Packet Decoding

JPacket.hasHeader() seldom throws IndexOutOfBoundsException

Hello JnetPcap team,

I'm working with 1.3b4-1 JNetPcap to process captured file.
Approximately, 1 of 3000 comes out with exception like this.

19:43:07,211 ERROR pool-1-thread-4 PcapFileProccessor:run:222 - Exception occurred while processing messages.
java.lang.IndexOutOfBoundsException: Invalid [635968000,652771981,16803981) range.
at org.jnetpcap.nio.JMemory.peer(Unknown Source)
at org.jnetpcap.nio.JBuffer.peer(Unknown Source)
at org.jnetpcap.packet.JPacket.getHeaderByIndex(Unknown Source)
at org.jnetpcap.packet.JPacket.hasHeader(Unknown Source)
at org.jnetpcap.packet.JPacket.hasHeader(Unknown Source)

One more interesting thing happens from time to time.
In code fragment below where I want to check whether JMemoryPacket contains RTP header

JPacket p = packetBuffer.poll();
Rtp h = p.getHeader(new Rtp());
if (h == null){
logger.debug("Packet suddenly turns to crap");
return 0;

I've got (h==null) and error message even though same packet passes this check successfully
before it has been put into packetBuffer<JPacket>.
Does this means that memory corruption occurs while packet traverse thru buffer?

BufferUnderflowException caused by hasHeader()

Hi guys

Just like the subject suggests, I get a BufferUnderflowException from hasHeader() under some pretty strange circumstance. First of all, here's the call trace:

java.nio.BufferUnderflowException at org.jnetpcap.nio.JBuffer.check(Unknown Source)
	at org.jnetpcap.nio.JBuffer.getUByte(Unknown Source)
	at org.jnetpcap.protocol.tcpip.Tcp.decodeHeader(Unknown Source)
	at org.jnetpcap.packet.JHeader.decode(Unknown Source)
	at org.jnetpcap.packet.JPacket.getHeaderByIndex(Unknown Source)
	at org.jnetpcap.packet.JPacket.hasHeader(Unknown Source)
	at org.jnetpcap.packet.JPacket.hasHeader(Unknown Source)
	at DigestCalulator.calculatePacketDigest(
	at DigestCalulator.calculatePacketDigest(
	at Sender$SenderThread.process(
	at Sender$

Essentially, what I'm trying to do is to calculate a hash on all outgoing packets, and then send a packet that contains the hashes of some 20 packets.
The sender class runs a thread that receives all captured packets through a java blocking queue (placed there by a thread responsible for capturing packets). It peers the received packets with ip and tcp headers and calculates a hash. It's important to note that the received packets are copies, copied from the line:
PcapPacket copy = new PcapPacket(packet)

and the tcp and ip headers peered with the packet are created only once and then peered with each arriving packet (for performance reasons i chose not to create a new tcp and ip header for each arriving packet).

the function that generates the exception is this:

public byte[] calculatePacketDigest(PcapPacket packet, byte[] key)
		if (packet.hasHeader(ip))
			if (ip.flags_MF() == 0 && ip.offset() == 0) 

				if (packet.hasHeader(tcp))

Are there any examples about multi header instances?

Just want to test how packet.hasHeader(T header, int instances) working?

What's the best way to implement SSL protocol decoding

I'm looking into implementing a very basic class to decode the TLS/SSL protocol (note - decode the protocol's headers, not traffic Smile).
The TLS headers themselves are relatively easy, but unlike other protocols, in the same TCP packet there may be more than one TLS record. Each one has a five bytes-long header, containing the length of the record, and may be followed by another TLS record. See the fifth packet in for example.

I'm looking for the sage advice of the experts in this forum on how should I approach this problem? Here are some ideas:
a. Create a SSL header class whose length is 0, and have all the records as fields of that header
b. Create a SSL header class whose length is 5, basically decoding the first SSL header in the packet, and have the other headers&records as fields of that header
c. Do something else? Is it possible to bind a protocol to itself?


Jnetpcap for Android: Can't decode packet headers

Hi guys,

I've sucessfully compiled Jnetpcap 1.2 as a shared library for Android (arm-linux) even though I got a lot of warnings because some functions are deprecated. The Java sources use the shared library trough JNI.

When trying to parse some packets from a pcap file I can't sucessfully decode the protocol headers. No errors are produced when trying to open the file nor either when trying to check if the packet has an IPv4 header on it. When trying to read the destination adress of the IPv4 packet the App freezes.

It's my code wrong or it's my shared library the cause of this problem?

Here is my code:

		final StringBuilder errbuf = new StringBuilder();

		final Pcap parser = Pcap.openOffline(
						+ settings.getString("fileText", "shark_capture.pcap"),

		parser.loop(10, new JPacketHandler() {

			final Ip4 ip4 = new Ip4();

			public void nextPacket(JPacket packet, StringBuilder user) {
				if (packet.hasHeader(Ip4.ID)) {
					new AlertDialog.Builder(Reader.this)
							.setTitle("IP header test")
							.setMessage("The destination adress is: " +
							.setNeutralButton("Ok", null).show();

		}, errbuf);