Exploiting Commodity Multi-core Systems for Network Traffic Analysis

This article Improvement of libpcap for lossless packet capturing in Linux using PF_RING kernel patch positions PF_RING (3.x, so some changes are needed when using version 4) against the Linux standard PF_PACKET packet capture facility. In PF_RING v4, due to popular demand, I have decided to move some of the PF_RING accelerations into the NIC driver with the advantage of being now able to compile PF_RING against an unpatched kernel. The PF_RING distribution has now a drivers/ directory that contains accelerated drivers for popular 1 and 10 Gbit adapter. This means that using PF_RING on top of Linux without any accelerated drivers, gives you a little speed advantage when compared with standard Linux. However if you use a PF_RING-aware driver or even better TNAPI, your speed bump will be much better. I summarize some lessons learnt on this field on this research paper named Exploiting Commodity Multi-core Systems for Network Traffic Analysis.