Jnetpcap, preparing UDP/TCP/IP/ICMP packet

Question

Recently, I'm using Jnetpcap to send/receive raw packet over network.

Jnetpcap provides sending packets by Pcap.sendPacket(). This method gets raw buffer or bytes to send.

On the other hand, there is org.jnetpcap.protocol.* classes which wraps protocol headers, and we can use them to decode captured packets.

When I use below code to make a Ip4 packet, It causes NullPointerException:

import org.jnetpcap.protocol.network.Ip4;

public class Test {

    public static void main(String[] args) {

        Ip4 ip4 = new Ip4();

        ip4.ttl(10);

    }
}

Error:

Exception in thread "main" java.lang.NullPointerException
    at org.jnetpcap.nio.JBuffer.check(Unknown Source)
    at org.jnetpcap.nio.JBuffer.setUByte(Unknown Source)
    at org.jnetpcap.protocol.network.Ip4.ttl(Unknown Source)
    at jaeger.Test.main(Test.java:17)

How can I build that packet and then send it by Pcap.sendPacket()?

Note: I'm really not interested in preparing packets byte by byte... C/C++ libpcap and Jpcap have working functionality, but I want use Jnetpcap!

score 9 · Accepted Answer · answered Feb 27 '12 at 22:58

1) The code throws an exception because the wrapper classes only work using previously allocated buffers, due the fact that the primary purpose of the library is to analyze buffers of captured packets. So, it's necessary to allocate a buffer before using them.

2) The packets must be builded supplying all necessary bytes. But code can be written so that only a few bytes are really necessary (see above).

3) sendPacket expects an entire packet, a full Ethernet frame. So, Ethernet, IP, TCP headers and Payload must be written to a buffer.

4) The main idea, to allow you to use wrapper classes, is to allocate a buffer and then left the library scan it to discover headers, but a minimum of information (bytes) must be provided.

JMemoryPacket packet = new JMemoryPacket(packetSize);
packet.order(ByteOrder.BIG_ENDIAN);

Ethernet frame needs a protocol type (0x0800) at position 12:

packet.setUShort(12, 0x0800);
packet.scan(JProtocol.ETHERNET_ID);

After scan, an Ethernet instance can be retrieved and setters used:

Ethernet ethernet = packet.getHeader( new Ethernet() );  
ethernet.destination(...);
...

IP4 header needs version (0x04) and size (0x05) at position 14:

packet.setUByte(14, 0x40 | 0x05);
packet.scan(JProtocol.ETHERNET_ID);  

Ip4 ip4 = packet.getHeader( new Ip4() );
ip4.type(0x06); //TCP
ip4.length( packetSize - ethernet.size() );
ip4.ttl(...);  
...

TCP header needs size (0x50):

packet.setUByte(46, 0x50);
packet.scan(JProtocol.ETHERNET_ID);  

Tcp tcp = packet.getHeader( new Tcp() );  
tcp.seq(...); 
...

So, Payload:

Payload payload = packet.getHeader( new Payload() );
payload.set...(...);
...

And finally:

pcap.sendPacket( ByteBuffer.wrap( packet.getByteArray(0, packet.size() )  );

5) All necessary bytes can be written at one time to avoid so many calls to the scan method.

Perfect! How about `packetSize`? How can I predict suitable size? — masoud, Feb 28 '12 at 07:12
@MasoudM. Sum of the protocol header lengths and the data size. `System.out.print(packet.toString())` and `System.out.print(packet.toHexdump())` are useful to look into buffers and packets. — Juan Mellado, Feb 28 '12 at 09:13

mico · Answer 2 · 2011-11-29T17:08:49.103

1

Are you facing a problem of how to write subheders on jNetPcap? Yes, the JNetPcap takes in bytes for sending, but the content can be filled with subheaders with that help I gave. If you then want to send some data inside the packet, many Java types have a toBytes() function or similar.

edit:
API of that specific Icmp class is here. Similarly can be done to the other classes on the given link. Just open Google and give "Icmp class reference jnetpcap" or whatever for other header types.

edit2:
Easier way to create an ICMP packet is through ICMPPacket class which has a simple constructor for ICMP packet where the headers are created in a single Constructor call. According to the class reference it makes the following:

Extends an IP packet, adding an ICMP header and ICMP data payload.

edited Nov 29 '11 at 17:08

answered Nov 19 '11 at 16:49

mico

12,285
12
55
91

Thanks for answer. But, the link you wrote is about testing fileds, not filling them. – masoud Nov 20 '11 at 07:05
Main idea on that was finding out the `Icmp` object used for testing and showing that that is not only setting manually bits. The tutorial for that has to be found elsewhere, sure. – mico Nov 20 '11 at 08:51
I modified the answer. Does it now answer to the right question / is it complete enough? – mico Nov 29 '11 at 10:48
There is some issue with that, you can not `new` it and fill it simply. If you can use it, please show me the way. – masoud Nov 29 '11 at 15:31
I made a second edit. That makes a constructor creation, but you cannot affect yourself what it writes in there. Do you need one that is 100% configurable by constructor or is this just fine? – mico Nov 29 '11 at 17:31
Do you try it yourself? It has some error related to memory allocation that i can not solve them. – masoud Nov 30 '11 at 17:24
Well, I haven't tested these in practice. My knowledge relies on the given documentation only, that's why I gave mainly links to docs. - For that memory problem I would need more specific information about the error. – mico Nov 30 '11 at 20:40

Jnetpcap, preparing UDP/TCP/IP/ICMP packet

2 Answers2