Getting interface name/address from (or mapping NetworkInterface to) jpcap device paths

Question

I am trying to do the following:

1. Display a list of human-readable network interface names and their IP addresses to the user.
2. Start a jpcap packet capture on the interface the user selects.

However, the following points are giving me trouble:

• jpcap only provides PacketCapture.lookupDevices() , which returns a list of Windows' NPF driver device paths to the interfaces (eg \\Device\\NPF_{39966C4C-3728-4368-AE92-1D36ACAF6634} ) and a rather bland display string (eg Microsoft ), and no other info. So I cannot use it to construct the UI interface list.
• NetworkInterface.getNetworkInterfaces() provides a list of interfaces on the system with all the info I need for the UI, but NetworkInterface does not provide the NDF driver device path, only display names, and device names such as "net5", "lo", etc.
• jpcap's PacketCapture#open() only accepts device paths.

The list of NetworkInterface s that are both up and not loopback do correspond to the list of devices returned by jpcap, although they are not in the same order.

So, I can't find anything in NetworkInterface that can be passed to PacketCapture#open() , and I don't know how to get UI-appropriate info from the device paths returned by PacketCapture#lookupDevices() . PacketCapture does not accept NetworkInterface#getName() . Therefore, I'm stuck.

I have not tried this on Linux. I suspect the problem is unique to Windows, where NetworkInterface#getName() does not correspond to the device paths recognized by PacketCapture#open() .

How can I get the information that jpcap needs to open the device from a NetworkInterface (or the other way around - get a NetworkInterface given a device path), or is there another approach that will allow me to just get a nice display name and IP address for each device directly from jpcap?

---

Windows' Registry: I've been doing some digging and have at least found information about NPF devices in the registry. Given a jpcap device path, and using either one of the techniques here or a native library, a nice adapter name (equivalent to the ones NetworkInterface returns) and the current IP address can be obtained from the registry as follows:

1. Extract GUID from path (eg {39966C4C-3728-4368-AE92-1D36ACAF6634} from above example). Leave the curly braces and call this .
2. HKLM\\SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters\\Interfaces\\<guid> contains current IP address for device as well as some other configuration info.
3. HKLM\\SYSTEM\\CurrentControlSet\\services\\<guid>\\Parameters\\Tcpip contains similar information.
4. Search all subkeys of subkeys in HKLM\\SYSTEM\\CurrentControlSet\\Control\\Class\\ . If a subkey is found that contains a key NetCfgInstanceId whose value is <guid> , then the rest of the keys there will contain driver info - the nice display name, vendor info, etc.

I do not know how IPv6 factors into the above (there are a few registry areas with a separate Tcpip6 block of info). I also do not know if these keys are the same outside of Windows 7, but I suspect they are. I will convert the above to an answer, with example code, if no better answers are presented. I am still looking for a more direct (ideally platform-independent and registry-free) way.

Answer 1

Indirect Solution w/ Windows Registry

I have at least found information about NPF devices in the registry, and am expanding the last bit of my question to an answer.

Method

Given a jpcap device path, a nice adapter name (equivalent to the ones NetworkInterface returns) and the current IP address can be obtained from the registry as follows:

1. Extract GUID from path (eg 39966C4C-3728-4368-AE92-1D36ACAF6634 from above example).
2. HKLM\\SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters\\Interfaces\\{<guid>} contains current IP address for device as well as some other configuration info.
3. Search all subkeys of subkeys in HKLM\\SYSTEM\\CurrentControlSet\\Control\\Class\\ . If a subkey is found that contains a key NetCfgInstanceId whose value is {<guid>} , then the rest of the keys there will contain driver info - the nice display name, vendor info, etc.

Implementation

Prerequisites:

• The code below requires WinRegistry from https://stackoverflow.com/a/6163701/616460 . You may copy and paste it from there.
• No native libraries are required.

Issues:

• java.util.prefs.WindowsPreferences (and therefore WinRegistry ) can only read string keys, not integers. Therefore code below cannot reliably determine if DHCP is enabled. As a hack, logic used is to check static IP/mask and, if blank, fall back on DHCP IP/mask (values are stored separately in registry).
• IP address are REG_MULTI_SZ, presumably to account for IPv6 addressing as well (verify?). Code below is simple and does not account for that. I have not tested IPv6 + IPv4.
• I have not tested on any other version of Windows besides Windows 7 (Windows 8, somebody verify?).
• Tested against the device strings returned by jpcap 0.01.16 .
• Linux / OSX implementations are left as an exercise to the reader.

Code

Code is below. Full code, including WinRegistry (not present below), is also available on github . Usage is free under SO's CC attribution-sharealike license .

import java.util.regex.Matcher;
import java.util.regex.Pattern;


/**
 * Gets information about network interface given a jpcap device string, on Windows. Makes
 * use of WinRegistry class from https://stackoverflow.com/a/6163701/616460. This is tested
 * against jpcap 0.01.16, which is available for download at http://sourceforge.net/projects/jpcap/.
 * 
 * All getters return empty strings rather than null if the information is unavailable.
 * 
 * @author https://stackoverflow.com/users/616460/jason-c
 */
public class NetworkDeviceInfo {


    private static final int DRIVER_CLASS_ROOT = WinRegistry.HKEY_LOCAL_MACHINE;
    private static final String DRIVER_CLASS_PATH = "SYSTEM\\CurrentControlSet\\Control\\Class";
    private static final String NETCFG_INSTANCE_KEY = "NetCfgInstanceId";
    private static final int IFACE_ROOT = WinRegistry.HKEY_LOCAL_MACHINE;
    private static final String IFACE_PATH = "SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters\\Interfaces";


    private final String jpcapDeviceName;
    private final String jpcapDisplayName;
    private final String guid;
    private final String driverName;
    private final String driverVendor;
    private final String interfaceAddress;
    private final String interfaceSubnetMask;


    /**
     * Construct from a jpcap device string.
     * @param jpcapDeviceString Device string from jpcap. 
     * @throws IllegalArgumentException If the device string could not be parsed.
     * @throws UnsupportedOperationException If the Windows registry could not be read.
     */
    public NetworkDeviceInfo (String jpcapDeviceString) throws IllegalArgumentException, UnsupportedOperationException {

        // extract jpcap device and display name, and guid, from jpcap device string

        String[] jpcapParts = jpcapDeviceString.split("\n", 2);

        jpcapDeviceName = (jpcapParts.length > 0) ? jpcapParts[0].trim() : "";
        jpcapDisplayName = (jpcapParts.length > 1) ? jpcapParts[1].replaceAll("\n", " ").trim() : "";

        Matcher matcher = Pattern.compile("\\{(\\S*)\\}").matcher(jpcapDeviceName);
        guid = matcher.find() ? matcher.group(1) : null;
        if (guid == null)
            throw new IllegalArgumentException("Could not parse GUID from jpcap device name '" + jpcapDeviceName + "'");

        try {

            // search registry for driver details:
            // Search all subkeys of subkeys in HKLM\SYSTEM\CurrentControlSet\Control\Class\. If a subkey
            // is found that contains a key NetCfgInstanceId whose value is {guid}, then the rest of the keys 
            // there will contain driver info - the nice display name, vendor info, etc.

            String theDriverName = "";
            String theDriverVendor = "";

            for (String driverClassSubkey : WinRegistry.readStringSubKeys(DRIVER_CLASS_ROOT, DRIVER_CLASS_PATH)) {
                for (String driverSubkey : WinRegistry.readStringSubKeys(DRIVER_CLASS_ROOT, DRIVER_CLASS_PATH + "\\" + driverClassSubkey)) {
                    String path = DRIVER_CLASS_PATH + "\\" + driverClassSubkey + "\\" + driverSubkey;
                    String netCfgInstanceId = WinRegistry.readString(DRIVER_CLASS_ROOT, path, NETCFG_INSTANCE_KEY);
                    if (netCfgInstanceId != null && netCfgInstanceId.equalsIgnoreCase("{" + guid + "}")) {
                        theDriverName = trimOrDefault(WinRegistry.readString(DRIVER_CLASS_ROOT, path, "DriverDesc"), "");
                        theDriverVendor = trimOrDefault(WinRegistry.readString(DRIVER_CLASS_ROOT, path, "ProviderName"), "");
                        // other interesting keys: DriverVersion, DriverDate
                        break;
                    }
                }
                if (!theDriverName.isEmpty())
                    break;
            }

            driverName = trimOrDefault(theDriverName, jpcapDisplayName);
            driverVendor = trimOrDefault(theDriverVendor, "Unknown");

            // read tcp/ip configuration details (HKLM\SYSTEM\CCS\services\Tcpip\Parameters\Interfaces\{guid})
            // there is an integer key EnableDHCP, but java.util.prefs.WindowsPreferences (and therefore 
            // WinRegistry) supports reading string keys only, therefore we'll have to hack it to decide on
            // DHCP vs. static IP address and hope it's correct.
            // also note the ip addresses are REG_MULTI_SZ, presumably to also hold ipv6 addresses. the results
            // here may not be quite correct, then. that's why I'm leaving addresses as strings instead of 
            // converting them to InetAddresses.

            String ifPath = IFACE_PATH + "\\{" + guid + "}";
            String dhcpIp = trimOrDefault(WinRegistry.readString(IFACE_ROOT, ifPath, "DhcpIPAddress"), "");
            String dhcpMask = trimOrDefault(WinRegistry.readString(IFACE_ROOT, ifPath, "DhcpSubnetMask"), "");
            // if static set, use it, otherwise use dhcp
            interfaceAddress = trimOrDefault(WinRegistry.readString(IFACE_ROOT, ifPath, "IPAddress"), dhcpIp);
            interfaceSubnetMask = trimOrDefault(WinRegistry.readString(IFACE_ROOT, ifPath, "SubnetMask"), dhcpMask);

        } catch (Exception x) {
            throw new UnsupportedOperationException("Information could not be read from the Windows registry.", x);
        }


    }


    /**
     * @param str A string.
     * @param def A default string.
     * @return Returns def if str is null or empty (after trim), otherwise returns str, trimmed.
     */
    private final static String trimOrDefault (String str, String def) {
        str = (str == null) ? "" : str.trim();
        return str.isEmpty() ? def : str;
    }


    /**
     * Gets the jpcap device name, which can be passed to PacketCapture.
     * @return Device name from jpcap. Pass this string to PacketCapture to specify this device.
     */
    public final String getJpcapDeviceName () {
        return jpcapDeviceName;
    }


    /**
     * Gets the jpcap display name. Usually this is pretty bland.
     * @return Display name from jpcap.
     */
    public final String getJpcapDisplayName () {
        return jpcapDisplayName;
    }


    /**
     * Gets the interface GUID.
     * @return Interface GUID.
     */
    public final String getGuid () {
        return guid;
    }


    /**
     * Get a nice display name for the interface driver. Display this in GUIs.
     * @return Interface driver name.
     */
    public final String getDriverName () {
        return driverName;
    }


    /**
     * Get the interface driver vendor name. Could be displayed in GUIs.
     * @return Interface driver vendor name.
     */
    public final String getDriverVendor () {
        return driverVendor;
    }


    /**
     * Get the interface's IP address.
     * @return Interface's IP address.
     * @bug This may not be correct for interfaces with multiple IP addresses. For this reason, it is
     *      left as a raw string rather than being converted to an InetAddress.
     */
    public final String getInterfaceAddress () {
        return interfaceAddress;
    }


    /**
     * Get the interface's subnet mask.
     * @return Interface's subnet mask.
     * @bug Same issue as getInterfaceAddress(). 
     */
    public final String getInterfaceSubnetMask () {
        return interfaceSubnetMask;
    }


    /**
     * Get a display string, for debugging.
     * @return Display string, for debugging.
     */
    @Override public String toString () {
        return String.format("%s (%s) {%s} @ %s/%s", driverName, driverVendor, guid, interfaceAddress, interfaceSubnetMask);
    }


}

Example

Here is an example:

import java.util.ArrayList;
import java.util.List;

import net.sourceforge.jpcap.capture.PacketCapture;

public class NetworkDeviceInfoTest {

    public static void main (String[] args) throws Exception {

        List<NetworkDeviceInfo> infos = new ArrayList<NetworkDeviceInfo>();

        // Info can be queried from jpcap device string.
        for (String jpcapDevice : PacketCapture.lookupDevices())
            infos.add(new NetworkDeviceInfo(jpcapDevice));

        // Info can be displayed.
        for (NetworkDeviceInfo info : infos) {
            System.out.println(info.getJpcapDeviceName() + ":");
            System.out.println("  Description:   " + info.getDriverName());
            System.out.println("  Vendor:        " + info.getDriverVendor());
            System.out.println("  Address:       " + info.getInterfaceAddress());
            System.out.println("  Subnet Mask:   " + info.getInterfaceSubnetMask());
            System.out.println("  jpcap Display: " + info.getJpcapDisplayName());
            System.out.println("  GUID:          " + info.getGuid());
        }

        // Device names from NetworkDeviceInfo can be passed directly to jpcap:
        NetworkDeviceInfo selected = infos.get(0);
        PacketCapture capture = new PacketCapture();
        capture.open(selected.getJpcapDeviceName(), true);

    }

}

On my machine that outputs:

PacketCapture: loading native library jpcap.. ok
\Device\NPF_{691D289D-7EE5-4BD8-B5C1-3C4729A852D5}:
  Description:   Microsoft Virtual WiFi Miniport Adapter
  Vendor:        Microsoft
  Address:       0.0.0.0
  Subnet Mask:   255.0.0.0
  jpcap Display: Microsoft
  GUID:          691D289D-7EE5-4BD8-B5C1-3C4729A852D5
\Device\NPF_{39966C4C-3728-4368-AE92-1D36ACAF6634}:
  Description:   1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
  Vendor:        Realtek Semiconductor Corp.
  Address:       192.168.1.23
  Subnet Mask:   255.255.255.0
  jpcap Display: Microsoft
  GUID:          39966C4C-3728-4368-AE92-1D36ACAF6634

---

Hopefully this is helpful. Improvements are welcome. A better suggestion of a more direct way without using the registry is also welcome.

Answer 2

Platform-Independent, NetworkInterface

Here is an alternate solution that should be platform independent although only provides info for interfaces that are up. The registry solution was my first attempt, it works well, but I believe this is a better solution as long as information about down interfaces is not required.

Method

1. PacketCapture can provide a network address and subnet mask given a device string (it's an instance method, not a static method, though). For each device string in PacketCapture.lookupDevices() :
2. Get it's network address and mask from a PacketCapture instance (capture does not need to be open).
3. Search through all network interfaces returned by NetworkInterface.getNetworkInterfaces() and find one that has an address that is on the same network given by the network address and mask that jpcap returned for the device.
4. That NetworkInterface (probably) corresponds to the device string.

Implementation

Prerequisites:

• No dependencies other than jpcap . Tested with version 0.01.16.

Issues:

• While platform-independent, unlike the registry-based solution this can only find interfaces that are up.
• Byte ordering is weird. I can't make much sense of the jpcap discussion forum on SourceForge but somebody did seem to point it out. Therefore I suppose it's always subject to change in the future.
• There are probably a lot of edge cases that will cause this to return incorrect results that I have not tested for.

Code

Code is below. Usage is free under SO's CC attribution-sharealike license . It's self-contained so I did not put it on github.

import java.net.Inet4Address;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;

import net.sourceforge.jpcap.capture.CaptureDeviceLookupException;
import net.sourceforge.jpcap.capture.PacketCapture;

public class JpcapInterfaceInfo {


    /**
     * Get a list of interface information for all devices returned by jpcap.
     * @param capture An instance of PacketCapture to use for getting network address and mask info. If null,
     *                a new instance will be created.
     * @return List of information.
     * @throws CaptureDeviceLookupException
     */
    public static List<InterfaceInfo> listInterfaces (PacketCapture capture) throws CaptureDeviceLookupException {

        if (capture == null)
            capture = new PacketCapture();

        List<InterfaceInfo> infos = new ArrayList<InterfaceInfo>();
        for (String device : PacketCapture.lookupDevices())
            infos.add(getInterfaceInfo(capture, device));

        return infos;

    }


    /**
     * Get a list of interface information for all devices returned by jpcap.
     * @return List of information.
     * @throws CaptureDeviceLookupException
     */
    public static List<InterfaceInfo> listInterfaces () throws CaptureDeviceLookupException {
        return listInterfaces(null);
    }




    /**
     * Utility to check if an interface address matches a jpcap network address and mask.
     * @param address An InetAddress to check.
     * @param jpcapAddr Network address.
     * @param jpcapMask Network mask.
     * @return True if address is an IPv4 address on the network given by jpcapAddr/jpcapMask,
     *         false otherwise.
     */
    private static boolean networkMatches (InetAddress address, int jpcapAddr, int jpcapMask) {

        if (!(address instanceof Inet4Address))
            return false;

        byte[] address4 = address.getAddress();
        if (address4.length != 4)
            return false;

        int addr = ByteBuffer.wrap(address4).order(ByteOrder.LITTLE_ENDIAN).getInt();        
        return ((addr & jpcapMask) == jpcapAddr);

    }


    /**
     * Get an InterfaceInfo that corresponds to the given jpcap device string. The interface must be
     * up in order to query info about it; if it is not then the NetworkInterface in the returned
     * InterfaceInfo will be null.
     * @param capture A PacketCapture instance used to get network address and mask info.
     * @param jpcapDeviceString String from PacketCapture.lookupDevices().
     * @return InterfaceInfo.
     */
    public static InterfaceInfo getInterfaceInfo (PacketCapture capture, String jpcapDeviceString) {

        InterfaceInfo info = null;
        String deviceName = jpcapDeviceString.replaceAll("\n.*", "").trim();

        try {

            int netAddress = capture.getNetwork(deviceName);
            int netMask = capture.getNetmask(deviceName);

            // go through all addresses of all interfaces and try to find a match.

            Enumeration<NetworkInterface> e = NetworkInterface.getNetworkInterfaces();
            while (e.hasMoreElements() && info == null) {
                NetworkInterface iface = e.nextElement();
                Enumeration<InetAddress> ae = iface.getInetAddresses();
                while (ae.hasMoreElements() && info == null) {
                    if (networkMatches(ae.nextElement(), netAddress, netMask))
                        info = new InterfaceInfo(iface, deviceName);
                }
            }

        } catch (Exception x) {

            System.err.println("While querying info for " + deviceName + ":");
            x.printStackTrace(System.err);

        }

        if (info == null)
            info = new InterfaceInfo(null, deviceName);

        return info;

    }


    /**
     * Information about a network interface for jpcap, which is basically just a NetworkInterface
     * with details, and the jpcap device name for use with PacketCapture.
     */
    public static class InterfaceInfo {

        private final NetworkInterface iface;
        private final String deviceName;

        InterfaceInfo (NetworkInterface iface, String deviceName) {
            this.iface = iface;
            this.deviceName = deviceName;
        }

        /**
         * Get NetworkInterface for this interface.
         * @return May return null if no matching NetworkInterface was found.
         */
        public final NetworkInterface getIface () {
            return iface;
        }

        /**
         * Get jpcap device name for this interface. This can be passed to PacketCapture.open().
         * @return Device name for interface.
         */
        public final String getDeviceName () {
            return deviceName;
        }

        @Override public final String toString () {
            return deviceName + " : " + iface;
        }

    }


}

Example

Here is an example:

import java.util.List;

import net.sourceforge.jpcap.capture.PacketCapture;

public class JpcapInterfaceInfoTest {

    public static void main (String[] args) throws Exception {

        // Info can be queried from jpcap device list.
        List<JpcapInterfaceInfo.InterfaceInfo> infos = JpcapInterfaceInfo.listInterfaces();

        // Info can be displayed.
        for (JpcapInterfaceInfo.InterfaceInfo info : infos)
            System.out.println(info);

        // Device names from InterfaceInfo can be passed directly to jpcap:
        JpcapInterfaceInfo.InterfaceInfo selected = infos.get(0);
        PacketCapture capture = new PacketCapture();
        capture.open(selected.getDeviceName(), true);

    }

}

On my machine (same setup as registry solution), this outputs:

\Device\NPF_{691D289D-7EE5-4BD8-B5C1-3C4729A852D5} : null
\Device\NPF_{39966C4C-3728-4368-AE92-1D36ACAF6634} : name:net5 (1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter)

I did not make the output as pretty as the other solution. Note that the "virtual wifi miniport adapter" (the first one) has a null NetworkInterface because, since it is not up, a match could not be found (an IP address and network address was not present).