Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP

HP.com home


Technical Reports



» 

HP Labs

» Research
» News and events
» Technical reports
» About HP Labs
» Careers @ HP Labs
» Worldwide sites
» Downloads
Content starts here

 
Click here for full text: PDF

Full Packet Capture and Offline Analysis on 1 and 10 Gb/s Networks

Anderson, E.; Arlitt, M.

HPL-2006-156

Keyword(s): full packet capture; 10 Gb/s network; driverdump

Abstract: This paper describes our experiences with implementing and using a network monitor built with commodity hardware and open source software to collect contiguous, multi-day, full packet traces from 1 and 10 Gb/s networks. The length of the traces is primarily limited by the capacity of the disks attached to the monitor, and the rate and size of packets on the network. On a 10 Gb/s enterprise network our monitor sustained packet capture rates of 160,000 pps (packets per second) and data capture rates of 0.7 Gb/s, and burst capture rates up to 550, 000 pps and 3.7 Gb/s respectively (with minimal packet loss). In testing we have achieved sustained capture rates of up to 676,000 pps and 1.4 Gb/s. We found that our technique (driverdump) can sustain capture rates between 1.86x (large packets) and 5.98x (small packets) higher than the traditional tcpdump program; compared to the linux-specific lindump program, we achieve rates 1.48x (large packets) and 2.25x (small packets) higher. We describe the current bottlenecks with our monitor and elaborate on how to address them. We also discuss our tools and techniques for efficiently analyzing the multiterabyte traces we collected. In particular, we rely on DataSeries, a highly efficient trace storage format.

14 Pages

Back to Index

»Technical Reports

» 2009
» 2008
» 2007
» 2006
» 2005
» 2004
» 2003
» 2002
» 2001
» 2000
» 1990 - 1999

Heritage Technical Reports

» Compaq & DEC Technical Reports
» Tandem Technical Reports
Printable version
Privacy statement Using this site means you accept its terms Feedback to HP Labs
© 2009 Hewlett-Packard Development Company, L.P.