jNetPcap SDK

Welcome to jNetPcap SDK website.

jNetPcap is a software library written in Java that provides APIs (Application Programming Interface) similar to the popular libpcap native library. It allows developers to capture, analyze, and manipulate network packets within Java applications.

The library offers a convenient way to work with network traffic data, providing functionality for capturing packets from network interfaces, parsing protocols, extracting data, and performing various network analysis tasks. It provides a Java wrapper around the native libpcap library, allowing developers to utilize its features in a Java environment.

jNetPcap simplifies the process of network packet analysis and enables developers to build network monitoring, security, and analysis tools using the Java programming language. It supports a wide range of protocols and provides comprehensive functionality for working with network packets.

The software is often used in network-related applications such as network monitoring tools, packet sniffers, intrusion detection systems, and network forensic analysis tools. It provides a powerful and flexible framework for network packet analysis and manipulation within Java applications.

jNetPcap SDK is made up of several modules which provide comprehensive network processing functionality. The following is a list of the included modules as part of the SDK release:

To find the examples hoststed here as well as many downloadable packages and source, please visit our source code repository at www.github.com/slytechs-repos.

> Demonstration

We have lots of examples but here is a quick demonstration of how to read all of the packets from a PCAP capture file, reassemble all IP fragments and print each reassembled packet's contents to the system console.

The above example will reassemble 7 IP fragments for the original ICMP message that was 9000 bytes. The original IP fragments are discarded after they are used in reassembly so we end up with a single IP datagram containing the original ICMP message, at full original length.

IPF reassembler is a powerful jNetPcap Processor, that can be configured to meet your specific needs. You can choose to pass through original IP fragments, set timeout parameters for missing fragments, and adjust IPF table sizes.

Here are some of the options that are available for configuring IPF reassembler:

The output generated by the above example is as follows:

> Pcap 1-liner

Or as close as we can get to a single line of code if we do not have to enable any of the more advanced features such as IpfReassembler, PacketPlayer, DataObfuscator, etc. This is technically the shortest 100% correct pcap code you can write,  that reads all packets from a capture file and still performs the following steps:

Note: pcap.dispatch(System.out::println) uses method reference aka lambda expression pcap.dispatch((Packet packet) -> System.out.println(packet.toString())

Generates the following output: