Packet-to-disk is the ability to dump network packets to disk. This activity is important for implementing a sort of “network time machine” so that when something unexpected happens, you have the ability to access the raw packets and thus inspect the cause of the problems. Implementing efficient packet-to-disk requires high-speed packet capture, speedy disks, and efficient packet dump software.
We started to work on this field, a few years ago when creating a packet-to-disk application for 1 Gbit networks, named n2disk. Today we are introducing the second generation of n2disk that has been further optimised for 10 Gbit networks. Leveraging on PF_RING DNA, n2disk can dump packets on disk using the industry-standard pcap format at 10 Gbit line rate, minimal size packets. All you need to have is a fast storage system and an adequate system to run n2disk on. As you can read on the n2disk home page, we have the ability to:
- Filter packets during capture using BPF-like filters.
- Dump packets with nano-second timestamps (precise timestamping card required such as Silicom 10G timestamp adapter).
- Index packets on the fly, during packet capture, for fast packet retrieval.
- Search disk-stored packets within a specified time-boundary, using BPF-like filters leveraging on the n2disk packet search companion tools.
Unlike costly proprietary packet-to-disk solutions, n2disk can run on commodity hardware using DNA-aware network adapters. Contrary to the common belief that packet-to-disk solutions are expensive and based on proprietary (i.e. non-pcap) dump formats, n2disk demonstrates that this statement is no longer true making packet-to-disk a commodity activity.
For more information about n2disk features and configuration options, please refer to the n2disk home page and n2disk User’s Guide. Those who are looking for an affordable turn-key packet-to-disk solution, can instead have a look at the nBox recorder.