TCP/IP illustrated (vol. 1): the protocols
TCP/IP illustrated (vol. 1): the protocols
DPF: fast, flexible message demultiplexing using dynamic code generation
Conference proceedings on Applications, technologies, architectures, and protocols for computer communications
Fast and scalable layer four switching
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
High-speed policy-based packet forwarding using efficient multi-dimensional range matching
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Router plugins: a software architecture for next generation routers
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
BPF+: exploiting global data-flow optimization in a generalized packet filter architecture
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Scalable packet classification
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Packet classification using multidimensional cutting
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Efficient packet classification for network intrusion detection using FPGA
Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays
Algorithms for advanced packet classification with ternary CAMs
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Survey and taxonomy of packet classification techniques
ACM Computing Surveys (CSUR)
The Definitive ANTLR Reference: Building Domain-Specific Languages
The Definitive ANTLR Reference: Building Domain-Specific Languages
FFPF: fairly fast packet filters
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Efficient packet demultiplexing for multiple endpoints and large messages
WTEC'94 Proceedings of the USENIX Winter 1994 Technical Conference on USENIX Winter 1994 Technical Conference
The BSD packet filter: a new architecture for user-level packet capture
USENIX'93 Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings
Swift: a fast dynamic packet filter
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Large-scale wire-speed packet classification on FPGAs
Proceedings of the ACM/SIGDA international symposium on Field programmable gate arrays
Field-split parallel architecture for high performance multi-match packet classification using FPGAs
Proceedings of the twenty-first annual symposium on Parallelism in algorithms and architectures
Fast and scalable packet classification
IEEE Journal on Selected Areas in Communications
Towards a GPU accelerated virtual machine for massively parallel packet classification and filtering
Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
| Hi-index | 0.00 |
Packet captures are used to support a variety of tasks, including network administration, fault diagnosis and security and network related research. Despite their usefulness, processing packet capture files is a slow and tedious process that impedes the analysis of large, long-term captures. This paper discusses the primary components and observed performance of CaptureFoundry, a stand-alone capture analysis support tool designed to quickly map, filter and extract packets from large capture files using a combination of indexing techniques and GPU accelerated packet classification. All results are persistent, and may be used to rapidly extract small pre-filtered captures on demand that may be analysed quickly in existing capture analysis applications. Performance results show that CaptureFoundry is capable of generating multiple indexes and classification results for large captures at hundreds of megabytes per second, with minimal CPU and memory overhead and only minor additional storage space requirements.