This project is an extension to the BeepBeep 3, event stream processing engine, called a palette, that provides functionalities for processing network captures.
To compile the palette, make sure you have the following:
- The Java Development Kit (JDK) to compile. The palette complies with Java version 6; it is probably safe to use any later version.
- Ant to automate the compilation and build process
The palette also requires the following Java libraries:
- The latest version of BeepBeep 3
- The latest version of JNetPcap
These dependencies can be automatically downloaded and placed in the
dep folder of the project by typing:
ant download-deps
From the project's root folder, the sources can then be compiled by simply typing:
ant
This will produce a file called netp.jar in the folder. This file
is not runnable and stand-alone. It is meant to be used in a Java project
alongside beepbeep-3.jar
This project relies on the legacy jNetPcap 1.x library, which uses JNI and therefore requires native libraries to be installed manually.
Unlike modern Java libraries, simply adding the .jar file to the classpath is not sufficient.
You must ensure that:
- the native jNetPcap library is visible to the JVM
- the system packet capture library (
libpcap/ WinPcap / Npcap) is installed - the architecture of Java and the native library match (32-bit vs 64-bit)
The instructions below describe the minimal setup for each operating system.
Install the libpcap runtime:
sudo apt install libpcap-devPlace the native library somewhere visible to the dynamic loader, for example:
/usr/lib/libjnetpcap.soor use a custom directory and set the library path:
export LD_LIBRARY_PATH=/path/to/jnetpcap:$LD_LIBRARY_PATH
java -Djava.library.path=/path/to/jnetpcap ...You can verify that all dependencies are present with:
ldd libjnetpcap.soNo line should contain not found.
jNetPcap depends on the WinPcap / libpcap runtime.
The recommended solution today is to install Npcap in WinPcap compatibility mode.
-
Download and install Npcap
https://npcap.com/ -
During installation, enable:
Install Npcap in WinPcap API-compatible Mode
This installs the required system libraries:
wpcap.dll
Packet.dll
- Make sure
jnetpcap.dllis visible to the JVM.
Possible options:
- Put it in the same directory as the program
- Add its folder to
PATH - Use:
java -Djava.library.path=C:\path\to\native ...Avoid copying files into System32 unless strictly necessary.
macOS already provides libpcap, but the JNI library must still be visible.
Place:
libjnetpcap.dylib
in a directory such as:
/usr/local/lib
or run Java with:
export DYLD_LIBRARY_PATH=/path/to/jnetpcap:$DYLD_LIBRARY_PATH
java -Djava.library.path=/path/to/jnetpcap ...Recent macOS versions restrict dynamic library loading; using
java.library.path is usually more reliable than modifying system folders.
The native library and the JVM must have the same architecture.
Check Java:
java -versionCheck the native library (Linux / macOS):
file libjnetpcap.soIf Java is 64-bit, the native library must also be 64-bit.
Most old jNetPcap builds are 32-bit, so using a 32-bit JVM may be required.
jNetPcap 1.x predates modern Java foreign-function APIs and relies on JNI.
For pedagogical purposes this project keeps that version, which makes the
dependency setup more manual than with recent libraries.
Recent versions of jNetPcap no longer rely on handwritten JNI wrappers and instead use the Foreign Function & Memory API introduced in recent Java versions.
The architecture becomes:
Java → Foreign Function API → libpcap → operating system
instead of:
Java → JNI → jnetpcap native wrapper → libpcap → operating system
However, even with these newer versions:
libpcap(Linux/macOS) orNpcap(Windows) must still be installed- a recent Java version (21–22+) is required
- additional JVM flags such as
--enable-native-accessmay be needed
For this project, the older 1.x library is used because it remains simple, stable, and adequate for pedagogical exercises involving PCAP parsing.
The first version of this palette has been written in 2016 by Pierre-Louis Faure and Théo Ménard. Further tweaks have been added by Sylvain Hallé, Full Professor at Université du Québec à Chicoutimi and head of Laboratoire d'informatique formelle (LIF).