Network sniffing from Java (wow, a techie post!)
[This is a techie post. You have been warned.]
As some of y'all may be aware, I've been working on a network analysis app for the past couple years.
It's written in Objective-C, a language used primarily on the Mac. This is fine by me — I like Objective-C as a language, and a lot of my whizbang features (like voice control of traffic filtering) are Mac-specific.
But the fact remains: I do most of my development in, and am currently most familiar with, Java. I also believe that, within the next five years, Java will become the fastest application development language available. (No, really.)
So, on a lark, I started wondering what it'd take to rewrite my network analyzer in Java. The hard part: to sniff network traffic (which will later be analyzed), the program has to worm its way down into the hardware, and this is difficult in Java. I suspected it would require JNI (Java Native Interface, which lets you tie code written in other languages [primarily C] into Java programs), but I hadn't written any JNI in nearly ten years.
I looked online to see if anyone had done my work for me. There are a couple Java interfaces to the PCAP library, which is the gold standard when it comes to sniffing network traffic. (It's what I use in my current application.)
Unfortunately, they all suck, for two reasons. First, they do too much work in the JNI code. JNI code is written in C; the Java Virtual Machine, the part responsible for making modern Java so goddamn fast, can't speed up C code. Second, they make too many assumptions about the type of traffic they'll encounter, and don't provide me a way to teach them about new types. (They assume they're plugged into an Ethernet, which is not true if I'm hitting the net through my cellphone, like right now.)
Cesta (my network analysis program) has a really flexible plugin architecture that lets it load processing code as needed, at runtime. These libraries are the exact opposite of that.
So, I'm having to write my own. As of tonight, I have it working. It's a very thin JNI interface to libpcap. It should work on both 32 and 64-bit architectures, but is known to be incompatible with iSeries (AS/400) because of a design decision I made.
The entertaining bit, to me, is that PCAP delivers packets by a callback, which I translate into a call to a Java interface. Java code calls C code, which calls into libpcap, which calls a C function, which calls back into Java. Teehee.
posted by Cliff L. Biffle @ 10:19 PM
3 comments
3 Comments:
Great! This is exactly what I have been looking for. Are you releasing the source?
Actually a binary + API would be enough :-)
Had you asked a year ago, I probably would have. :-) Now I'm not even sure where the sources are -- I've moved a few states away to a new job, and stopped work on my network analyzer for now.
When I bought my computer and I didn´t know how to use java graphics, so I decided looking for information in a webside and I found an useful information that helped me a lot.. Now I am interested in to do the best investment and I found a webside very useful and interesting called costa rica investment opportunities , I think it´s a very wonderful site.
Post a Comment
<< Home