Packet Decoding

Getting header information from existing Pcap file (offline)

I am new to jNetPcap and I am trying to read an existing Pcap file and do the following:

1) "Parse" the different protocol headers (IP, UDP, RTP) and extract the information to store it in another variable. I have seen the NextEx example and it has helped me with this. However, I still have some issues with the RTP header. Depending on the Pcap file I provide, the "packet.hasHeader(rtp)" will return false even if there really is an RTP header present. Any ideas of how I can fix this or bypass this error? The reason I need the RTP is because I want its payload (in fact I only want RTP packets from the Pcap file). If there's another way to get the payload from such a packet and store it as a string, that would be perfect for me.

2) I want to store the IP, UDP and RTP headers as a (hex) string in their original form. For example:

My problem is that the JHeader.toString() method gives this information with TOO MUCH detail. Is there a simpler method that I can use to only get the header as a simple string?

Thanks for your help

Simple and quick reading of ToS

v1.2 (via Maven)

Looking at:

I'm a little confused about how I get the ToS from the header

when using the javadoc-mentioned Pcap.dispatch() method that takes a ByteBufferHandler (does not mention the other dispatch methods are thread-safe, so if another version would give me better return objects for this purpose that would be good to know).

The handler interface's returned PcapHeader doesn't seem to have an API for IP header values, though I see in one of the examples an annotation-based class that would provide such an API call (but this is a different header, that maybe I have to peer to the ByteBuffer returned), though don't see that class actually in the API. Wondering if I should be "peering" something to tease this value out... ?

All suggestions welcome.


H.323(Q.931, H.225, H.245)

Hi everybody

I have been using JnetPcap for quite some time now and have been involved in writing protocol dissectors for various protocols. After spending the last month working only on H.323, I started realizing how complicated this thing really was, and I was amazed with the lack of Java support in this area.

I am planning to release this H.323 packet decoder which will function as a standalone components which can easily be used with the current JnetPcap architecture. Mark and I are also planning to make it compatible with the new JnetPcap's protocol dissection architecture. This decoder will be able to dissect Q.931, H.225 Call Signalling and H.245 protocols. I still have more work to do but the majority is already finished.

I am just curious whether anyone will actually benefit from this decoder, and if so, please share your thoughts with me.

Thank you,

modify a rtp packet


I read a RTP-packet from a pcap file and want to modify the payload data as well as the paylod length. Can anyone explain me how I can do that?


Bug#2981951 - intermittent crashes in scanner

Found a new bug#2981951 - Intermittent crashes in scanner. The problem is in the native protocol implementation of the scan functions. There is a combination of validate_* and scan_* functions called on various protocols. I found 2 problems:

1) http and sip scanners would rely on tcp header residing within the packet.

2) some headers did not check buffer boundary properly and would cause VM crashes, especially for mal-formed or truncated packets.