Nprobe: Network protocol analysis
|
 |
Architecture of a Network Monitor
Andrew Moore, James Hall, Euan Harris, Christian Kreibech and Ian Pratt
Proceedings of the Fourth Passive and Active Measurement Workshop (PAM 2003), April 2003
This paper describes a system for simultaneously monitoring multiple protocols.
It performs full line-rate capture and implements on-line
analysis and compression to record interesting data without loss of
information. We accept that the balance must be maintained in such a system betw
een
disk-bandwidth, CPU-capacity and data-reduction in order to perform
monitoring at full line-rate. We present the architecture in detail
and measure the performance of our sample implementation, \nprobe.
[PDF 182.56 KB]
|
