Hi,
Per the subject... What are the possible values returned from the typeDescription() call?
What I've seen thus far, I think, per the Javadocs, are:
tcp
next: udp
icmp
Are there any others, i.e., what if it's not one of those 3?
Thanks,
Jim
Hi, I'm new to the forums and jNetPcap and am trying to use jNetPcap as a network monitoring tool for a protocol we have at work. The protocol runs on top of TCP/IP and I'm able to get the IP and TCP header information just fine.
I have created a new Header class which extends JHeader to represent the Header format we use, as shown in the Simple Example in the User Guide and have registered the new Header with the JRegistry. But it seems as if the JPcapPacket.hasHeader does not find the Header in the packet.
Is there a more detailed example of how to go about registering a new header? Are there any other steps to be taken after calling JRegistry.register(MyHeader.class)? There are two register methods, do both register new Headers? The API documentation says that one does and doesnt say whether the other does too?
Also, when i do a HexDump of the Payload (which contains the Header I wish to find), the last two bytes are 0x00 and the Hexdump omits these bytes. Does the scanner or whatever reads the Payload stop when it sees the 0x0000?
Any help would be appreciated.
Thanks
Hi,
I'm currently using version 1.2 rc 5 in my project which doesn't provide the means to parse options in a TCP header, something I require. I'm unsure as to whether this has been addressed in more recent versions but would like to post my implementation anyway.
First there's a nice readable version...
import org.jnetpcap.protocol.tcpip.Tcp;
public class TcpOptionsVerbose implements TcpOptions
{
private static final int KIND_END = 0x00;
private static final int KIND_NOP = 0x01;
private static final int KIND_MSS = 0x02;
private static final int KIND_WINSCALE = 0x03;
private static final int KIND_SACK = 0x04;
private static final int KIND_TS = 0x08;
private static final int KIND_MSS_LENGTH = 4;
private static final int KIND_WINSCALE_LENGTH = 3;
private static final int KIND_SACK_LENGTH = 2;
private static final int KIND_TS_LENGTH = 10;
private static final int OPTION_HEADER_LENGTH = 2;
private static final int TCP_HEADER_LENGTH = 20;
private static final String BAD_FORMAT = "bad tcp option format";
private Tcp tcp = null;
//private ByteBuffer options = null;
private int offset = TCP_HEADER_LENGTH;
private boolean hasMss = false;
private boolean hasWinScale = false;
private boolean hasSack = false;
private boolean hasTs = false;
private int mss = 0;
private int winScale = 0;
private boolean sack = false;
private int tsVal = 0;
private int tsEcr = 0;
public TcpOptionsVerbose(Tcp tcp) throws Exception
{
int tcpSize = tcp.size();
this.tcp = tcp;
while(offset < tcpSize)
{
switch(tcp.getByte(offset))
{
case KIND_END:
return;
case KIND_NOP:
offset++;
break;
case KIND_MSS:
parseMss();
break;
case KIND_WINSCALE:
parseWinScale();
break;
case KIND_SACK:
parseSack();
break;
case KIND_TS:
parseTs();
break;
Hello Mark,
I'm working on a project that rebuild captured file from the *live* capture.
Sometimes there are dropped packets so i decided to test my project on a local network
with high bandwidth (~7MB/s)
Although the network is transferring datas at 7MB/s, JnetPcap captures at ~1MB/s and there is a lot of dropped packets.
I tested the same multithreaded code with the JPcap wrapper by Mr Keita Fuji
and the capture is perfect at 7MB/s and very few packets drops. (Windows)
(And i tweaked the JnetPcap kernel buffer at 40MB!, we cannot do that with jpcap..)
But on the other hand, JnetPcap is more powerful on Linux distribution than Jpcap.
How can you explain these big differences ?
Thank you.
Regards,
Gg.
I've fixed the main memory leak, but I'm still seeing very slow-slow leak and I'm still investigating. I'm analyzing memory usage very carefully and I'm seeing a progressive slow leak. I think its actually due to memory thrashing, that is lots of small memory blocks allocated to hold copies of packet and quickly deallocated. This causes certain amount of overhead in allocation tables in the runtime library. At least that is what I think is I'm witnessing.
None the less I'm still working on it. I running long tests in different modes and carefully analyzing memory usage. The slow leak is about 200K per 1,000,000 packets processed. So its relatively very slow, none the less it could cause big problems for long running or never ending processes.
#10288 packets=741441 pps=17414.529312 bytes=4832Kb/s hdr=76649/s hdr=13us rm=26140Kb pm=36b vm=242812Kb #10288 packets=734100 pps=17147.061572 bytes=4757Kb/s hdr=75472/s hdr=13us rm=26056Kb pm=36b vm=242812Kb #10288 packets=734100 pps=17414.717465 bytes=4832Kb/s hdr=76650/s hdr=13us rm=26284Kb pm=36b vm=242812Kb #10288 packets=734100 pps=17743.027022 bytes=4923Kb/s hdr=78095/s hdr=13us rm=26264Kb pm=36b vm=242812Kb #10288 packets=734100 pps=17590.396089 bytes=4880Kb/s hdr=77423/s hdr=13us rm=26592Kb pm=37b vm=242812Kb #10288 packets=734100 pps=17683.191213 bytes=4906Kb/s hdr=77832/s hdr=13us rm=26736Kb pm=37b vm=242812Kb #10288 packets=734100 pps=17349.688032 bytes=4814Kb/s hdr=76364/s hdr=13us rm=26676Kb pm=37b vm=242812Kb #10288 packets=734100 pps=17610.228854 bytes=4886Kb/s hdr=77510/s hdr=13us rm=26800Kb pm=37b vm=242812Kb
Memory counters: rm = Resident Memory, pm = per packet memory, vm = virtual memory. These are system process memory statistics, not java VM. I'm using a 3rd party library called SIGAR to access system process statistics.
I'm working on various test cases and did some rough performance tests on jnetpcap.
The test involves looping and reading in all of the test capture files found in the "tests" installation directory. The same capture files are read over and over.
Here is what I am seeing. This is IO bound, files are closed and reopened, also adding to significant delay. Data coming from live networks should be more efficient. Also data coming from jNetStream offline reader will also be significantly faster when that becomes available.
In summary the results show:
It takes 13us (micros) to process a single header.
jNetStream is able to copy, scanning for headers and create appropriate java objects at rate of 5Mb/sec and 17K pps.
packets=73410 pps=17865.660745 bytes=4956.747479Kb/s headers=78634.704308/s header_scan=12.717031us packets=73410 pps=18139.362491 bytes=5032.684801Kb/s headers=79839.387200/s header_scan=12.525146us packets=73410 pps=18426.204819 bytes=5112.267919Kb/s headers=81101.907631/s header_scan=12.330166us packets=73410 pps=17935.499634 bytes=4976.123965Kb/s headers=78942.096262/s header_scan=12.667513us packets=73410 pps=17272.941176 bytes=4792.300092Kb/s headers=76025.882353/s header_scan=13.153415us packets=73410 pps=18211.361945 bytes=5052.660727Kb/s headers=80156.288762/s header_scan=12.475627us packets=73410 pps=17466.095646 bytes=4845.889934Kb/s headers=76876.040923/s header_scan=13.007954us packets=73410 pps=17528.653295 bytes=4863.246273Kb/s headers=77151.384909/s header_scan=12.961530us packets=73410 pps=17272.941176 bytes=4792.300092Kb/s headers=76025.882353/s header_scan=13.153415us packets=73410 pps=17600.095900 bytes=4883.067703Kb/s headers=77465.835531/s header_scan=12.908916us packets=73410 pps=17659.369738 bytes=4899.512964Kb/s headers=77726.726004/s header_scan=12.865588us packets=73410 pps=17338.214454 bytes=4810.409870Kb/s headers=76313.179027/s header_scan=13.103897us
Hi,
I'm currently using jNetPcap only for processing previously-captured PCAP files, using nextEx(). One of the things that we've been thinking about, in the future, is doing the same processing, but because of some of the things I'm doing in my code, I won't be able to move to using pcap.loop() or pcap.dispatch().
So, I was wondering, if anyone knows, what would the real-time capture performance be like with jNetPcap and using nextEx()?
Would it really be much less efficient/slower than using loop() or dispatch()?
Thanks,
Jim
Can you provide an overview of the difference between the two libraries. When is one more appropriate than the other? In particular, when looping through the contents of a pcap file, which of these is better suited if you do not intend to update the file?
Hi,
Not exactly support with getting jnetpcap working but it doesn't belong anywhere else...
At what layer in the OSI 7 layer network reference model does jnetpcap lie?
There's the jnetpcap.so, libpcap and jnetpcap.jar files to consider here.
Is it that libpcap operates at layer 2 and the jnetpcap library/jar aren't even a part of the 7 layer model? Or am I missing something?
Thanks!