Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Is sampled data sufficient for anomaly detection?
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
The BSD packet filter: a new architecture for user-level packet capture
USENIX'93 Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings
A remotely accessible network processor-based router for network experimentation
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Comparing and improving current packet capturing solutions based on commodity hardware
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
High speed network traffic analysis with commodity multi-core systems
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Revisiting the case for a minimalist approach for network flow monitoring
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Packet-level traffic measurements from the Sprint IP backbone
IEEE Network: The Magazine of Global Internetworking
NetSlices: scalable multi-core packet processing in user-space
Proceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systems
K-p0f: a high-throughput kernel passive OS fingerprinter
ANCS '13 Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems
| Hi-index | 0.00 |
Network administrators lack the tools they need to understand and react to their changing networks. This makes it difficult for them to make informed, timely decisions regarding network management, capacity planning, and security. These challenges will only increase as networks continue to gain in throughput, become more complex, and encrypt more and more of their traffic. This paper describes the Passive Network Appliance, or PNA, which is our proposed solution to this problem. The PNA provides snapshots of network behavior through time, in a cost-effective manner. The PNA is implemented on commodity hardware and can enforce network policy in real-time at the granularity of network frame arrival. This paper describes the system, and its evaluation in both laboratory and real-world deployments.