I'm using the latest 1.3.1 code from svn (I've just checked it out) on Ubuntu 10.04 and I'm having a problem with certain TCP packets not reporting the right header length.
As an example one of those packets contains a SIP message and the SIP part is not parsed correctly because the offset is wrong; the parse starts after the wrong TCP header length.
I've compared with wireshark two TCP packets, both containing SIP messages, and they both show as header length 20 in wireshark but jnetpcap reports 20 for one of them:
Tcp: ******* Tcp offset=34 (0x22) length=20 Tcp: Tcp: source = 43613 Tcp: destination = 5080 Tcp: seq = 0xB51B6C05 (3038473221) Tcp: ack = 0x1C60B2E9 (476099305) Tcp: hlen = 5 Tcp: reserved = 0 Tcp: flags = 0x18 (24) Tcp: 0... .... =  cwr: reduced (cwr) Tcp: .0.. .... =  ece: ECN echo flag Tcp: ..0. .... =  ack: urgent, out-of-band data Tcp: ...1 .... =  ack: acknowledgment Tcp: .... 1... =  ack: push current segment of data Tcp: .... .0.. =  ack: reset connection Tcp: .... ..0. =  ack: synchronize connection, startup Tcp: .... ...0 =  fin: closing down connection Tcp: window = 120 Tcp: checksum = 0x8D4E (36174) [correct] Tcp: urgent = 0 Tcp:
and 636 for the other:
Tcp: ******* Tcp offset=34 (0x22) length=636 Tcp: Tcp: source = 48461 Tcp: destination = 5060 Tcp: seq = 0xFEAB841 (267040833) Tcp: ack = 0xB3EA6F11 (3018485521) Tcp: hlen = 5 Tcp: reserved = 0 Tcp: flags = 0x18 (24) Tcp: 0... .... =  cwr: reduced (cwr) Tcp: .0.. .... =  ece: ECN echo flag Tcp: ..0. .... =  ack: urgent, out-of-band data
Hi, i am trying to decode SMPP protocol PDU's.
I ve already implemented the header, but i have a problem when a packet has more than one SMPP PDU in the same packet. My program only decodes the first one , how can i do to decode all SMPP PDU's in a packet, with out having to find the other SMPP's headers in the payload.
I have the same header repetead several times in the payload.
Thanks in advance.
I'm trying to add a custom TCP header which binds to ipv4; essentially replacing the core TCP header that comes with jnetpcap. I've tried my custom header for other unregistered ip types (eg 50), but haven't been successful with type 6 which is TCP. I've set everything up, correctly registered the header and have bind it to ipv4, but it seems that ip packets with type==6 are diverted to the core tcp binding and not to my custom header.
How can I add a custom library that overrides the core TCP binding, using a custom header? I've been pulling my hair out over this and would appreciate any feedback on this.
I am new and using jnetstream to read packet from the pcap files. In multi threaded environment it is not able to read all the headers(intermittent). Throws below exception
Exception in thread "ProcessingEngine-Thread_agent"
java.lang.StackOverflowError: Can't pop empty stack
at com.slytechs.utils.memory.BitBuffer.pop(Unknown Source)
at com.slytechs.utils.memory.BitBuffer.getBits(Unknown Source)
at com.slytechs.jnetstream.packet.AbstractData.readShort(Unknown Source)
at org.jnetstream.protocol.FastScanner.scanEthernet2(Unknown Source)
at org.jnetstream.protocol.FastScanner.scanEthernet(Unknown Source)
at org.jnetstream.protocol.FastScanner.scan(Unknown Source)
at org.jnetstream.protocol.FastScanner.fullScan(Unknown Source)
at com.slytechs.jnetstream.packet.APacket.fullScan(Unknown Source)
at com.slytechs.jnetstream.packet.APacket.getAllHeaders(Unknown Source)
After throwing this error thread got killed which was using this API.
Kindly let me know what could be the reason.
Is it possible to limit the set of protocols the JPacket.scan(...) method is looking for? In particular, I am only interested in TCP, UDP and ICMP (and Ethernet and IP4, of course). I suppose I have to do something with the JRegistry class (?) but I don't understand the API.
Why am I asking? Because:
- First, I get error output of the form "validate_sip(): #171959 INVALID size=9 sip=ACK 157" when trying to process my pcap files. This is either a bug or caused by the fact that the pcap files only contain the first 96 bytes of each packet (capture length). Since I am not interested in sip, I would be more than happy to find a way to get rid of those messages.
- Second, I would like to speed up the decoding process. The scan method is significantly slowing down my program. One option would be to manually parse the packet payload but that's something I would like to avoid
(Windows Vista 32-bit, Java 1.6.0_15, jNetPcap 1.3.0 (2011-04-01))