Learning DPDK : Packet capturing

A new project has its goal to capture 40G rate traffic on a specified schedule.

Why

To analyze

  • security breaches,
  • misbehaviours or
  • faulty appliances

it is utterly useful to have virtual traces fully recorded.

What

  • You can record the whole Ethernet packet.
  • You can trim its payload in case only headers are important for later analysis.
  • You can filter the traffic based on IP address and TCP/UDP port.

How

  • First, capture the traffic into the RAM.
  • Second, store it on disk.

Complications

  • Average SSD disk speed is about 500 MB/s
  • SATA 3.0 speed is 6Gb/S

Solution

It looks a solution could be one of the following or both

  • RAID
  • PCI + high-speed SSD disk

3 thoughts on “Learning DPDK : Packet capturing

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s