Module org.jnetpcap

Package org.jnetpcap

package org.jnetpcap

The Packet Capture library provides a high level interface to packet capture systems. All packets on the network, even those destined for other hosts, are accessible through this mechanism. It also supports saving captured packets to a savefile, and reading packets from a savefile.

Opening a capture handle for reading

To open a handle for a live capture, given the name of the network or other interface on which the capture should be done, call Pcap.create(String), set the appropriate options on the handle, and then activate it with Pcap.activate(). If activate() fails, the handle should be closed with Pcap.close().

To obtain a list of devices that can be opened for a live capture, call Pcap.findAllDevs(); the returned list contains PcapIf objects representing each interface. Pcap.lookupDev() will return the first device on that list that is not a loopback network interface.

To open a handle for a savefile from which to read packets, given the pathname of the savefile, call Pcap.openOffline(String). To set up a handle for writing to a savefile, use Pcap.dumpOpen(String).

To create a "fake" handle for use in routines that require a Pcap instance as an argument, such as routines to compile a filter expression, call Pcap.openDead(PcapDlt, int).

All Pcap instances implement AutoCloseable, so they can be used with try-with-resources statements to ensure proper cleanup. When you're done with a handle, it will be automatically closed when exiting the try block.

Example Usage

Here is an example which demonstrates capturing packets using different handler types:

 try (Pcap pcap = Pcap.openOffline("capture.pcap")) {
 	// Create and apply a filter
 	BpFilter filter = pcap.compile("tcp", true);
 	pcap.setFilter(filter);
 
 	// Capture packets using byte array handler
 	pcap.loop(1, (String msg, PcapHeader header, byte[] packet) -> {
 		System.out.printf("Packet [timestamp=%s, wirelen=%d caplen=%d]%n",
 				Instant.ofEpochMilli(header.toEpochMillis()),
 				header.wireLength(),
 				header.captureLength());
 	}, "Example message");
 
 	// Capture packets using ByteBuffer handler for zero-copy
 	pcap.loop(1, (String msg, PcapHeader header, ByteBuffer packet) -> {
 		System.out.printf("Packet [timestamp=%s, wirelen=%d caplen=%d]%n",
 				Instant.ofEpochMilli(header.toEpochMillis()),
 				header.wireLength(),
 				header.captureLength());
 	}, "Example message");
 }
 

Packet Handlers

The library provides several types of packet handlers through the PcapHandler interface:

• PcapHandler.OfArray - Receives packets as byte arrays (with copy)
• PcapHandler.OfByteBuffer - Receives packets as ByteBuffers
• PcapHandler.OfMemorySegment - Direct access to native memory segments (advanced usage)

Network Interfaces

Network interfaces are represented by the PcapIf class, which provides information about:

• Interface name and description
• Network addresses (IPv4, IPv6)
• Interface flags and capabilities
• Hardware (MAC) addresses

Author:

Mark Bednarczyk [mark@slytechs.com], Sly Technologies Inc.

Related Packages

Package	Description
org.jnetpcap.constant	Various libpcap related constants
org.jnetpcap.internal
org.jnetpcap.spi
org.jnetpcap.util	Utilities for jNetPcap library
org.jnetpcap.windows	Provides support for Pcap on Microsoft Windows platforms.

Class	Description
BpFilter	Berkeley Packet Filter (BPF) program implementation for packet filtering.
Messages	Error message resource bundle factory.
Pcap	Entry point and base class for all Pcap API methods provided by jNetPcap library.
Pcap.LibraryPolicy	An interface which provides a hook into Pcap initialization process.
Pcap.Linux	Linux only/specific calls.
Pcap.Unix	Unix only/specific calls.
Pcap0_4	Provides Pcap API method calls for up to libpcap version 0.4
Pcap0_4.PcapSupplier<T extends Pcap>	The Interface PcapSupplier.
Pcap0_5	Provides Pcap API method calls for up to libpcap version 0.5
Pcap0_6	Provides Pcap API method calls for up to libpcap version 0.6
Pcap0_7	Provides Pcap API method calls for up to libpcap version 0.7
Pcap0_8	Provides Pcap API method calls for up to libpcap version 0.8
Pcap0_8.Unix0_8	Symbol container for lazy initialization.
Pcap0_9	Provides Pcap API method calls for up to libpcap version 0.9
Pcap0_9.Linux0_9	Symbol container for lazy initialization.
Pcap1_0	Provides Pcap API method calls for up to libpcap version 1.0
Pcap1_10	Provides Pcap API method calls for up to libpcap version 1.10
Pcap1_2	Provides Pcap API method calls for up to libpcap version 1.2
Pcap1_5	Provides Pcap API method calls for up to libpcap version 1.5
Pcap1_9	Provides Pcap API method calls for up to libpcap version 1.9
PcapActivatedException	Indicates that an operation is not permitted on an already activated pcap handle.
PcapDumper	Dump packets to a capture file.
PcapErrorHandler	A multi-mudule I8N error handler for all jNetPcap messages.
PcapException	Checked Pcap errors, warnings and exceptions.
PcapHandler	A marker interface for all Pcap packet handling functional interfaces.
PcapHandler.NativeCallback	A native pcap callback which is called with packets captured using the Pcap.loop(int, org.jnetpcap.PcapDumper) or Pcap.dispatch(int, org.jnetpcap.PcapDumper) calls.
PcapHandler.OfArray<U>	A safe packet handler which receives copies of packets in a byte array.
PcapHandler.OfByteBuffer<U>	A safe ByteBuffer packet handler.
PcapHandler.OfMemorySegment<U>	An advanced low level, no copy, packet handler.
PcapHeader	A Pcap packet header also called a descriptor that precedes each packet.
PcapHeaderException	Reports any packet header runtime errors.
PcapHeaderException.OutOfRangeException	Reports an out of range error for a value of native Pcap header field.
PcapIf	A Java representation of the native pcap_if_t structure which contains information about a network interface.
PcapIf.PcapAddr<T extends SockAddr>	The struct pcap_addr structure containing network interfaces/devices addresses.
PcapMessages	Pcap message localizer.
PcapStat	Provides packet statistics from the start of the pcap run to the time of the call.
SockAddr	A Java representation of the native socket address (sockaddr) structure and its protocol-specific variants.
SockAddr.Inet6SockAddr	Represents an IPv6 socket address (sockaddr_in6 structure).
SockAddr.InetSockAddr	Represents an IPv4 socket address (sockaddr_in structure).
SockAddr.IpxSockAddr	The structure of sockaddr_ipx, used for AF_IPX sockets.
SockAddr.IrdaSockAddr	The structure of sockaddr_irda, used with AF_IRDA sockets on windows (winsock2.h) to access link-layer information.
SockAddr.LinkSockAddr	The structure of sockaddr_dl, used with AF_LINK sockets on macOS to access link-layer information.
SockAddr.PacketSockAddr	The structure of sockaddr_ll, used with AF_PACKET sockets for raw packet access on Linux.