Open quantrpeter opened 1 month ago
yeah, seems like. I'm just using 1.8.3 with an overrided jna version and that's working for me to protoype an idea. I'm probably going to switch to jnetpcap once I validate what I'm doing. it seems more maintained. and if I choose to use it for multi-gigabit stuff it seems better supported for hardware acceleration etc. The pricing is SUPER cheap too, but it's free up to 5 machines
Is it me or the documentation useless for pcap4j? I've tried to setup Jnetpcap but I keep getting source file mismatch errors?
yeah, I had trouble trying to get jnetpcap working. I spoke to the author a week or two ago and he said big changes were coming so that it would be easier to get going. I had used pcap4j a few years ago and really liked it and it was going to be my first choice for this new thing I want to try. I think I was using 1.6 or 1.7 at that time, and it was on java 8 I think lol But I've recently switched all my projects to java 21 so I'm trying to be latest and greatest on everything, including pcap4j. I had the same kind of issues with trying to build 2.x. Since I've not seen any recent commits on this project, that's why I'll probably go back to jnetpcap once that's updated.
dang, well i hope those changes come soon . I have a semseter project to finish (network monitoring system) and then I need to some how figure out how do specific things. Question please , your preference, which one would you choose for a project like this? example calculate bandwidth, latency, traffic, etc. I'd appreciate your response :)
you can make pcap4j 1.8.2 work just fine, you have to override the version of jna, but it works. I think it depends GREATLY on how much bandwidth your talking about. Also in my case I'm going to be doing a production product so I want to base my work on something that is supported. for your project pcap4j should work.
This is what I have in my pom.xml
<dependency>
<groupId>org.pcap4j</groupId>
<artifactId>pcap4j-core</artifactId>
<version>1.8.2</version>
<type>jar</type>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
<exclusion>
<groupId>net.java.dev.jna</groupId>
<artifactId>jna</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.pcap4j</groupId>
<artifactId>pcap4j-packetfactory-static</artifactId>
<version>1.8.2</version>
</dependency>
<dependency>
<groupId>net.java.dev.jna</groupId>
<artifactId>jna</artifactId>
<version>5.15.0</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.36</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-jdk14</artifactId>
<version>1.7.36</version>
</dependency>
ssill2, I appreciate you, you are the man. I guess I'll get to work and see what I can make of it. Thanks again 👍
this is my main loop. you'll want to initialize some threadpools to submit work to so you don't have to tie up the main loop.
if (chosenDevice != null)
{
LOG.info(String.format("Opening device '%s'", chosenDevice.getName()));
int snapLenBytes = 65536;
int timeoutMillis = 100;
try (PcapHandle handle = chosenDevice.openLive(snapLenBytes,
PcapNetworkInterface.PromiscuousMode.PROMISCUOUS,
timeoutMillis))
{
// schedule job to periodically display pcap stats
PcapStatsWorker statsWorker = new PcapStatsWorker(handle);
scheduledTaskService.scheduleAtFixedRate(statsWorker, 0,
SCHEDULE_INTERVAL__PCAP_STATS_TASK_VALUE,
SCHEDULE_INTERVAL__PCAP_STATS_TASK_UNITS);
final PacketListener listener = (Packet packet) ->
{
if (packet == null)
{
LOG.info("Null packet");
}
else
{
if (!(packet instanceof UnknownPacket))
{
PacketInfo pi = new PacketInfo(triageConfig, packet);
PacketProcessorWorker pktProcessingTask
= new PacketProcessorWorker(pi);
packetProcessingPool.submit(pktProcessingTask);
}
}
};
handle.loop(0, listener);
}
catch (InterruptedException ie)
{
LOG.info("Interrupted");
}
}
I'm having some stuff inserted into an in-memory db hsql, so I can quickly do queries and process the things.
and something like this for your routine tasks like cleaing up in memory tabls and printing out pcap handle stats
/**
* Initialize threadpools and fire off any scheduled tasks
*/
private void initThreadPoolsAndTasks()
{
// init
// schedule tasks pool
scheduledTaskService = Executors.newScheduledThreadPool(3);
// db housekeeping task
HostTableHousekeeper hostsTableHouskeeper = new HostTableHousekeeper();
scheduledTaskService.scheduleAtFixedRate(hostsTableHouskeeper,
0,
SCHEDULE_INTERVAL__DB_HOUSEKEEPING_TASK_VALUE,
SCHEDULE_INTERVAL__DB_HOUSEKEEPING_TASK_UNITS);
// scan reconciler task
ScanReconcilerWorker scanReconcilerTask
= new ScanReconcilerWorker();
scheduledTaskService.scheduleAtFixedRate(scanReconcilerTask,
0,
SCHEDULE_INTERVAL__SCAN_RECONCILER_TASK_VALUE,
SCHEDULE_INTERVAL__SCAN_RECONCILER_TASK_UNITS);
// init
// packet processing thread pool
packetProcessingPool = Executors.newFixedThreadPool(packetProcessingWorkerCount);
}
Seems like im going to need to do some research, I have not idea whats going on , but its part of the learning process, right. However, your comments do help alot.
good luck on your project. I've had to shelve mine for a few weeks to work on other stuff unfortunately, but I do have the packet collection stuff working perfectly.
master branch is useless, right? v1 is the major one? thanks