Network security tools, and many other types of applications, are dependent on packet capture to analyze Internet data packets. In high-speed networks, conventional software-based packet capture engines become susceptible to packet drops. Any packet drops will degrade the accuracy and integrity of these tools. There is a need for cheap lossless packet capture technology that can be used in high-speed networks.
Fermilab has developed WireCAP: A novel packet capture engine for commodity network interface cards (NICs) in high-speed networks. WireCAP provides an effective and efficient solution to address the packet drop problem in high-speed networks by exploiting multi-queue NICs and multi-core architecture. WireCAP makes use of two new and unique mechanisms: an innovative buffering mechanism that eliminates packet loss due to overwritten NIC ring buffers; and an algorithm-based offload mechanism that optimizes traffic redistribution from overloaded network cores. WireCAP also implements a packet transmit function that allows captured packets to be forwarded, potentially after being modified or inspected in flight, thus enabling use by network traffic middlebox applications.
- Less expensive approach to implementing packet capture tools than customized hardware approaches
- Can be used to support firewall or intrusion detection systems
Applications and Industries
- High-speed network application
- Firewall Security
- Computing Industry
Category: Computers & Information Science
Tags and keywords: Packet Capture, NIC, Network Interface Card, Lossless