Module org.jnetpcap

Package org.jnetpcap

package org.jnetpcap

The Packet Capture library provides a high level interface to packet capture systems. All packets on the network, even those destined for other hosts, are accessible through this mechanism. It also supports saving captured packets to a ``savefile'', and reading packets from a ``savefile''.

Opening a capture handle for reading

To open a handle for a live capture, given the name of the network or other interface on which the capture should be done, call pcap_create(), set the appropriate options on the handle, and then activate it with Pcap.activate(). If pcap_activate() fails, the handle should be closed with Pcap.close().

To obtain a list of devices that can be opened for a live capture, call Pcap.findAllDevs(); the list is automatically freed by jNePcap. Pcap.lookupDev() will return the first device on that list that is not a ``loopback`` network interface.

To open a handle for a ``savefile'' from which to read packets, given the pathname of the ``savefile'', call pcap_open_offline(); to set up a handle for a ``savefile'', given a FILE * referring to a file already opened for reading, call Pcap.openOffline(java.io.File).

In order to get a ``fake'' pcap_t for use in routines that require a pcap_t as an argument, such as routines to open a ``savefile'' for writing and to compile a filter expression, call Pcap.openDead(org.jnetpcap.constant.PcapDlt, int).

Pcap.create(org.jnetpcap.PcapIf), Pcap.openOffline(java.io.File), pcap_fopen_offline(), and Pcap.openDead(org.jnetpcap.constant.PcapDlt, int) return a pointer to a pcap_t, which is the handle used for reading packets from the capture stream or the ``savefile'', and for finding out information about the capture stream or ``savefile''. To close a handle, use pcap_close().

Here is an example which uses PcapReceiver and several of its functional packet handler interfaces.

 
try (Pcap pcap = Pcap.openOffline(PCAP_FILE)) {

        BpFilter filter = pcap.compile("tcp", true);

        pcap.setFilter(filter);

        pcap.loop(1, PcapExample1::nextDefault, "Hello, this is a copy to byte[] dispatch");
        pcap.loop(1, PcapExample1::nextByteBuffer, "Hello, this is a no-copy to ByteBuffer dispatch");
}
...
private static void nextByteBuffer(String message, PcapHeader header, ByteBuffer packet) {

        System.out.println(message);
        System.out.printf("Packet [timestamp=%s, wirelen=%-4d caplen=%-4d %s]%n",
                        Instant.ofEpochMilli(header.toEpochMillis()),
                        header.wireLength(),
                        header.captureLength(),
                        PcapUtils.toHexCurleyString(packet.limit(6)));
}

private static void nextDefault(String message, PcapHeader header, byte[] packet) {

        System.out.println(message);
        System.out.printf("Packet [timestamp=%s, wirelen=%-4d caplen=%-4d %s]%n",
                        Instant.ofEpochMilli(header.toEpochMillis()),
                        header.wireLength(),
                        header.captureLength(),
                        PcapUtils.toHexCurleyString(packet, 0, 6));
}
 
 

Output:

Hello, this is a copy to byte[] dispatch
Packet [timestamp=2011-03-01T20:45:13.266Z, wirelen=74   caplen=74   {00:26:62:2f:47:87}]
Hello, this is a no-copy to ByteBuffer dispatch
Packet [timestamp=2011-03-01T20:45:13.313Z, wirelen=74   caplen=74   {00:1d:60:b3:01:84}]
 

Author:

Sly Technologies, repos@slytechs.com

Related Packages

Package	Description
org.jnetpcap.constant	Various libpcap related constants
org.jnetpcap.spi	Message services
org.jnetpcap.util	Utilities for jNetPcap library
org.jnetpcap.windows	Provides support for Pcap on Microsoft Windows platforms.

Class	Description
BpFilter	A Berkley Packet Filter program.
Messages	Error message resource bundle factory.
Pcap	Entry point and base class for all Pcap API methods provided by jNetPcap library.
Pcap.LibraryPolicy	An interface which provides a hook into Pcap initialization process.
Pcap.Linux	Linux only/specific calls.
Pcap.Unix	Unix only/specific calls.
Pcap0_4	Provides Pcap API method calls for up to libpcap version 0.4
Pcap0_5	Provides Pcap API method calls for up to libpcap version 0.5
Pcap0_6	Provides Pcap API method calls for up to libpcap version 0.6
Pcap0_7	Provides Pcap API method calls for up to libpcap version 0.7
Pcap0_8	Provides Pcap API method calls for up to libpcap version 0.8
Pcap0_9	Provides Pcap API method calls for up to libpcap version 0.9
Pcap1_0	Provides Pcap API method calls for up to libpcap version 1.0
Pcap1_10	Provides Pcap API method calls for up to libpcap version 1.10
Pcap1_2	Provides Pcap API method calls for up to libpcap version 1.2
Pcap1_5	Provides Pcap API method calls for up to libpcap version 1.5
Pcap1_9	Provides Pcap API method calls for up to libpcap version 1.9
PcapActivatedException	Indicates that an operation is not permitted on an already activated pcap handle.
PcapDumper	Dump packets to a capture file.
PcapErrorHandler	A multi-mudule I8N error handler for all jNetPcap messages.
PcapException	Checked Pcap errors, warnings and exceptions.
PcapHandler	A marker interface for all Pcap packet handling functional interfaces.
PcapHandler.NativeCallback	A native pcap callback which is called with packets captured using the Pcap.loop(int, org.jnetpcap.PcapDumper) or Pcap.dispatch(int, org.jnetpcap.PcapDumper) calls.
PcapHandler.OfArray<U>	A safe packet handler which receives copies of packets in a byte array.
PcapHandler.OfByteBuffer<U>	A safe ByteBuffer packet handler.
PcapHandler.OfMemorySegment<U>	An advanced low level, no copy, packet handler.
PcapHeader	A Pcap packet header also called a descriptor that precedes each packet.
PcapHeaderException	Reports any packet header runtime errors.
PcapHeaderException.OutOfRangeException	Reports an out of range error for a value of native Pcap header field.
PcapIf	Native Type pcap_if_t has the following members.
PcapIf.PcapAddr<T extends SockAddr>	The struct pcap_addr structure containing network interfaces/devices addresses.
PcapMessages	Pcap message localizer.
PcapStat	Packet statistics from the start of the pcap run to the time of the call.
SockAddr	The low level sockaddr structure containing an address of different types, depending on the protocol family value.
SockAddr.Inet6SockAddr	The structure of sockaddr_in6, used for IPv6 sockets.
SockAddr.InetSockAddr	The structure of sockaddr_in, used for IPv4 sockets.
SockAddr.IpxSockAddr	The structure of sockaddr_ipx, used for AF_IPX sockets.
SockAddr.IrdaSockAddr	The structure of sockaddr_irda, used with AF_IRDA sockets on windows (winsock2.h) to access link-layer information.
SockAddr.LinkSockAddr	The structure of sockaddr_dl, used with AF_LINK sockets on macOS to access link-layer information.
SockAddr.PacketSockAddr	The structure of sockaddr_ll, used with AF_PACKET sockets for raw packet access on Linux.