Performance Characteristics of a Kernel-Space Packet Capture Module

Abstract

This research attempts to improve the efficiency of capturing network packets to disk using commodity, general-purpose hardware and operating systems. It examines the bottlenecks between NIC and disk, implements a kernel-space capture capability to improve storage efficiency, and analyzes the performance characteristics of this approach. Results show that a kernel-space NIC-to-Disk capture module is both possible and beneficial. The proof of concept PKAP kernel-space packet capture module can capture packets to disk with a packet drop rate 8.9% less than the user-space equivalent, at a 95% confidence interval. During the high levels of disk I/O contention produced by queries for the captured data, the PKAP implementation shows a 3% reduction in CPU utilization, and overall the PKAP implementation reduces memory utilization of the capture process by 16%.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2010
Accession Number
ADA516706

Entities

People

  • Samuel W. Birch

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Biomedical
  • Cyber
  • Energy and Power Technologies
  • Human Systems

DTIC Thesaurus Topics

  • Air Force
  • Central Processing Units
  • Computer Network Security
  • Computer Networks
  • Computer Programming
  • Computer Programs
  • Computers
  • Data Links
  • Department Of Defense
  • Device Drivers
  • Information Operations
  • Intrusion Detection
  • Intrusion Detectors
  • Local Area Networks
  • Network Architecture
  • Network Protocols
  • Operating Systems

Fields of Study

  • Computer science

Readers

  • Aerospace Research.
  • Computer Networking
  • Neural Network Machine Learning.

Technology Areas

  • Space