This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

[closed] How to read a .pcapng file in Java

0

Hi, I am trying to read a .pcapng file in Java to perform dissection. Basically I want to read the hex values present in the packet. So I wanted to know if there is any way to do so. I saw some libraries for Java listed on wikipedia as mentioned in other questions but it is not working for me. Hence please let me know if there is any way to do this.

Thanks, Shobhit Garg.

asked 31 Aug '16, 13:53

shobhit_garg91's gravatar image

shobhit_garg91
169914
accept rate: 0%

closed 31 Aug '16, 23:10

Jaap's gravatar image

Jaap ♦
11.7k16101

The question has been closed for the following reason “Question is off-topic or not relevant” by Jaap 31 Aug ‘16, 23:10


One Answer:

0

How to read a .pcapng file in Java

If you have a library for Java that is a wrapper for libpcap, rather than a library that has its own capture file reading code, and if you're running on a system with libpcap 1.1 or later - or, on Windows, if you have Npcap rather than WinPcap installed - the file should be able to read pcapng files where all interfaces have the same link-layer header type and snapshot length.

It looks as if jNetPcap is a libpcap wrapper - they say it contains "A Java wrapper for nearly all libpcap library native calls". Pcap4j also appears to be a wrapper.

answered 31 Aug '16, 20:34

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Hi Guy, Thanks for your inputs. Actually my project involves taking a binary capture file and dissecting the first few layers of the packet. Since pcapng is a binary file in itself, I am just trying to read the file in java byte by byte and trying to dissect it. The issue that I am facing is that I am able to get the byte values but those are getting converted to integer (read decimal). Also the byte values that start with an alphabet (from a to f) are subtracted by 256 and then displayed, while the byte values that start with a number are just converted to binary and then displayed. Please let me know if anything can be done in this regards.

(31 Aug '16, 20:54) shobhit_garg91

That's a Java programming question and has nothing to do with Wireshark.

(31 Aug '16, 23:03) Jaap ♦