10 Gbit Hardware Packet Filtering Using Commodity Network Adapters

Posted · Add Comment

The promise of filtering packets in hardware is not new. Unfortunately filtering network adapters are pretty expensive, not to mention if they run at 10 Gbit. Furthermore many commercial FPGA-based NICs feature hardware packet filtering, but often require card reconfiguration whenever flow rules are added/removed and have a limited set of rules that can be […]

PF_RING/TNAPI-based 10 Gbit Network Monitoring on Multicore Systems

Posted · Add Comment

Over the past couple of years, PF_RING has been enhanced to exploit innovations in computer hardware. In particular the availability of multicore systems and efficient controllers such as those introduced by Intel with the i7 family (in particular Nehelem and Sandy Bridge) has allowed applications to spread their load across all available processors (24 cores […]

Installation Guide For PF_RING

Posted · Add Comment

Below you can find an installation guide for PF_RING written by Gunjan Bansal. The original blog entry can be found at this URL. ————- Hi, This is my first guide so please bear with me for any disrespencies. These steps were tested on Intel Core 2 Duo machine with 4 GB Ram and  Intel(R) PRO/1000 […]

10 Gbit PF_RING-based Hardware Packet Filtering and Balancing Previewed at the Intel Europe Conference

Posted · Add Comment

Intel Research Europe Conference, Bruxelles, May 4th 2010 Luca Deri and Joseph Gasparakis, senior Intel engineer, have previewed a new PF_RING-based technology they have co-developed that allows Linux users to fully exploit the hardware capabilities of the newest Intel X520 10 Gbit adapter (based on Intel 82599 controller). This technology that is close to public […]

PF_RING and Transparent Mode

Posted · Add Comment

PF_RING has been designed for enhancing packet capture performance. This means that the RX path must be accelerated, and in particular a way to accelerate this is by reducing the journey of the packet from the adapter to userland. This is obtained by allowing the driver to push the packet from the NIC to PF_RING […]

Introducing PF_RING DNA (Direct NIC Access)

Posted · Add Comment

This is to announce the availability of PF_RING DNA (Direct NIC Access) that significantly increments performance (up to 80%) when compared with Linux packet capture and PF_RING (non DNA). PF_RING is polling packets from NICs by means of Linux NAPI. This means that NAPI copies packets from the NIC to the PF_RING circular buffer, and […]

ntop.org Joins the Open Information Security Foundation

Posted · Add Comment

Suricata is the next generation open source IDS/IPS developed byt the Open Information Security Foundation. It is a pleasure to announce that ntop has joined the core development team as the Linux version of Suricata is based on acceleration provided by PF_RING. In the near future PF_RING will be extended so that it can also […]

Port Mirror vs Network Tap

Posted · Add Comment

In order to analyze network traffic, it’s necessary to feed ntop/nProbe with network packets. There are two solutions to the problem: port mirror (also called SPAN in Cisco parlance) network tap Prior to explain the differences between these two solutions, it’s important to understand how ethernet works. In 100 Mbit and above, hosts usually speak […]