Header

UZH-Logo

Maintenance Infos

DiCAP: Distributed Packet Capturing Architecture for High-Speed Network Links


Morariu, C; Stiller, B (2008). DiCAP: Distributed Packet Capturing Architecture for High-Speed Network Links. In: 33rd Annual IEEE Conference on Local Computer Networks (LCN), Montreal, Quebec, Canada, 14 October 2008 - 17 October 2008, 168-175.

Abstract

IP traffic measurements form the basis of several network management tasks, such as accounting, planning, intrusion detection, and charging. High-speed network links challenge traditional IP traffic analysis tools with their high amount of carried data that needs to be processed within a small amount of time. Centralized traffic measurements for high-speed links typically require high-performance capturing hardware that usually comes with a high cost. Software-based capturing solutions, such as libpcap or PFRING, cannot cope with those high data rates and experience high packet losses. Thus, this paper proposes a scalable architecture and its implementation for Distributed Packet Capturing (DiCAP) based on inexpensive off-the-shelf hardware running Linux operating system. The prototype designed has been tested as an implementation and was evaluated against other Linux capturing tools. The evaluation shows that DiCAP can perform loss-less IP packet header capture at high-speed packet rates when used alone and that it can highly improve the performance of libpcap of PFRING when used in combination with those.

Abstract

IP traffic measurements form the basis of several network management tasks, such as accounting, planning, intrusion detection, and charging. High-speed network links challenge traditional IP traffic analysis tools with their high amount of carried data that needs to be processed within a small amount of time. Centralized traffic measurements for high-speed links typically require high-performance capturing hardware that usually comes with a high cost. Software-based capturing solutions, such as libpcap or PFRING, cannot cope with those high data rates and experience high packet losses. Thus, this paper proposes a scalable architecture and its implementation for Distributed Packet Capturing (DiCAP) based on inexpensive off-the-shelf hardware running Linux operating system. The prototype designed has been tested as an implementation and was evaluated against other Linux capturing tools. The evaluation shows that DiCAP can perform loss-less IP packet header capture at high-speed packet rates when used alone and that it can highly improve the performance of libpcap of PFRING when used in combination with those.

Statistics

Citations

Altmetrics

Additional indexing

Item Type:Conference or Workshop Item (Paper), refereed, original work
Communities & Collections:03 Faculty of Economics > Department of Informatics
Dewey Decimal Classification:000 Computer science, knowledge & systems
Language:English
Event End Date:17 October 2008
Deposited On:29 Jan 2009 08:47
Last Modified:06 Dec 2017 15:44
ISBN:978-1-4244-2412-2
Publisher DOI:https://doi.org/10.1109/LCN.2008.4664166
Official URL:http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4664166

Download

Full text not available from this repository.
View at publisher