Eliminating receive livelock in an interrupt-driven kernel
ACM Transactions on Computer Systems (TOCS)
Performance evaluation of packet capturing systems for high-speed networks
CoNEXT '05 Proceedings of the 2005 ACM conference on Emerging network experiment and technology
Building a time machine for efficient recording and retrieval of high-volume network traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
nCap: wire-speed packet capture and transmission
E2EMON '05 Proceedings of the End-to-End Monitoring Techniques and Services on 2005. Workshop
Enriching network security analysis with time travel
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Packet capture in 10-gigabit Ethernet environments using contemporary commodity hardware
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
A Passive Network Appliance for Real-Time Network Monitoring
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
vPF_RING: towards wire-speed network monitoring using virtual machines
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
K-p0f: a high-throughput kernel passive OS fingerprinter
ANCS '13 Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems
High-Performance network traffic processing systems using commodity hardware
DataTraffic Monitoring and Analysis
Hi-index | 0.00 |
Capturing network traffic with commodity hardware has become a feasible task: Advances in hardware as well as soft- ware have boosted off-the-shelf hardware to performance levels that some years ago were the domain of expensive special-purpose hardware. However, the capturing hardware still needs to be driven by a well-performing software stack in order to minimise or avoid packet loss. Improving the capturing stack of Linux and FreeBSD has been an extensively covered research topic in the past years. Although the majority of the proposed enhancements have been backed by evaluations, these have mostly been conducted on different hardware platforms and software versions, which renders a comparative assessment of the various approaches difficult, if not impossible. This paper summarises and evaluates the performance of current packet capturing solutions based on commodity hardware. We identify bottlenecks and pitfalls within the capturing stack of FreeBSD and Linux, and give explanations for the observed effects. Based on our experiments, we provide guidelines for users on how to configure their capturing systems for optimal performance and we also give hints on debugging bad performance. Furthermore, we propose improvements to the operating system's capturing processes that reduce packet loss, and evaluate their impact on capturing performance.