Packet Decoding

Null Pointer running

I am running the latest version of jnetPcap (jnetpcap-1.4.b0004-1.win32) downloaded today on Windows Vista 32-bit

I am trying to run the example file and I am getting the following exception:

superFlowMap::Exception in thread "main" java.lang.NullPointerException
at org.jnetpcap.packet.JFlow.toString(
at org.jnetpcap.packet.JFlowMap.toString(
at java.util.Formatter$FormatSpecifier.printString(Unknown Source)
at java.util.Formatter$FormatSpecifier.print(Unknown Source)
at java.util.Formatter.format(Unknown Source)
at Source)
at Source)
at CommonUsageExamples.main(

Corresponding to this line:

System.out.printf("superFlowMap::%s%n", superFlowMap); [line 303 in the current source version]

Note: I added some print statements in the earlier parts of the file and so my line numbers are probably a bit off of the original. I have attached the pcap file I was using, but I also get the same error when using the originally suggested test file: tests/test-http-jpeg.pcap

Thanks for any help you could provide.

MPEG PES private-stream-1 UDP Packet Decoding

First off I'm sorry If this is a question that has been asked a million times but I cant for the life of me find a search option here. what gives?

I am trying to read the KLV encoded metadata sent from a Unmanned Air Vehicle over a UDP data stream. And I desperately need some help.

Also, sorry if my wording seems off, I have jumped head first into this problem with no prior experience.

The video feed is sent over PID:0x80 and the metadata is sent over PID:0x90.
How should I go about reading only 0x90 packets?

To get the packet payload I need to getByteArray right? But that needs and index, does that mean the header index? this confuses me.

I think I can use to decode the payload once I get it but I need to know the KLV encoding KeyLength, do you think there is a way to figure that out in the packet details?

Again, Sorry for the randomness, but any help at all would be greatly appreciated. My mind is all fuzzy at the moment and I just need some new leads.

I will try and clarify my points in the morning.

Thank you!!

traffic logger/sniffer


I'm looking for a way to "map" all the traffic through my router. I have installed tcpdump on my router and it is dumping the files to my server. This was the easy part Eye

Now I want to write a java program which is able to detect all the protocols send through the router, and also I want to find out what the chat (in website AND/OR msn) messages are containing. This is not to snoop on the wife, but my daughter and sons. I want to now if some pervert is messing around, and which sites are visited etc.. After a little googling around I just kept coming back to the jNetPcap site.

The data which I gather out of the packets will be placed in a database where I retrieve this info to make a nice graph (or find a tool to do so)..

My question is: is jNetpCap the tool required for my wishes as stated above? I'm still honing my java skills, this is why I want to write such a tool myself.

can I please have some advice?


How to parse the data packet?

Hi,Mark B.
I need to catch packets out of the data analysis should be how to do it, thank you.

java.lang.NullPointerException: jmemory not initialized

I'm using jnetpcap1.2rc5 on a windows platform with Java 6 update 17

I'm writing a capture application to read offline captures that I've captured using jnetpcap on a seperate application. When loading the saved capture file i read the packets from the file as follows

/* capture packets using the Pcap object and pass to the packet capturer */
result = pCapturer.dispatch(100, bufHandler, "PacketCapturer");

and the code is packet is processed by the JBufferHandler

In the nextPacket method I scan for Ethernet and check if the packet is an IP packet with

public void nextPacket( PcapHeader pheader, JBuffer jbuffer, String t ){
/* scan the packet to determine what data it contains */
pkt.scan( Ethernet.ID );

/* check if it is an IP packet */
if ( pkt.hasHeader( ip ) ) {

When i try to get a value from the last captured packet i get the exception

Exception in thread "Thread-4" java.lang.NullPointerException: jmemory not initialized
at org.jnetpcap.nio.JMemory.size(

I'm at a loss to understand why this happens and why only on the last captured packet. By using pkt.hasHeader(ip), doesnt the IP data get scanned and decoded? and shouldn't it be available for reading right away?

Any help in understanding this would be appreciated.