various network analysis tasks. It provides a Java wrapper around the native libpcap library, allowing developers to utilize its features in a Java environment.

jNetPcap simplifies the process of network packet analysis and enables developers to build network monitoring, security, and analysis tools using the Java programming language. It supports a wide range of protocols and provides comprehensive functionality for working with network packets.

The software is often used in network-related applications such as network monitoring tools, packet sniffers, intrusion detection systems, and network forensic analysis tools. It provides a powerful and flexible framework for network packet analysis and manipulation within Java applications.

jNetPcap is a powerful tool for network packet capture and analysis. It can be used to capture network traffic, filter and analyze packets, and even create custom network applications. jNetPcap is a valuable tool for network engineers, security professionals, and developers.

Here are some of the features of jNetPcap:

jNetPcap is a free and open-source software. It can currently be downloaded from GitHub project pages www.github.com/slytechs-repos/jnetpcap-pro

Here are some of the benefits of using jNetPcap:

If you are looking for a powerful and versatile tool for network packet capture and analysis, then jNetPcap is the perfect choice.

To find the examples hoststed here as well as many downloadable packages and source, please visit our source code repository at www.github.com/slytechs-repos.

> Demonstration

We have lots of examples but here is a quick demonstration of how to read all of the packets from a PCAP capture file, reassemble all IP fragments and print each reassembled packet's contents to the system console.

The above example will reassemble 7 IP fragments for the original ICMP message that was 9000 bytes. The original IP fragments are discarded after they are used in reassembly so we end up with a single IP datagram containing the original ICMP message, at full original length.

IPF reassembler is a powerful jNetPcap Processor, that can be configured to meet your specific needs. You can choose to pass through original IP fragments, set timeout parameters for missing fragments, and adjust IPF table sizes.

Here are some of the options that are available for configuring IPF reassembler:


The output generated by the above example is as follows:

> Pcap 1-liner

Or as close as we can get to a single line of code if we do not have to enable any of the more advanced features such as IpfReassembler, PacketPlayer, DataObfuscator, etc. This is technically the shortest 100% correct pcap code you can write,  that reads all packets from a capture file and still performs the following steps:

Note: pcap.dispatch(System.out::println) uses method reference aka lambda expression pcap.dispatch((Packet packet) -> System.out.println(packet.toString())

Generates the following output: