TICKETing High-Speed Traffic with Commodity Hardware and Software
TL;DRAbstract
While tcpdump is an invaluable monitoring tool that has held up remarkably well for over a decade, it is showing its age. Network speeds have recently outstripped the ability of ‘stock ’ tcpdump running on commodity hardware to keep up with the network, rendering it incapable of monitoring traffic at gigabit-per-second (Gbps) speeds. Tests over Gigabit Ethernet showed that tcpdump could monitor and record traffic at speeds no greater than 250 Mbps with O(ms) time granularity. To achieve monitoring at Gbps speeds and O(ns) time granularity with commodity parts, we present TICKET – the Traffic Information-Collecting Kernel with Exact Timing. TICKET combines efficient commodity-based hardware and software in an architecture that hides disk latency and bandwidth.
Chat with Paper
AI Agents for this Paper
While tcpdump is an invaluable monitoring tool that has held up remarkably well for over a decade, it is showing its age. Network speeds have recently outstripped the ability of ‘stock ’ tcpdump running on commodity hardware to keep up with the network, rendering it incapable of monitoring traffic at gigabit-per-second (Gbps) speeds. Tests over Gigabit Ethernet showed that tcpdump could monitor and record traffic at speeds no greater than 250 Mbps with O(ms) time granularity. To achieve monitoring at Gbps speeds and O(ns) time granularity with commodity parts, we present TICKET – the Traffic Information-Collecting Kernel with Exact Timing. TICKET combines efficient commodity-based hardware and software in an architecture that hides disk latency and bandwidth.
Keywords
Chat
Click to start Chat