jNetPcap SDK

Welcome to jNetPcap SDK website.

jNetPcap is a software library written in Java that provides APIs (Application Programming Interface) similar to the popular libpcap native library. It allows developers to capture, analyze, and manipulate network packets within Java applications.

The library offers a convenient way to work with network traffic data, providing functionality for capturing packets from network interfaces, parsing protocols, extracting data, and performing various network analysis tasks. It provides a Java wrapper around the native libpcap library, allowing developers to utilize its features in a Java environment.

jNetPcap simplifies the process of network packet analysis and enables developers to build network monitoring, security, and analysis tools using the Java programming language. It supports a wide range of protocols and provides comprehensive functionality for working with network packets.

The software is often used in network-related applications such as network monitoring tools, packet sniffers, intrusion detection systems, and network forensic analysis tools. It provides a powerful and flexible framework for network packet analysis and manipulation within Java applications.

jNetPcap SDK is made up of several modules which provide comprehensive network processing functionality. The following is a list of the included modules as part of the SDK release:

• jNetPcap OS - functional native libpcap API

• jNetPcap Pro - protocol specific APIs for advanced packet processing such as IP fragment reassembly, protocol dissection, stream reassembly and a lot more

• Protocol packs/modules - several modules that provide specific protocol related APIs such as high level packet object representation, protocol headers, binary dissectors, state and analysis data/descriptors

  • Core protocols - a base module providing support for common network protocols and the protocol API

  • Web, Telco and many other protocol family specific protocol packs

To find the examples hoststed here as well as many downloadable packages and source, please visit our source code repository at www.github.com/slytechs-repos.

The above example will reassemble 7 IP fragments for the original ICMP message that was 9000 bytes. The original IP fragments are discarded after they are used in reassembly so we end up with a single IP datagram containing the original ICMP message, at full original length.

IPF reassembler is a powerful jNetPcap Processor, that can be configured to meet your specific needs. You can choose to pass through original IP fragments, set timeout parameters for missing fragments, and adjust IPF table sizes.

Here are some of the options that are available for configuring IPF reassembler:

• Pass through original IP fragments: This option will allow IPF reassembler to pass through original IP fragments without reassembling them. This can be useful for debugging or for applications that need to handle fragmented packets.

• Timeout parameters for missing fragments: This option allows you to set the timeout parameters for missing fragments. This will determine how long IPF reassembler will wait for a missing fragment before giving up.

• IPF table sizes: This option allows you to adjust the size of the IPF tables. This can be useful if you are dealing with a large number of IP fragments.

The output generated by the above example is as follows:

Generates the following output: