The packer filter: an efficient mechanism for user-level network code
SOSP '87 Proceedings of the eleventh ACM Symposium on Operating systems principles
A pseudo-machine for packet monitoring and statistics
SIGCOMM '88 Symposium proceedings on Communications architectures and protocols
Efficient use of workstations for passive monitoring of local area networks
SIGCOMM '90 Proceedings of the ACM symposium on Communications architectures & protocols
ICON Programmng Language
Reference architecture for distributed systems management
IBM Systems Journal
Analyzing stability in wide-area network performance
SIGMETRICS '97 Proceedings of the 1997 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Secure Internet programming
The Eifel retransmission timer
ACM SIGCOMM Computer Communication Review
Realize network subsystem QoS guarantee
ACM SIGOPS Operating Systems Review
Reducing Router-Crossings in a MobileIntranet
Journal of Network and Systems Management
Ntop: Beyond ping and traceroute
DSOM '99 Proceedings of the 10th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Active Technologies for Network and Service Management
Component Selection for Heterogeneous Active Networking
IWAN '01 Proceedings of the IFIP-TC6 Third International Working Conference on Active Networks
Practical Network Applications on a Lightweight Active Management Environment
IWAN '01 Proceedings of the IFIP-TC6 Third International Working Conference on Active Networks
The OKE Corral: Code Organisation and Reconfiguration at Runtime Using Active Linking
IWAN '02 Proceedings of the IFIP-TC6 4th International Working Conference on Active Networks
ANQL - An Active Networks Query Language
IWAN '02 Proceedings of the IFIP-TC6 4th International Working Conference on Active Networks
Granidt: Towards Gigabit Rate Network Intrusion Detection Technology
FPL '02 Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications
Safe, Untrusted Agents Using Proof-Carrying Code
Mobile Agents and Security
Towards a Programmable Mobile IP
MDM '01 Proceedings of the Second International Conference on Mobile Data Management
Testing of fault-tolerant and real-time distributed systems via protocol fault injection
FTCS '96 Proceedings of the The Twenty-Sixth Annual International Symposium on Fault-Tolerant Computing (FTCS '96)
Maya: a Multi-Paradigm Network Modeling Framework
Proceedings of the seventeenth workshop on Parallel and distributed simulation
Operating system support for high-performance, real-time CORBA
IWOOOS '96 Proceedings of the 5th International Workshop on Object Orientation in Operating Systems (IWOOOS '96)
Non-Intrusive Estimation of Web Server Delays
LCN '01 Proceedings of the 26th Annual IEEE Conference on Local Computer Networks
Fast and Secure Magnetic WORM Storage Systems
SISW '03 Proceedings of the Second IEEE International Security in Storage Workshop
Performance Models for Network Processor Design
IEEE Transactions on Parallel and Distributed Systems
Simulating mobile ad hoc networks in city scenarios
Computer Communications
Flexible packet filtering: providing a rich toolbox
BSDC'02 Proceedings of the BSD Conference 2002 on BSD Conference
Transparent network services via a virtual traffic layer for virtual machines
Proceedings of the 16th international symposium on High performance distributed computing
Melange: creating a "functional" internet
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
High-Speed Dynamic Packet Filtering
Journal of Network and Systems Management
Secure virtual architecture: a safe execution environment for commodity operating systems
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
A hypervisor based security testbed
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Frame shared memory: line-rate networking on commodity hardware
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Running a Java VM inside an operating system kernel
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Swift: a fast dynamic packet filter
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Internet traffic modeling by means of Hidden Markov Models
Computer Networks: The International Journal of Computer and Telecommunications Networking
Design of an IP Flow Record Query Language
AIMS '08 Proceedings of the 2nd international conference on Autonomous Infrastructure, Management and Security: Resilient Networks and Services
Topnet: a network-aware top(1)
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
TIE: A Community-Oriented Traffic Classification Platform
TMA '09 Proceedings of the First International Workshop on Traffic Monitoring and Analysis
Fast Packet Classification Using Condition Factorization
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
OpenLIDS: a lightweight intrusion detection system for wireless mesh networks
Proceedings of the 15th annual international conference on Mobile computing and networking
NetPDL: An extensible XML-based language for packet header description
Computer Networks: The International Journal of Computer and Telecommunications Networking
Analysis of network processing workloads
Journal of Systems Architecture: the EUROMICRO Journal
A programmable network address translator: Design, implementation, and performance
ACM Transactions on Internet Technology (TOIT)
Linear-tree rule structure for firewall optimization
CIIT '07 The Sixth IASTED International Conference on Communications, Internet, and Information Technology
Enabling high-speed and extensible real-time communications monitoring
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Design of a Stream-Based IP Flow Record Query Language
DSOM '09 Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Integrated Management of Systems, Services, Processes and People in IT
WiOPT'09 Proceedings of the 7th international conference on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks
Review: Passive internet measurement: Overview and guidelines based on experiences
Computer Communications
Bottleneck analysis and traffic congestion avoidance
Proceedings of the International Conference and Workshop on Emerging Trends in Technology
Proceedings of the Third European Workshop on System Security
Experience with the keynote trust management system: applications and future directions
iTrust'03 Proceedings of the 1st international conference on Trust management
Architecture of a network monitoring element
Euro-Par'06 Proceedings of the CoreGRID 2006, UNICORE Summit 2006, Petascale Computational Biology and Bioinformatics conference on Parallel processing
A format-independent architecture for run-time integrity checking of executable code
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Leaping multiple headers in a single bound: wire-speed parsing using the kangaroo system
INFOCOM'10 Proceedings of the 29th conference on Information communications
Accurate offline synchronization of distributed traces using kernel-level events
ACM SIGOPS Operating Systems Review
The architecture and implementation of an extensible web crawler
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
SideCar: building programmable datacenter networks without programmable switches
Hotnets-IX Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks
Implementation of a stream-based IP flow record query language
AIMS'10 Proceedings of the Mechanisms for autonomous management of networks and services, and 4th international conference on Autonomous infrastructure, management and security
Network intrusion detection: dead or alive?
Proceedings of the 26th Annual Computer Security Applications Conference
SPAF: stateless FSA-based packet filters
IEEE/ACM Transactions on Networking (TON)
Application-Tailored I/O with Streamline
ACM Transactions on Computer Systems (TOCS)
Tracefs: a file system to trace them all
FAST'04 Proceedings of the 3rd USENIX conference on File and storage technologies
A Passive Network Appliance for Real-Time Network Monitoring
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
vPF_RING: towards wire-speed network monitoring using virtual machines
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Proceedings of the 8th ACM Symposium on Performance evaluation of wireless ad hoc, sensor, and ubiquitous networks
A high-performance and scalable multi-core aware software solution for network monitoring
The Journal of Supercomputing
pcapIndex: an index for network packet traces with legacy compatibility
ACM SIGCOMM Computer Communication Review
ARCS'06 Proceedings of the 19th international conference on Architecture of Computing Systems
Multi-stage packet filtering in network smart cards
CARDIS'06 Proceedings of the 7th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
ISNN'06 Proceedings of the Third international conference on Advances in Neural Networks - Volume Part III
Design and implementation of a fast dynamic packet filter
IEEE/ACM Transactions on Networking (TON)
Collection and exploration of large data monitoring sets using bitmap databases
TMA'10 Proceedings of the Second international conference on Traffic Monitoring and Analysis
A high-performance network monitoring platform for intrusion detection
ICOIN'05 Proceedings of the 2005 international conference on Information Networking: convergence in broadband and mobile networking
FPL-3: towards language support for distributed packet processing
NETWORKING'05 Proceedings of the 4th IFIP-TC6 international conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communication Systems
FPL-3E: towards language support for reconfigurable packet processing
SAMOS'05 Proceedings of the 5th international conference on Embedded Computer Systems: architectures, Modeling, and Simulation
A methodology for implementing a stress workload generator for the GTP-U plane
WWIC'05 Proceedings of the Third international conference on Wired/Wireless Internet Communications
Enhancing network intrusion detection with integrated sampling and filtering
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
TOSKANA: a toolkit for operating system kernel aspects
Transactions on Aspect-Oriented Software Development II
Research note: An empirical study of the characteristics of Internet traffic
Computer Communications
Digital forensics research: The next 10 years
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Netmap: a novel framework for fast packet I/O
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
CaptureFoundry: a GPU accelerated packet capture analysis tool
Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
NetSlices: scalable multi-core packet processing in user-space
Proceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systems
An integrated framework for optimizing automatic monitoring systems in large IT infrastructures
Proceedings of the 19th ACM SIGKDD international conference on Knowledge discovery and data mining
EtherPIPE: an ethernet character device for network scripting
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Experience report: functional programming of mHealth applications
Proceedings of the 18th ACM SIGPLAN international conference on Functional programming
Security bugs in embedded interpreters
Proceedings of the 4th Asia-Pacific Workshop on Systems
Scap: stream-oriented network traffic capture and analysis for high-speed networks
Proceedings of the 2013 conference on Internet measurement conference
Towards a GPU accelerated virtual machine for massively parallel packet classification and filtering
Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
A versatile code execution isolation framework with security first
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
I know what your packet did last hop: using packet histories to troubleshoot networks
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
| Hi-index | 0.01 |
Many versions of Unix provide facilities for user-level packet capture, making possible the use of general purpose workstations for network monitoring. Because network monitors run as user-level processes, packets must be copied across the kernel/user-space protection boundary. This copying can be minimized by deploying a kernel agent called a packet filter, which discards unwanted packets as early as possible. The original Unix packet filter was designed around a stack-based filter evaluator that performs sub-optimally on current RISC CPUs. The BSD Packet Filter (BPF) uses a new, register-based filter evaluator that is up to 20 times faster than the original design. BPF alson uses a straighforward buffering strategy that makes its overall performance up to 100 times faster than Sun's NIT running on the same hardware.