Measuring the Live Capture Performance of NetSniff
نویسنده
چکیده
NetSniff is an IP traffic analysis tool currently used in low traffic scenarios. Before deployment under higher traffic scenarios, it is important to perform a study into the processing and live capture performance of NetSniff. We have previously investigated the processing performance of NetSniff, in this technical report we subject NetSniff to a performance evaluation with regard to live capture of network traffic. We show the impact of increasing the captured traffic rate and in increasing the number of concurrent flows for NetSniff (release version v050722) to process on differing hardware configurations. Our results also indicate that the small PCAP (version 0.9.4) buffer (32kB) on a FreeBSD (version 5.3) based system limits the processing performance of NetSniff under high-bandwidth scenarios, while the Linux (kernel version 2.6) based PCAP library passes packets to NetSniff in non-chronological order – posing further problems in correctly determining TCP layer statistics. KeywordsNetSniff, live capture, performance.
منابع مشابه
Measuring the Processing Performance of NetSniff
NetSniff is an IP traffic analysis tool currently used in low traffic scenarios. Before deployment under higher traffic scenarios, it is important to perform a study into the processing and live traffic capture performance of NetSniff. In this technical report we subject NetSniff to a series of processing performance evaluations in an attempt to determine the limitations of NetSniff with regard...
متن کاملExtending Netsniff
This technical report describes, how to extend netsniff with additional stream and packet level parser. It also describes how to extend the log file parser and database, that were built to do statistics on the data collected by Netsniff. Keywords– Netsniff, Extension, Stream-parser, Packet-parser
متن کاملAvoiding Cyber-attacks to DMZ and Capturing Forensics from Intruders Using Honeypots
Nowadays, honeypots are widely used to divert attackers from the original target and keep them busy within a decoy environment. DeMilitarized Zone (DMZ) is an important zone for network administrators, because many of the services to the public network is provided at this zone. Many of the security tools such as firewalls, intrusion detection systems and several other secu...
متن کاملAvoiding Cyber-attacks to DMZ and Capturing Forensics from Intruders Using Honeypots
Nowadays, honeypots are widely used to divert attackers from the original target and keep them busy within a decoy environment. DeMilitarized Zone (DMZ) is an important zone for network administrators, because many of the services to the public network is provided at this zone. Many of the security tools such as firewalls, intrusion detection systems and several other secu...
متن کاملMeasuring Audience Galvanic Skin Response of Connected Performances
Accurately measuring the audience response during a performance is a difficult task. This is particularly the case for connected performances. In this paper, we staged a connected performance in which a remote audience enjoyed the performance in real-time. Both objective (galvanic skin response and behaviours) and subjective (interviews) responses from the live and remote audience members were ...
متن کامل