Overview
- jNetPcap SDK OverviewKey FeaturesDesign PrinciplesPrincipleImplementationModule Structure
jnetpcap-sdk/ ├── jnetpcap-api High-level API: NetPcap, PacketHandler ├── jnetpcap-bindings Low-level libpcap FFM bindings ├── sdk-protocol-core Protocol infrastructure └── sdk-protocol-tcpip TCP/IP protocol packModule DescriptionsModuleDescriptionWhy L2-L4 Only?Packet-Centric ModelRequirementPacket Model (L2-L4)Stream Model (L5+)When to Use jNetWorksFeaturejNetPcapjNetWorksExample: HTTP Processingpcap.dispatch(count, packet -> { if (packet.hasHeader(tcp)) { // See raw TCP, but HTTP spans multiple packets // No way to reassemble HTTP request/response } });ProtocolStream<HttpMessage> http = net.createProtocolStream(stack, HttpMessage.class); while (http.isActive()) { HttpMessage message = http.take(); try { if (message.isRequest()) { System.out.println(message.method() + " " + message.uri()); } // Complete HTTP message, reassembled from TCP stream } finally { http.release(message); } }Token Processingpcap.dispatch(count, packet -> { for (Token t : packet.tokens()) { // Must process synchronously, in callback // Cannot parallelize, cannot queue } });TokenStream tokens = net.createTokenStream(stack, IdsTokens.ALERTS); // Separate thread processes tokens while (tokens.isActive()) { Token token = tokens.take(); try { alertSystem.process(token); // Can be async, queued, parallel } finally { tokens.release(token); } }SummaryQuick Exampletry (NetPcap pcap = NetPcap.openOffline("capture.pcap")) { Ip4 ip = new Ip4(); Tcp tcp = new Tcp(); pcap.dispatch(1000, packet -> { if (packet.hasHeader(ip) && packet.hasHeader(tcp)) { System.out.printf("%s:%d → %s:%d%n", ip.src(), tcp.srcPort(), ip.dst(), tcp.dstPort()); } }); }Architecture┌─────────────────────────────────────────────────────────────────┐ │ User Application │ ├─────────────────────────────────────────────────────────────────┤ │ jnetpcap-api │ │ NetPcap, Packet, PacketHandler, ProtocolStack │ ├─────────────────────────────────────────────────────────────────┤ │ sdk-protocol-core │ sdk-protocol-tcpip │ │ Dissector, Descriptor, Header │ Ip4, Tcp, Udp, Ethernet │ ├─────────────────────────────────────────────────────────────────┤ │ jnetpcap-wrapper │ │ libpcap FFM bindings (Pcap, PcapIf) │ ├─────────────────────────────────────────────────────────────────┤ │ libpcap / WinPcap / Npcap │ └─────────────────────────────────────────────────────────────────┘Configuration with ProtocolStackProtocolStack stack = new ProtocolStack(); // Enable IP reassembly stack.setProtocol(new IpProtocol()) .enableReassembly(true) .fragmentTimeout(30); // Configure packet policy stack.setPacketPolicy(PacketPolicy.zeroCopy()) .descriptorType(DescriptorTypeInfo.NET); // Create capture with stack try (NetPcap pcap = NetPcap.create("en0", stack)) { pcap.dispatch(count, handler); }Comparison with jNetWorksFeaturejNetPcapjNetWorksRequirementsMaven Dependency<dependency> <groupId>com.slytechs.jnet.jnetpcap</groupId> <artifactId>jnetpcap-api</artifactId> <version>3.0.0</version> </dependency><dependency> <groupId>com.slytechs.jnet.jnetpcap</groupId> <artifactId>jnetpcap-sdk</artifactId> <version>3.0.0</version> <type>pom</type> </dependency>Next Steps
Last updated