Packet Decoding

Custom TCP header over IPv4 (overriding the core TCP header)

Hello everyone,
I'm trying to add a custom TCP header which binds to ipv4; essentially replacing the core TCP header that comes with jnetpcap. I've tried my custom header for other unregistered ip types (eg 50), but haven't been successful with type 6 which is TCP. I've set everything up, correctly registered the header and have bind it to ipv4, but it seems that ip packets with type==6 are diverted to the core tcp binding and not to my custom header.

How can I add a custom library that overrides the core TCP binding, using a custom header? I've been pulling my hair out over this and would appreciate any feedback on this.

Got an exception while reading all headers

Hi,

I am new and using jnetstream to read packet from the pcap files. In multi threaded environment it is not able to read all the headers(intermittent). Throws below exception

Exception in thread "ProcessingEngine-Thread_agent"
java.lang.StackOverflowError: Can't pop empty stack
at com.slytechs.utils.memory.BitBuffer.pop(Unknown Source)
at com.slytechs.utils.memory.BitBuffer.getBits(Unknown Source)
at com.slytechs.jnetstream.packet.AbstractData.readShort(Unknown Source)
at org.jnetstream.protocol.FastScanner.scanEthernet2(Unknown Source)
at org.jnetstream.protocol.FastScanner.scanEthernet(Unknown Source)
at org.jnetstream.protocol.FastScanner.scan(Unknown Source)
at org.jnetstream.protocol.FastScanner.fullScan(Unknown Source)
at com.slytechs.jnetstream.packet.APacket.fullScan(Unknown Source)
at com.slytechs.jnetstream.packet.APacket.getAllHeaders(Unknown Source)

After throwing this error thread got killed which was using this API.

Kindly let me know what could be the reason.

decode specific protocols

Hi,

Is it possible to limit the set of protocols the JPacket.scan(...) method is looking for? In particular, I am only interested in TCP, UDP and ICMP (and Ethernet and IP4, of course). I suppose I have to do something with the JRegistry class (?) but I don't understand the API.

Why am I asking? Because:
- First, I get error output of the form "validate_sip(): #171959 INVALID size=9 sip=ACK 157" when trying to process my pcap files. This is either a bug or caused by the fact that the pcap files only contain the first 96 bytes of each packet (capture length). Since I am not interested in sip, I would be more than happy to find a way to get rid of those messages.
- Second, I would like to speed up the decoding process. The scan method is significantly slowing down my program. One option would be to manually parse the packet payload but that's something I would like to avoid Smile

(Windows Vista 32-bit, Java 1.6.0_15, jNetPcap 1.3.0 (2011-04-01))

Need to fetch TCP / IP Header

Hi There !!

I am newbie to jNetPcap.

I have working environment for jNetPcap and able to run ClassicPcapExample for network Devices and 10 packets.

I have been reading through User guides and Tutorials , However not able to find exact code for extraction of any Header of TCP /IP.

As a Investigation, I need to find out 1-2 Headers like Time Stamp , TTL etc.

Please let me know, where I can look for same.

Appreciate your quick response.

Thank you.

Problem with Arraylist and JPackets

I have a problem with JPackets and Arraylists. When I take the JPackets again, i can't use the normal functions:

public class typeMTCE {
    private static ArrayList lista = new ArrayList();

    public void addLista(JPacket p){
        lista.add(p);
    }

    public JPacket getLista(int num) {
        return lista.get(num);
    }
}

Taking in other class the packets...

JPacket packet = mtce.getLista(jTable1.getSelectedRow());
                    Ip4 ip = new Ip4();
                    Tcp tcp = new Tcp();
                    Http http = new Http();
                    Html html = new Html();
                    ip.setPacket(packet);
                    tcp.setPacket(packet);
                    http.setPacket(packet);
                    html.setPacket(packet);
                    if (packet.hasHeader(tcp) && packet.hasHeader(http)){
                        if (http.isResponse()) 

I cant use http.isResponse(), it send false alltimes. I need help Worried