This document will help you make your very own small and simple packet sniffer using Java or in more explanatory terms, using the ‘waseda’ JPcap library.
We will develop a simple command-line packet sniffer application on the Windows platform using the WinPcap packet capture library (you can alternatively use libpcap for UNIX based machines).
The document will flow in the given style:
- Installing JPcap in Windows (which requires WinPcap installation)
- Writing a Packet Sniffer
Packet Sniffing: is the process of capturing network traffic and inspecting it closely to determine what is happening on the network. A sniffer analyzes the data packets of common protocols and displays the network traffic in human-readable format.
Libcap: a system-independent interface for user-level packet capture. Libpcap provides a set of functions independent from the hardware and the operating system that an application can use to capture packets from a network.
TcpDump: uses the functions exported by libpcap to capture packets, set packet filters and communicate with the network adapter.
Winpcap: is an architecture that adds to the operating systems of the Win32 family
the ability to capture the data of a network using the network adapter of the machine (or in other terms, the libpcap for Windows).
WinDump: is the TcpDump for Windows from user point of view ( The kernel part is Windows specific and it is very different according to various Windows flavors).
JPcap: is a Java class package which enables to capture and send IP packets from Java application. This package uses libpcap and Raw Socket API.
P.S. Raw sockets and ICMP aren't available in Java natively, and this is where Jpcap comes to the rescue!
1) Download and install Javatm2 Platform, Standard Edition (J2SEtm) JRE or SDK. java.sun.com/download
2) Download and install the latest WinPcap.
WinPcap 3.0 download: Windows 95/98/ME/NT/2000/XP WinPcap auto-installer (driver +DLLs)
P.S. Using the auto-installer will save you the effort of compiling it yourself
3) a. Download and extract the latest Jpcap. i.e. Jpcap ver.0.4 (Released on
b. Copy "lib\Jpcap.dll" into "[JRE directory]\bin" or "[JRE directory]\lib\ext\x86"
c. Copy "lib\jpcap.jar" into "[JRE directory]\lib\ext"
d. If you installed J2SE SDK, you also need to copy "lib\jpcap.jar" into "[SDK directory]\jre\lib\ext".
Note: [JRE directory] is usually "C:\Program Files\Java\j2re*".
[SDK directory] is usually "C:\j2sdk*".
Writing a packet sniffer
// 1.Import the jpcap library \\
// 2.Create a class called JSniffer that’s implements JpcapHandler
// (This interface is used to define a method to analyze the captured packets,
// which is used in Jpcap.handlePacket()) \\
class JSniffer implements JpcapHandler
// 3.The handlePacket() method is called everytime a packet is captured
// and the parameter is the packet to be analyzed \\
public void handlePacket(Packet packet)
// 4.The main comes now! \\
public static void main(String args) throws java.io.IOException
// 5.The getDeviceDescription() is a static method of class Jpcap
// and can be called using the class name itself!
// It returns the description of the interfaces which is saved in lists \\
System.out.println("\n\t\t***My Simple Network Sniffer***\n");
System.out.println("Start capturing on "+lists);
// 6.The openDevice() is a static method of Jpcap class
// and returns an instance of this class.
// The parameters are in the following order:
// (i)device (ii)snaplen (iii)promisc (iv)to_ms \\
// 7.We use the instance returned by the openDevice() methos to capture packets
// using loopPacket() that captures the specified number of packets consecutively
// The parameter list is: (i)count (ii)a Jpcap handler \\
- Save the above file as JSniffer.java
- Now go to the console window and move to the above directory where you have saved JSniffer.java
- # javac Jsniffer.java
- #java JSniffer
Your sniffer should now be able to sniff all packets on your network, if you are connected to one!
If you are not connected to a network, you could try ping-ing, telnet-ing or ftp-ing to local host to create a few packets that could be sniffed by the sniffer.
Next time, we will make a Simple Port Scanner!