faraday

PF_RING - High-Speed Packet Capture, Filtering And Analysis


PF_RING™ is a new type of network socket that dramatically improves the packet capture speed, and that’s characterized by the following properties:
  1. Available for Linux kernels 2.6.32 and newer.
  2. No need to patch the kernel: just load the kernel module.
  3. 10 Gbit Hardware Packet Filtering using commodity network adapters
  4. User-space ZC (new generation DNA, Direct NIC Access) drivers for extreme packet capture/transmission speed as the NIC NPU (Network Process Unit) is pushing/getting packets to/from userland without any kernel intervention. Using the 10Gbit ZC driver you can send/received at wire-speed at any packet sizes.
  5. PF_RING ZC library for distributing packets in zero-copy across threads, applications, Virtual Machines.
  6. Device driver independent.
  7. Support of Accolade, Exablaze, Endace, Fiberblaze, Inveatech, Mellanox, Myricom/CSPI, Napatech, Netcope and Intel (ZC) network adapters.
  8. Kernel-based packet capture and sampling.
  9. Libpcap support (see below) for seamless integration with existing pcap-based applications.
  10. Ability to specify hundred of header filters in addition to BPF.
  11. Content inspection, so that only packets matching the payload filter are passed.
  12. PF_RING™ plugins for advanced packet parsing and content filtering.

If you want to know about PF_RING™ internals or for the User’s Manual visit the Documentation section.



PF_RING - High-Speed Packet Capture, Filtering And Analysis PF_RING - High-Speed Packet Capture, Filtering And Analysis Reviewed by Zion3R on 5:28 PM Rating: 5