本文对比了五种不同PCAP解析库的性能:libpcap、原始二进制读取、dpkt、scapy和pyshark。通过重复实验得出各库的平均处理时间,并据此评估它们的速度和易用性。
from pylibpcap.pcap import rpcap
import struct
from dpkt.pcap import Reader
from scapy.all import rdpcap
#from scapy.all import PcapReader
import pyshark
from timeit import repeat
import time
fileName = "/Users/microfat/Downloads/new/N1N2.pcap"
def libpcap_test():
for _, _, packet in rpcap(fileName):
pass
def orig_test():
string_data = None
with open(fileName, 'rb') as fpcap:
string_data = fpcap.read()
packet_num = 0
packet_data = []
i =24
while(i<len(string_data)):
packet_len = struct.unpack('I',string_data[i+12:i+16])[0]
packet_data.append(string_data[i+16:i+16+packet_len])
i = i+ packet_len+16
packet_num+=1
for packet in packet_data:
pass
def dpkt_test():
with open(fileName, 'rb') as f:
for _, packet in Reader(f):
pass
def scapy_test():
for packet in rdpcap(fileName):
pass
def pyshark_test():
cap = pyshark.FileCapture(fileName, use_json=True, include_raw=True)
for packet in cap:
packet.get_raw_packet()
if __name__ == "__main__":
libpcap_test_time = repeat(stmt=libpcap_test, repeat=100, number=1)
time.sleep(1)
orig_test_time = repeat(stmt=orig_test, repeat=100, number=1)
time.sleep(1)
dpkt_test_time = repeat(stmt=dpkt_test, repeat=100, number=1)
time.sleep(1)
scapy_test_time = repeat(stmt=scapy_test, repeat=100, number=1)
time.sleep(1)
pyshark_test_time = repeat(stmt=pyshark_test, repeat=100, number=1)
print('libpcap:', sum(libpcap_test_time)/len(libpcap_test_time))
print('orig: ', sum(orig_test_time)/len(orig_test_time))
print('dpkt: ', sum(dpkt_test_time)/len(dpkt_test_time))
print('scapy: ', sum(scapy_test_time)/len(scapy_test_time))
print('pyshark:', sum(pyshark_test_time)/len(pyshark_test_time))
libpcap: 0.00011515187999975751
orig: 0.0005123037399994246
dpkt: 0.0010648190799918212
scapy: 0.05218072557000596
pyshark: 0.7941113060799978
结论:
libpcap > struct > dpkt > scapy > pyshark
pylibpcap由于使用到了Cython libpcap,因而速度非常快
但在功能易用性上来说大致是相反的结论
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
