jNetPcap 2.X

Stand alone libpcap wrapper module

Results from long running "stresstest"

Just wanted to share some results from a long running stress test of jnetpcap version 1.3.b3 (beta 3).


Here are some unofficial performance numbers:

jNetPcap version 1.3b1
WinXP x86_32Description
73,410,000total packets processed
59,051packets per second
16.9usamount of processing time per packet in micro-seconds (10e-6)
260,111headers per second
3,845nsamount of processing time per header in nano-seconds (10e-9)

Spec: Intel Core Duo (2-core), WinXP Pro, 4GMb Memory, JRE 1.5.0_8
Setup: 7,341 different packets are loaded into a memory buffer from 15 different files found in tests directory for total of 22,030,069 bytes of data and processed 10,000 times each. The raw packets in memory are dispatched to JBufferHandler where their buffers are peered with a static packet object and scanned for headers.

My goal for next version of the decoder is to greatly increase these performance numbers. I am confident I can at minimum double these numbers with the new implementation. For one, peering is a lot more efficient. Second the decoder will implement what I call"cut-through" scanner where first few common headers are going to be processed without any function calls in the scanner. Kind of pre-processed as efficiently as possible in native code. That and number of other efficiency improvements should greatly increase the above performance numbers.

Tutorial 2 - API usage

Note: There is a bug in 1.3.b4 and 1.4.r1300 with "flows". The example below fails when flows are encountered due to this bug. The bug has been fixed and will be released with next release of 1.3 and 1.4 which are currently being tested before a broader public release.

Download Source from SVN:

package org.jnetpcap.examples.packet;

import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.jnetpcap.Pcap;
import org.jnetpcap.nio.JMemory;
import org.jnetpcap.packet.JFlow;
import org.jnetpcap.packet.JFlowKey;
import org.jnetpcap.packet.JFlowMap;
import org.jnetpcap.packet.JPacket;
import org.jnetpcap.packet.JPacketHandler;
import org.jnetpcap.packet.JScanner;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.protocol.tcpip.Http;
import org.jnetpcap.protocol.tcpip.Tcp;

 * This example demonstrates various usage scenerios for jNetPcap API. The test
 * file used in this example can be found under the "tests" directory located
 * under the root installation directory of the source package. The tests
 * directory is not normally provided with binary distribution of jnetpcap. The
 * test file contains 483 packets most of which are http or tcp segments.
 * @author Mark Bednarczyk
 * @author Sly Technologies, Inc.
public class CommonUsageExamples {

	 * Various examples
	 * @param args
	 *          none expected
	public static void main(String[] args) {

		 * Example #1 open offline capture file for reading packets.
		final String FILENAME = "tests/test-http-jpeg.pcap";
		final StringBuilder errbuf = new StringBuilder();

		final Pcap pcap = Pcap.openOffline(FILENAME, errbuf);

Create TCP Packet

This example demonstrates how you can create a new packet from an in-memory buffer, modify few fields within various headers and recalculate necessary checksums for the updated values.

Download Source from SVN:

JPacket packet =
  new JMemoryPacket(JProtocol.ETHERNET_ID,
      " 001801bf 6adc0025 4bb7afec 08004500 "
    + " 0041a983 40004006 d69ac0a8 00342f8c "
    + " ca30c3ef 008f2e80 11f52ea8 4b578018 "
    + " ffffa6ea 00000101 080a152e ef03002a "
    + " 2c943538 322e3430 204e4f4f 500d0a");

Ip4 ip = packet.getHeader(new Ip4());
Tcp tcp = packet.getHeader(new Tcp());




The packet template is created based upon a different packet that was previously captured. We supply the packet contents as a string hexdump. The hexdump is parsed and turned into a byte[] which servers as the basis for the packet. JMemoryPacket allocates storage for the new packet and scans it.

At this point we can peer our protocol headers which allow us, using their convenient getters and setter methods, to manipulate their contents more precisely.

After our modifications, we scan the packet one more time to make sure that any structural changes we made, which we didn't in our simple example, are recalculated and the packet state appropriately updated.

Lastly we print out our newly modified packet:

1.3 beta 1 released!

1.3b1 is released. Its an update to 1.3 alpha 1 which fixes several discovered issues. The following issues have been resolved:

Syndicate content