The extensive availability of cost effective commodity PC hardware pushed the development of flexible and versatile traffic monitoring software such as protocol analyzers, protocol dissectors, traffic sniffers, traffic characterizers and IDSs (Intrusion Detection Systems). The largest part of these pieces of software is based on the well known libpcap API, which in the last few years has become a de facto standard for PC based packet capturing. Many improvements have been applied to this library but it still suffers from several performance flaws that are due not to the software itself but rather to the underlying hardware bottlenecks. In this paper we present a new traffic monitoring device, implemented by an Intel IXP2400 Network Processor PCI-X card connected to a gigabit ethernet LAN hosting a cluster of common personal computers running any libpcap based application. This architecture outperforms the previous solutions in terms of packet capturing power and timestamp accuracy.
A Cooperative PC/Network-Processor Architecture for Multi Gigabit Traffic Analysis
GIORDANO, STEFANO;OPPEDISANO, FRANCESCO;PROCISSI, GREGORIO;VITUCCI, FABIO
2008-01-01
Abstract
The extensive availability of cost effective commodity PC hardware pushed the development of flexible and versatile traffic monitoring software such as protocol analyzers, protocol dissectors, traffic sniffers, traffic characterizers and IDSs (Intrusion Detection Systems). The largest part of these pieces of software is based on the well known libpcap API, which in the last few years has become a de facto standard for PC based packet capturing. Many improvements have been applied to this library but it still suffers from several performance flaws that are due not to the software itself but rather to the underlying hardware bottlenecks. In this paper we present a new traffic monitoring device, implemented by an Intel IXP2400 Network Processor PCI-X card connected to a gigabit ethernet LAN hosting a cluster of common personal computers running any libpcap based application. This architecture outperforms the previous solutions in terms of packet capturing power and timestamp accuracy.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.