| Autor: |
Uceda, Victor, Rodriguez, Miguel, Ramos, Javier, Garcia-Dorado, Jose Luis, Aracil, Javier |
| Předmět: |
|
| Zdroj: |
IEEE Journal on Selected Areas in Communications; 6/1/2016, Vol. 34 Issue 6, p1807-1818, 12p |
| Abstrakt: |
Network managers and analysts are well aware of the importance of network traces to understand traffic behavior, detect anomalies, and evaluate performance forensically, among others. However, the storage required for traffic traces has greatly expanded due to increasing network speeds. In this paper, we selectively cap the packet payload to reduce write speed and storage requirements on hard drives and further reduce the computational burden of packet analysis. The proposed techniques take advantage of most packet payloads being useless for analysis purposes, because they are either encrypted or in a proprietary application non-readable format. Conversely, non-ASCII packets from well-known protocols and protocols with some ASCII data are fully captured as they may be potentially useful for network analysis. We have named this approach as selective capping, and we have implemented and integrated it into a high-speed network driver and a software module at user level, to make its operation more transparent and faster to upper layer applications. The results are promising, and selective capping achieves multi-Gb/s rates by exploiting low-level hardware and software techniques to meet the fastest network rates. [ABSTRACT FROM PUBLISHER] |
| Databáze: |
Complementary Index |
| Externí odkaz: |
|
