Sniffing through the ages
Capturing packets running on the wire to send them to a software doing analysis seems at first sight a simple tasks. But one has not to forget that with current network this can means capturing 30M packets per second. The objective of this talk is to show what methods and techniques have been implemented in Linux and how they have evolved over time.
The talk will cover AF_PACKET capture as well as PF_RING, dpdk and netmap. It will try to show how the various evolution of hardware and software have had an impact on the design of these technologies. Regarding software a special focus will be made on Suricata IDS which is implementing most of these capture methods.
Eric Leblond, Stamus Networks
[slideshare id=53567070&doc=2015kernelrecipescapture-151005202119-lva1-app6891]
[youtube=https://youtu.be/5gEWyCW-qx8?list=PLQ8PmP_dnN7Lf7qQUlUKp-SNzLNzHrPjt]