High-Speed Traffic Capture and Analysis Using Open-Source Software and Commodity Hardware


Luca Deri


06 December 2011






Modern network and computing architectures allow network application to be greatly accelerated by exploiting hardware properly. Unfortunately operating systems do not always exploit hardware features until they become widely popular, even though these features are available on commodity hardware. This has been the driving force for creating a Linux kernel framework named PF_RING that is able to unleash features that are not visible to application running on vanilla Linux. This talk shows how modern networking applications can offload selected tasks to hardware in order to accelerate common tasks such as packet capture and transmission, filtering, and balancing across CPU cores. Using PF_RING it is possible to accelerate existing applications including network probes, IDS/IPS and even create 10 Gbit wire-rate network traffic generators all using open-source software and commodity hardware.


Luca Deri is the leader of the ntop project (http://www.ntop.org/) aimed at developing an open-source monitoring platform for high-speed traffic analysis. He worked for University College of London and IBM Research, prior receiving his PhD at the University of Berne with a thesis about software components for traffic monitoring applications. Well known in the open-source and Linux community as well in the industry where he has been appointed in the technical advisory board of several leading companies, he currently shares his time between the ntop project and the University of Pisa where he has been appointed as lecturer at the CS department.