jNetStream Protocol Decoder / News: Recent posts

jNetStream is an open SDK library and applications for building protocol sniffers and analyzers. Easily add new network protocols using builtin NPL language or use any of the hudreds of protocols already defined. No C or Java programming required, NPL is a poweful scripting language.

This release is a major new features release that completely replaces previous jNetStream API. The release adds significant file editing features, packet decoding, live captures and performance. Packets stored in files can be accessed using iterators and a super fast indexer for true random access. Super fast performance of upto 1.6 million packets/second has been achieved, all in java.... read more

The next major release of jNetStream (still unreleased) promisses to be a performance beast. The first performance benchmarks are in and the low level portion of jNetStream which simply reads packet contents from a file is achieving around 0.63microseconds/packet performance which translates to 1.6M pps. A 400Meg file with 6.5million packets in it is read into memory and parsed entirely in Java in 4.1seconds. I thought this benchmark was news worthy. ... read more

jNetStream is an open SDK library and applications for building protocol sniffers and analyzers. Easily add new network protocols using builtin NPL language or use any of the hudreds of protocols already defined. No C or Java programming required, NPL is a poweful scripting language.

This release introduces a number of new features and bug fixes. NPL protocol definitions are now only loaded on-demand and allow user definable binding overrides. New packet counting options have been added which run under several different models including a statistical model. Packets can be counted in very large, multi gig files quickly . Lots of logging (Apache CommonsLogging and Log4j) has been added as well.... read more

http://jnetstream.sourceforge.net/?q=node/74

I'm finished with 0.2.4 (rc1) release. Still double checking everything, looking for bugs and problems. Everything looks really good so far. All the code is checked in frequently.

So unless I find something major, I should be able to release it this week.

Here is a list of bugs and features slated for 0.2.4 release:

New features:
#1474706 - Allow multiple "linked" field modifiers in NPL
#1473065 - Enhance debug capabilities of jNetStream
#1436737 - On-demand NPL loading
#1435194 - Dynamic/User overriden protocol linking
#1435190 - Allow hierachal header structures in returned packet... read more

JNetStream is a pure Java library and a set of tools that allows you to decode, analyze and manipulate captured network packets. You can easily define your own protocol definitions using built-in NPL language or use the predefined ones.

This release addresses several bugs and minor new features described below.

*) Bug fixes:
+) 1435175 - Filtering on the command line does not work for MAC Addresse
+) 1435171 - Hexdump field returns Address object instead of byte[]... read more

jNetStream is a network packet decoder and a library.

Anouncing latest maintenance releases 0.2.2.1 and 0.2.3.1. With the bugs fixed in these releases, jNetStream can run continuesly with very steady memory footprint, even after decoding millions of packets.

Differences between 0.2.3.1 and 0.2.2.1 releases are in features supported. Main feature in 0.2.3.1 having support for Network flows (Network End-to-End conversations). Currently both feature trains are very stable.... read more

NPL language of JNetStream is being ported to ANTLR from existing manual lexer/parser. A major millestone has been reached as I can currently parse all of existing NPL files using ANTLR generated Lexer and Parser.

The inrcredible new development is that it only took 423 lines of ANTLR grammar to describe all of the Java syntax plus NPL extensions to the language vs. 12,000 lines of Java code in the manual lexer and parser. Now thats Increadible!

JNetStream is a network decoder and a library. This release adds 2 major new features. The first is IP fragment reassembly and the second is Flow support. Network flows are groupings of related packets. This allows you to view your network data nicely sorted into flows. A TCP stream/socket for example is a bi-directional flow.

Fixes, updates, enhancements in this release:
*) Added:
+) Added FlowDecoder. Groups packets by flow.
+) Added -g and -gg options to SlyDecoder. Can now group packets by flow.
+) Added TCPProtocol. A TCP protocol analyzer which monitors for TCP socket
closures and appropriately expires related flows.
+) Added NPL statements "flowkey", "flowentry", "flowpair". This allows flowkeys to be build from NPL protocol definitions.
+) Added NPL statement "buffer". This allows IP fragment reassembly.
+) Added NPL definition for FTP protocol.... read more

This release enhances the public API to allow easier access to field values. Also added is new way to decode data with a special InputStream that allows the user to add data to be decoded in byte[]. No need for capture files if you have the data or you captured the packet directly from a socket. Now decode directly
from memory.

Fixes, updates, enhancements in this release:
+) Added QueuePacketInputStream
+) Added ExpandableByteArrayInputStream
+) Added various getValue() methods to Packet, Header and Field.
+) Added new Decoder constructor to allow easier construction using PacketInputStream
+) Added getCanonicalHostname()and getInetObject() to IpAddress
+) Added Cisco NetFlow and NetFlowExportV5 definitions
+) Added extended PPPOE, PPP/LCP/IPCP (Semion Simkin)
+) L2TP definitions (Semion Simkin and Mark Wolfe)
+) Added new capture format for SNORT logfiles (Jon Schewe)... read more

I have checked in majority of the changes for the new typecasting mechanism. Its working!

Also checked tutorials source code and lots of other improvements.

Still working on new syntatical scanner/tokenizer, bug in the filter expressions, new Payload interface for codec objects.

We will also be changing the license on core JNetStream library from GPL to LGPL. Applications will remain under GPL license.... read more

This release fixes several bugs and improves ease of use on the Windows' platform. JNetStream consists of a set of Java programs and a Java library for decoding network packets. Advanced users can easily add in their own protocol definitions using a scripting
language called NPL. No plugins or special compilers are needed. Everything is builtin.

Fixes, updates, enhancements in this release:
+) Properly detects builtin configs on windows platform.
+) Adds full IP address support
+) Adds windows .bat scripts to startup the applications
+) Adds a number of aliases to protocol definitions
+) Added a user manual (in PDF format)... read more

JNetStream package provides applications and a java library for decoding and
analyzing network packets. Release 0.2 is a major release which contains
two (2) new applications, new protocol definitions and enhanced library API.

For those interested in features, SlyDecoder decodes packets just like any other
Open Source or commercial Sniffer. You do get however, unprecedented filtering
capabilities. You can decode multiple files at once, even if they are in
different formats.... read more

JNetStream is a JAVA library that has the capability to parse and analyze "network packet capture" files. Release 0.2 will be extending the jnetanalyzer sub-library. "jnetanalyzer" which does all of network analysis, as opposed to "jetnetstream" which just does protocol decodes.

Features being worked on are as follows;

the analyzer library will analyze Ethernet, IP, TCP and UDP messages. Every analysis module contains SWING components to represent and display various states of the streams, messages and segments under analysis. ... read more

JNetStream Protocol Analyzer and Decoder version 0.1.1 (stable alpha) released. JNetStream is written in Java. It is implemented on top of JAVA's IO Stream library. The current release 0.1.1 is a stable release with a number of protocols defined in a text based scripting language called NPL. Users of JNetStream can easily add their own protocols and dissect them immediately.

For downloads and documentation please visit project's website: http://jnetstream.sf.net