Improving Kernel performance for network sniffing

Topaloğlu, Mehmet Ersan
?G Sniffing is computer-network equivalent of telephone tapping. A Sniffer is simply any software tool used for sniffing. Needs of modern networks today are much more than a sniffer can meet, because of high network traffic and load. Some efforts are shown to overcome this problem. Although successful approaches exist, problem is not completely solved. Efforts mainly includes producing faster hardware, modifying NICs (Network Interface Card), modifying kernel, or some combinations of them. Most efforts are either costly or no know-how exists. In this thesis, problem is attacked via modifying kernel and NIC with aim of transferring the data captured from the network to the application as fast as possible. Snort [1], running on Linux, is used as a case study for performance comparison with the original system. A significant amount of decrease in packet lost ratios is observed at resultant system.
Citation Formats
M. E. Topaloğlu, “Improving Kernel performance for network sniffing,” M.S. - Master of Science, Middle East Technical University, 2003.