Java PCAP file parser library

7
votes

I'm looking for a fast way to parse PCAP file packets.

I'm currently using jNetPcap like so:

Pcap pcap = Pcap.openOffline(file, errbuf);
pcap.loop(10, jpacketHandler, "jNetPcap rocks!");

But it is pretty slow, is there any other good Java libraries that can parse PCAP files?

2
javapcap

2 Answers

6
votes

Just stumbled upon pcap parsing task in Java and found a pcap parser in Kaitai Struct. Surprisingly, it turns out to be blazing fast — probably because it's not a wrapper over C pcap library, but just a raw parser instead. My average results (on the same box, of course) are as following:

  • jpcap - 10,301 pps
  • jnetpcap - 15,148 pps
  • pcap.ksy in Kaitai Struct - 121,176 pps

So, if you don't need capturing, I wholeheartedly recommend trying out Kaitai Struct parser.

4
votes

jNetPcap is the most stable and well written wrapper. Its better than JPcap see this for comparison details. And i don't have a comparison details for pcap4j to evaluate.