reading from offline file slow

1 reply [Last post]
banzai08
Offline
Joined: 02/03/2017

Hi there,
I am using this code

...
pcap.loop(numFrames, new JPacketHandler() {
public void nextPacket(JPacket packet, StringBuilder errbuf) {

// final Tcp tcp = new Tcp();
// final Udp udp = new Udp();
// final Ip4 ip = new Ip4();

if (hasHeaders(packet)) {
frameData.add(new Frame("timestamp", "source ip", "destination ip", "protocol", packet.getTotalSize(), "payload" ));
}

}

}, errbuf);

...

to load packets from an offline file, but it takes around 7 minutes to load files with 100mb (around 730k packages). Is there any way to up the performance or am I stuck with it? Sorry I'm a beginner.

Also what would be the smartest way to get the data mentioned in the code from the packet?

Using jnetpcap 1.4r1425 on 64 bit W7
Thank you very much!

banzai08
Offline
Joined: 02/03/2017
I've updated my code a
I've updated my code a bit. (...)
JPacketHandler<StringBuilder> packetHandler =  new JPacketHandler<StringBuilder>() {
            public void nextPacket(JPacket packet, StringBuilder errbuf) { 
           

            if (packet.hasHeader(ip)){
            sourceIpRaw = ip.source();
            destinationIpRaw = ip.destination();
           
            sourceIp = org.jnetpcap.packet.format.FormatUtils.ip(sourceIpRaw); 
            destinationIp = org.jnetpcap.packet.format.FormatUtils.ip(destinationIpRaw); 
            }
           
            if (packet.hasHeader(tcp)){
            protocol = tcp.getName();
            length = tcp.size();

            int payloadOffset = tcp.getOffset() + tcp.size(); 
            int payloadLength = tcp.getPayloadLength(); 
             
            buffer.peer(packet, payloadOffset, payloadLength); // No copies, by native reference 
            info = buffer.toHexdump();
            } else if (packet.hasHeader(udp)){
            protocol = udp.getName();
            length = udp.size();
           
           
            int payloadOffset = udp.getOffset() + udp.size(); 
            int payloadLength = udp.getPayloadLength(); 
             
            buffer.peer(packet, payloadOffset, payloadLength); // No copies, by native reference 
            info = buffer.toHexdump();
            }
           
            if (packet.hasHeader(payload)){
           
            infoRaw = payload.getPayload();
            length = payload.size();
           
            }

           
                frameData.add(new Frame(packet.getCaptureHeader().timestampInMillis(), sourceIp, destinationIp, protocol, length, info ));
                System.out.print(i+"\n");
                i=i+1;
            } 
 
        };
        pcap.loop(numFrames, packetHandler , errbuf); 
        pcap.close();
(...) Now all the instantiations are outside of the methods. This way it's very fast in the beginning with about 1 minute for 400k packages, but after that it slows to a crawl. After package # 450k or so it needs maybe 10 minutes for the rest of the 700k packages, which is unacceptable. What can I do better?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.