SEP Packet Capturing Using the Linux Netfilter Framework Ivan Pronchev
|
|
|
- Alban Daniels
- 8 years ago
- Views:
Transcription
1 SEP Packet Capturing Using the Linux Netfilter Framework Ivan Pronchev
2 Today's Agenda Goals of the Project Motivation Revision Design Enhancements tcpdump vs kernel sniffer Interesting and Future Questions
3 Goals of the Project Approaching Linux netfilter framework Developing kernel sniffer Comparing with an existing packet capturing tool
4 Motivation Finding ways to improve capturing rates Userspace vs Kernelspace
5 Revision Linux Netfilter Framework Main Data Structures Receive Livelock Processing Multiple Frames During an Interrupt(NAPI) NAPI/non NAPI Frame Reception Packet Path through the IP Kernel Stack Netfilter Hooks in Details Kernel Sniffer
6 interrupt handler Non NAPI device driver interrupt handler NAPI device driver Research Unit VIII: Network Architectures NAPI/non NAPI Frame Reception TCP/IP Protokoll ARP Protokoll Ipv6 Protokoll ip_rcv arp_rcv... ipv6_rcv packet_rcv packet_type >func packet_type >func netif_receive_skb process_backlog Non NAPI netif_receive_skb NAPI netif_rx_schedule netif_rx dev >poll eth0 net_rx_action netif_rx_schedule netif_rx_schedule
7 L4 Protocols ip_push_pending_frames ip_queue_xmit IPv4 Kernel Stack raw_send_hdrinc Transport/L4 protocols Receive Routine NF_IP_LOCAL_OUT ip_output ip_finish_output NF_IP_POST_ROUTING ip_forward_finish NF_IP_FORWARDING ip_forward ip_local_deliver_finish NF_IP_LOCAL_IN ip_local_deliver ip_rcv_finish ip_finish_output2 hard_start_xmit Device Driver NF_IP_PRE_ROUTING ip_rcv
8 Design How to capture packets? How file operations work in kernelspace? How to capture packets and write them into a file?
9 Design How to capture packets? NF_IP_PRE_ROUTING ROUTE NF_IP_FORWARD NF_IP_POST_ROUTING ROUTE NF_IP_LOCAL_IN NF_IP_LOCAL_OUT
10 Design How file operations work in kernelspace? Userspace applications open close read write... System call interface VFS Ext2 Ext3 DOS...
11 Design How file operations work in kernelspace? Storage device Superblock include/linux/fs.h Inode Inode Process A File Dentry Dentry Process B File include/linux/dcache.h
12 Not possible: context switch disabled in nf_hook_slow while writing invokes scheduling if necessary! Research Unit VIII: Network Architectures Design How to capture packets and write them into a file? NF_IP_PRE_ROUTING NF_HOOK nf_hook_slow nf_iterate nf_hooks[pf][pre_routing] nf_hook_ops.hook ROUTE NF_IP_LOCAL_IN NF_IP_FORWARD NF_IP_POST_ROUTING ROUTE NF_IP_LOCAL_OUT Writing packets into a file
![NF_IP_PRE_ROUTING NF_HOOK nf_hook_slow nf_iterate nf_hooks[pf][pre_routing] nf_hook_ops.](/docs-images/40/10551510/images/page_12.jpg "hook ROUTE NF_IP_LOCAL_IN NF_IP_FORWARD NF_IP_POST_ROUTING ROUTE NF_IP_LOCAL_OUT Writing packets")
13 Design How to capture packets and write them into a file? NF_IP_PRE_ROUTING hook_func ROUTE NF_IP_FORWARD NF_IP_POST_ROUTING hook_func ROUTE NF_IP_LOCAL_IN NF_IP_LOCAL_OUT skbuff_queue kernel thread log.pcap How to store the packets until further procession? pcap header pcap packet header packet pcap packet header packet...
14 Design VFS filp_open IPv4 Stack NF_IP_POST_ROUTING hook_func NF_IP_PRE_ROUTING hook_func VFS file >f_op >write dev_set_promiscuity net_enable_timestamp nf_register_hook kernel_thread dev0 dev1 devn sk_buff_head sk_buff sk_buff kernel_thread threaded_write VFS file >f_op >write log.pcap pcap header pcap packet header packet pcap packet header packet...
15 ip_rcv int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev) { 1. When the interface is in promiscuous mode drop all the crap that it receives, do not try to analyze it. if (skb >pkt_type == PACKET_OTHERHOST) goto drop; Call the prerouting netfilter hook. return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL, ip_rcv_finish); 3.By error discard the sk_buff structure. inhdr_error: drop: kfree_skb(skb); out: }
16 Design VFS filp_open IPv4 Stack NF_IP_POST_ROUTING hook_func NF_IP_PRE_ROUTING hook_func VFS file >f_op >write dev_set_promiscuity net_enable_timestamp nf_register_hook dev_add_pack kernel_thread dev0 dev1 devn ptype_all ksniff_rcv VFS file >f_op >write sk_buff_head sk_buff sk_buff kernel_thread threaded_write VFS file >f_op >writev log.pcap pcap header pcap packet header packet pcap packet header packet...
17 Communication through the procfs start,stop,restart Interaction with the sniffer queue_size device_name logfile snaplen Statistics Errors Received packets Captured packets Enhancements Logging packets from a certain network device
18 tcpdump vs kernel sniffer Test machine: Athlon XP 1800, RAM:256 maximal disk's write speed ~ 34 MB/s TEST 1 : kernel sniffer, snaplen=1500 TEST 1: tcpdump, snaplen=1500 Packets: (1496byte,0frags) 70808pps 847Mb/sec ( bps) errors: 0 Packets: (1496byte,0frags) 70800pps 847Mb/sec ( bps) errors: 0 Captured packets: Received packets: packets captured packets received by filter
19 tcpdump vs kernel sniffer TEST 2: kernel sniffer, snaplen=96 TEST 2: tcpdump, snaplen=96 Packets: (1496byte,0frags) Packets: (1496byte,0frags) 70799pps 847Mb/sec ( bps) errors: pps 847Mb/sec ( bps) errors: 0 Captured packets: Received packets: TEST 3: kernel sniffer, snaplen= packets captured packets received by filter TEST 3: tcpdump, snaplen=1500 Packets: (1496byte,0frags) Packets: (1496byte,0frags) 47274pps 565Mb/sec ( bps) errors: pps 563Mb/sec ( bps) errors: 0 Captured packets: Received packets: packets captured packets received by filter
20 Queue vs Ring buffer Interesting and Future Questions Direct IO vs non Direct IO file operations Finding ways to improve capturing rates
21 Thanks for the attention
Network packet capture in Linux kernelspace
Network packet capture in Linux kernelspace An overview of the network stack in the Linux kernel Beraldo Leal beraldo@ime.usp.br http://www.ime.usp.br/~beraldo/ Institute of Mathematics and Statistics
Operating Systems Design 16. Networking: Sockets
Operating Systems Design 16. Networking: Sockets Paul Krzyzanowski pxk@cs.rutgers.edu 1 Sockets IP lets us send data between machines TCP & UDP are transport layer protocols Contain port number to identify
IMPROVING PERFORMANCE OF SMTP RELAY SERVERS AN IN-KERNEL APPROACH MAYURESH KASTURE. (Under the Direction of Kang Li) ABSTRACT
IMPROVING PERFORMANCE OF SMTP RELAY SERVERS AN IN-KERNEL APPROACH by MAYURESH KASTURE (Under the Direction of Kang Li) ABSTRACT With continuous increase in average size and number of e-mails on the Internet,
IP Layer Implementatoin of Linux Kernel Stack
IP Layer Implementatoin of Linux Kernel Stack Fida Ullah Khattak Department of Communication and Networking School of Electrical Engineering Aalto University fidaullahkhattak@aaltofi ABSTRACT The foundations
Netfilter s connection tracking system
PABLO NEIRA AYUSO Netfilter s connection tracking system Pablo Neira Ayuso has an M.S. in computer science and has worked for several companies in the IT security industry, with a focus on open source
VENKATAMOHAN, BALAJI. Automated Implementation of Stateful Firewalls in Linux. (Under the direction of Ting Yu.)
ABSTRACT VENKATAMOHAN, BALAJI. Automated Implementation of Stateful Firewalls in Linux. (Under the direction of Ting Yu.) Linux Firewalls are the first line of defense for any Linux machine connected to
Introduction to Linux Virtual Server and High Availability
Outlines Introduction to Linux Virtual Server and High Availability Chen Kaiwang kaiwang.chen@gmail.com December 5, 2011 Outlines If you don t know the theory, you don t have a way to be rigorous. Robert
Lab 6: Building Your Own Firewall
CS498 Systems and Networking Lab Spring 2012 Lab 6: Building Your Own Firewall Instructor: Matthew Caesar Due: Firewalls are widely deployed technologies for protecting networks from unauthorized access
AIR FORCE INSTITUTE OF TECHNOLOGY
PERFORMANCE CHARACTERISTICS OF A KERNEL-SPACE PACKET CAPTURE MODULE THESIS Samuel W. Birch, IA-04, DAF AFIT/GCO/ENG/10-03 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF TECHNOLOGY Wright-Patterson
A Research Study on Packet Sniffing Tool TCPDUMP
A Research Study on Packet Sniffing Tool TCPDUMP ANSHUL GUPTA SURESH GYAN VIHAR UNIVERSITY, INDIA ABSTRACT Packet sniffer is a technique of monitoring every packet that crosses the network. By using this
RFC 2544 Performance Evaluation for a Linux Based Open Router
RFC 2544 Performance Evaluation for a Linux Based Open Router Raffaele Bolla, Roberto Bruschi DIST - Department of Communications, Computer and Systems Science University of Genoa Via Opera Pia 13, 16145
Intro to Linux Kernel Firewall
Intro to Linux Kernel Firewall Linux Kernel Firewall Kernel provides Xtables (implemeted as different Netfilter modules) which store chains and rules x_tables is the name of the kernel module carrying
An Approach for Network Forwarding Systems Quality
An Approach for Network Forwarding Systems Quality WILLIAM M. FITZGERALD GEORGE G. MITCHELL JAMES DOODY Department of Computer Science, Department of Computing National University of Ireland, Maynooth.
Red Hat Linux Internals
Red Hat Linux Internals Learn how the Linux kernel functions and start developing modules. Red Hat Linux internals teaches you all the fundamental requirements necessary to understand and start developing
Xinying Wang, Cong Xu CS 423 Project
Understanding Linux Network Device Driver and NAPI Mechanism Xinying Wang, Cong Xu CS 423 Project Outline Ethernet Introduction Ethernet Frame MAC address Linux Network Driver Intel e1000 driver Important
Linux Driver Devices. Why, When, Which, How?
Bertrand Mermet Sylvain Ract Linux Driver Devices. Why, When, Which, How? Since its creation in the early 1990 s Linux has been installed on millions of computers or embedded systems. These systems may
A SIMPLE WAY TO CAPTURE NETWORK TRAFFIC: THE WINDOWS PACKET CAPTURE (WINPCAP) ARCHITECTURE. Mihai Dorobanţu, M.Sc., Mihai L. Mocanu, Ph.D.
A SIMPLE WAY TO CAPTURE NETWORK TRAFFIC: THE WINDOWS PACKET CAPTURE (WINPCAP) ARCHITECTURE Mihai Dorobanţu, M.Sc., Mihai L. Mocanu, Ph.D. Department of Software Engineering, School of Automation, Computers
Linux Firewall Lab. 1 Overview. 2 Lab Tasks. 2.1 Task 1: Firewall Policies. Laboratory for Computer Security Education 1
Laboratory for Computer Security Education 1 Linux Firewall Lab Copyright c 2006-2011 Wenliang Du, Syracuse University. The development of this document is funded by the National Science Foundation s Course,
Linux Kernel Networking. Raoul Rivas
Linux Kernel Networking Raoul Rivas Kernel vs Application Programming No memory protection Memory Protection We share memory with devices, scheduler Sometimes no preemption Can hog the CPU Segmentation
Packet Capture, Filtering and Analysis
Today s Challenges with 20 Years Old Issues alexandre.dulaunoy@circl.lu January 20, 2012 Promiscuous mode Introduction Promiscuous mode BPF BPF - Filter Syntax BPF - Filter Syntax 2 BPF - Filter Syntax
Open Source Traffic Analyzer
Open Source Traffic Analyzer DANIEL TURULL TORRENTS K T H I n f o r m a t i o n a n d C o m m u n i c a t i o n T e c h n o l o g y Master of Science Thesis Stockholm, Sweden 2010 TRITA-ICT-EX-2010:125
KVM Architecture Overview
KVM Architecture Overview 2015 Edition Stefan Hajnoczi 1 Introducing KVM virtualization KVM hypervisor runs virtual machines on Linux hosts Mature on x86, recent progress on ARM and
How to replicate the fire: HA for netfilter based firewalls
How to replicate the fire: HA for netfilter based firewalls Harald Welte Netfilter Core Team + Astaro AG laforge@gnumonks.org laforge@astaro.com http://www.gnumonks.org/ Abstract With traditional, stateless
ct_sync: state replication of ip_conntrack
ct_sync: state replication of ip_conntrack Harald Welte netfilter core team / Astaro AG / hmw-consulting.de laforge@gnumonks.org Abstract sytem. With traditional, stateless firewalling (such as ipfwadm,
Bandwidth Management in MPLS Networks
School of Electronic Engineering - DCU Broadband Switching and Systems Laboratory 1/17 Bandwidth Management in MPLS Networks Sanda Dragos & Radu Dragos Supervised by Dr. Martin Collier email: dragoss@eeng.dcu.ie
Lab VI Capturing and monitoring the network traffic
Lab VI Capturing and monitoring the network traffic 1. Goals To gain general knowledge about the network analyzers and to understand their utility To learn how to use network traffic analyzer tools (Wireshark)
Firewalls. Chien-Chung Shen cshen@cis.udel.edu
Firewalls Chien-Chung Shen cshen@cis.udel.edu The Need for Firewalls Internet connectivity is essential however it creates a threat vs. host-based security services (e.g., intrusion detection), not cost-effective
Linux LKM Firewall v 0.95 (2/5/2010)
600/650.424 Network Security Linux LKM Firewall 1 1 Overview Linux LKM Firewall v 0.95 (2/5/2010) The learning objective of this project is for you to understand how firewalls work by designing and implementing
Linux Software Router: Data Plane Optimization and Performance Evaluation
6 JOURNAL OF NETWORKS, VOL. 2, NO. 3, JUNE 27 Linux Software Router: Data Plane Optimization and Performance Evaluation Raffaele Bolla and Roberto Bruschi DIST - Department of Communications, Computer
CS 377: Operating Systems. Outline. A review of what you ve learned, and how it applies to a real operating system. Lecture 25 - Linux Case Study
CS 377: Operating Systems Lecture 25 - Linux Case Study Guest Lecturer: Tim Wood Outline Linux History Design Principles System Overview Process Scheduling Memory Management File Systems A review of what
IgH Master 1.5.2 Documentation
IgH Master 1.5.2 Documentation Dipl.-Ing. (FH) Florian Pose, fp@igh-essen.com Ingenieurgemeinschaft Essen, December 10, 2013 Revision 72b61b089625 ii 72b61b089625, 2013/12/10 Contents Conventions....................................
Network forensics 101 Network monitoring with Netflow, nfsen + nfdump
Network forensics 101 Network monitoring with Netflow, nfsen + nfdump www.enisa.europa.eu Agenda Intro to netflow Metrics Toolbox (Nfsen + Nfdump) Demo www.enisa.europa.eu 2 What is Netflow Netflow = Netflow
How To Monitor And Test An Ethernet Network On A Computer Or Network Card
3. MONITORING AND TESTING THE ETHERNET NETWORK 3.1 Introduction The following parameters are covered by the Ethernet performance metrics: Latency (delay) the amount of time required for a frame to travel
Improving Passive Packet Capture: Beyond Device Polling
Improving Passive Packet Capture: Beyond Device Polling Luca Deri NETikos S.p.A. Via del Brennero Km 4, Loc. La Figuretta 56123 Pisa, Italy Email: luca.deri@netikos.com http://luca.ntop.org/ Abstract Passive
Presentation of Diagnosing performance overheads in the Xen virtual machine environment
Presentation of Diagnosing performance overheads in the Xen virtual machine environment September 26, 2005 Framework Using to fix the Network Anomaly Xen Network Performance Test Using Outline 1 Introduction
Monitoring high-speed networks using ntop. Luca Deri <deri@ntop.org>
Monitoring high-speed networks using ntop Luca Deri 1 Project History Started in 1997 as monitoring application for the Univ. of Pisa 1998: First public release v 0.4 (GPL2) 1999-2002:
Assessing the Performance of Virtualization Technologies for NFV: a Preliminary Benchmarking
Assessing the Performance of Virtualization Technologies for NFV: a Preliminary Benchmarking Roberto Bonafiglia, Ivano Cerrato, Francesco Ciaccia, Mario Nemirovsky, Fulvio Risso Politecnico di Torino,
Software Datapath Acceleration for Stateless Packet Processing
June 22, 2010 Software Datapath Acceleration for Stateless Packet Processing FTF-NET-F0817 Ravi Malhotra Software Architect Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions
Optimizing Point-to-Point Ethernet Cluster Communication
Department of Computer Science Chair of Computer Architecture Diploma Thesis Optimizing Point-to-Point Ethernet Cluster Communication Mirko Reinhardt Chemnitz, February 28, 2006 Supervisor: Advisor: Prof.
Enabling Linux* Network Support of Hardware Multiqueue Devices
Enabling Linux* Network Support of Hardware Multiqueue Devices Zhu Yi Intel Corp. yi.zhu@intel.com Peter P. Waskiewicz, Jr. Intel Corp. peter.p.waskiewicz.jr@intel.com Abstract In the Linux kernel network
Network Administration and Monitoring
Network Administration and Monitoring Alessandro Barenghi Dipartimento di Elettronica, Informazione e Bioingengeria Politecnico di Milano barenghi - at - elet.polimi.it April 17, 2013 Recap What did we
Linux Virtual Server Tutorial
Linux Virtual Server Tutorial Horms (Simon Horman) horms@valinux.co.jp VA Linux Systems Japan, K.K. www.valinux.co.jp with assistance from NTT Comware Corporation www.nttcom.co.jp July 2003 http://www.ultramonkey.org/
OpenBSD. network stack internals
OpenBSD network stack internals by The OpenBSD network stack is under constant development mainly to implement features that are more and more used in todays core networks. Various changes were made over
Improving Passive Packet Capture: Beyond Device Polling
Improving Passive Packet Capture: Beyond Device Polling Luca Deri NETikos S.p.A. Via Matteucci 34/b 56124 Pisa, Italy Email: luca.deri@netikos.com http://luca.ntop.org/ Abstract Passive packet capture
Tracing your virtual machines
trace-cmd virt-server Tracing your virtual machines Steven Rostedt rostedt@goodmis.org srostedt@redhat.com ftrace - review The official tracer of the Linux kernel Located in the tracefs/debugfs directory
Linux Networking Stack
Linux Networking Stack Kiran Divekar 28th May 2014 Agenda System calls in Networking world Client server model Linux networking stack Evolution of networking stack Driver Interface Introduction to Wifi
The Performance Analysis of Linux Networking Packet Receiving
The Performance Analysis of Linux Networking Packet Receiving Wenji Wu, Matt Crawford Fermilab CHEP 2006 wenji@fnal.gov, crawdad@fnal.gov Topics Background Problems Linux Packet Receiving Process NIC &
Wire-speed Packet Capture and Transmission
Wire-speed Packet Capture and Transmission Luca Deri Packet Capture: Open Issues Monitoring low speed (100 Mbit) networks is already possible using commodity hardware and tools based on libpcap.
HONE: Correlating Host activities to Network communications to produce insight
HONE: Correlating Host activities to Network communications to produce insight GLENN A. FINK, PH.D. Senior Scientist, Secure Cyber Systems SEAN STORY, PMP Project Manager, Software Engineering & Architectures
Performance of Software Switching
Performance of Software Switching Based on papers in IEEE HPSR 2011 and IFIP/ACM Performance 2011 Nuutti Varis, Jukka Manner Department of Communications and Networking (COMNET) Agenda Motivation Performance
Load Balancer Comparison: a quantitative approach. a call for researchers ;)
Load Balancer Comparison: a quantitative approach a call for researchers ;) Complex Internet infrastructure high performance systems clusters grids high availability systems resilient storage resilient
The Lagopus SDN Software Switch. 3.1 SDN and OpenFlow. 3. Cloud Computing Technology
3. The Lagopus SDN Software Switch Here we explain the capabilities of the new Lagopus software switch in detail, starting with the basics of SDN and OpenFlow. 3.1 SDN and OpenFlow Those engaged in network-related
Netfilter / IPtables
Netfilter / IPtables Stateful packet filter firewalling with Linux Antony Stone Antony.Stone@Open.Source.IT Netfilter / IPtables Quick review of TCP/IP networking & firewalls Netfilter & IPtables components
Operating Systems. Design and Implementation. Andrew S. Tanenbaum Melanie Rieback Arno Bakker. Vrije Universiteit Amsterdam
Operating Systems Design and Implementation Andrew S. Tanenbaum Melanie Rieback Arno Bakker Vrije Universiteit Amsterdam Operating Systems - Winter 2012 Outline Introduction What is an OS? Concepts Processes
Outline. Operating Systems Design and Implementation. Chap 1 - Overview. What is an OS? 28/10/2014. Introduction
Operating Systems Design and Implementation Andrew S. Tanenbaum Melanie Rieback Arno Bakker Outline Introduction What is an OS? Concepts Processes and Threads Memory Management File Systems Vrije Universiteit
Have both hardware and software. Want to hide the details from the programmer (user).
Input/Output Devices Chapter 5 of Tanenbaum. Have both hardware and software. Want to hide the details from the programmer (user). Ideally have the same interface to all devices (device independence).
Active-Active Servers and Connection Synchronisation for LVS
Active-Active Servers and Connection Synchronisation for LVS Simon Horman (Horms) horms@valinux.co.jp VA Linux Systems Japan K.K. www.valinux.co.jp with assistance from NTT Commware Coporation www.nttcom.co.jp
Datacenter Operating Systems
Datacenter Operating Systems CSE451 Simon Peter With thanks to Timothy Roscoe (ETH Zurich) Autumn 2015 This Lecture What s a datacenter Why datacenters Types of datacenters Hyperscale datacenters Major
Load Balancing - Single Multipath Route HOWTO
Load Balancing - Single Multipath Route HOWTO Shakthi Kannan, shaks_wants_no_spam_at_shakthimaan_dot_com January 5, 2007 Revision: 1.2 Abstract This documentation provides the steps to setup load-balancing
Heavy and Lightweight Dynamic Network Services : Challenges and Experiments for Designing Intelligent Solutions in Evolvable Next Generation Networks
Heavy and Lightweight Dynamic Network Services : Challenges and Experiments for Designing Intelligent Solutions in Evolvable Next Generation Networks Laurent Lefèvre INRIA /LIP (UMR CNRS, INRIA, ENS, UCB)
Lab 5 Explicit Proxy Performance, Load Balancing & Redundancy
Lab 5 Explicit Proxy Performance, Load Balancing & Redundancy Objectives The purpose of this lab is to demonstrate both high availability and performance using virtual IPs coupled with DNS round robin
CS 416: Opera-ng Systems Design
Question 1 Explain the major difference between a file system that supports journaling (e.g., Linux ext4) versus a log-structured file system (e.g., YAFFS2). Operating Systems 2015 Exam 3 Review Paul Krzyzanowski
Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks
Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks *Abhishek Vora B. Lakshmi C.V. Srinivas National Remote Sensing Center (NRSC), Indian Space Research Organization (ISRO),
Question: 3 When using Application Intelligence, Server Time may be defined as.
1 Network General - 1T6-521 Application Performance Analysis and Troubleshooting Question: 1 One component in an application turn is. A. Server response time B. Network process time C. Application response
Useful USB Gadgets on Linux
Useful USB Gadgets on Linux February, 2012 Gary Bisson Adeneo Embedded Embedded Linux Conference 2012 1 Agenda Introduction to USB USB Gadget API Existing Gadgets Design your own Gadget Demo Conclusion
Lecture 5. User-Mode Linux. Jeff Dike. November 7, 2012. Operating Systems Practical. OSP Lecture 5, UML 1/33
Lecture 5 User-Mode Linux Jeff Dike Operating Systems Practical November 7, 2012 OSP Lecture 5, UML 1/33 Contents User-Mode Linux Keywords Resources Questions OSP Lecture 5, UML 2/33 Outline User-Mode
Wireshark in a Multi-Core Environment Using Hardware Acceleration Presenter: Pete Sanders, Napatech Inc. Sharkfest 2009 Stanford University
Wireshark in a Multi-Core Environment Using Hardware Acceleration Presenter: Pete Sanders, Napatech Inc. Sharkfest 2009 Stanford University Napatech - Sharkfest 2009 1 Presentation Overview About Napatech
Tyche: An efficient Ethernet-based protocol for converged networked storage
Tyche: An efficient Ethernet-based protocol for converged networked storage Pilar González-Férez and Angelos Bilas 30 th International Conference on Massive Storage Systems and Technology MSST 2014 June
A way towards Lower Latency and Jitter
A way towards Lower Latency and Jitter Jesse Brandeburg jesse.brandeburg@intel.com Intel Ethernet BIO Jesse Brandeburg A senior Linux developer in the Intel LAN Access Division,
Chapter 10 Case Study 1: LINUX
MODERN OPERATING SYSTEMS Third Edition ANDREW S. TANENBAUM Chapter 10 Case Study 1: LINUX History of UNIX and Linux UNICS PDP-11 UNIX Portable UNIX Berkeley UNIX Standard UNIX MINIX Linux UNIX/Linux Goals
IO Visor Project Overview
IO Visor Project Overview IO Visor: Introduction 2 Data Center Trends Infrastructure Transformation Cloud-based Applications Accelerating and driving the IT industry to seek faster service delivery and
Packet Sniffing and Spoofing Lab
SEED Labs Packet Sniffing and Spoofing Lab 1 Packet Sniffing and Spoofing Lab Copyright c 2014 Wenliang Du, Syracuse University. The development of this document is/was funded by the following grants from
Advanced Computer Networks. Network I/O Virtualization
Advanced Computer Networks 263 3501 00 Network I/O Virtualization Patrick Stuedi Spring Semester 2014 Oriana Riva, Department of Computer Science ETH Zürich 1 Outline Last week: Today: Software Defined
Intel DPDK Boosts Server Appliance Performance White Paper
Intel DPDK Boosts Server Appliance Performance Intel DPDK Boosts Server Appliance Performance Introduction As network speeds increase to 40G and above, both in the enterprise and data center, the bottlenecks
A Comparative Study on Vega-HTTP & Popular Open-source Web-servers
A Comparative Study on Vega-HTTP & Popular Open-source Web-servers Happiest People. Happiest Customers Contents Abstract... 3 Introduction... 3 Performance Comparison... 4 Architecture... 5 Diagram...
Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users
Linux firewall Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users Linux firewall Linux is a open source operating system and any firewall
Ulogd2, Advanced firewall logging
Ulogd2, Advanced firewall logging INL 172 rue de Charonne 75011 Paris, France RMLL 2009, July 8, Nantes Ulogd2, Netfilter logging reloaded 1/ 38 Some words about me NuFW main developper INL co-founder
ncap: Wire-speed Packet Capture and Transmission
ncap: Wire-speed Packet Capture and Transmission L. Deri ntop.org Pisa Italy deri@ntop.org Abstract With the increasing network speed, it is no longer possible to capture and transmit network packets at
Network Virtualization Technologies and their Effect on Performance
Network Virtualization Technologies and their Effect on Performance Dror Goldenberg VP Software Architecture TCE NFV Winter School 2015 Cloud Computing and NFV Cloud - scalable computing resources (CPU,
Packet Sniffers. * Windows and Linux - Wireshark
Packet Sniffers The following are tools that are either built in to the software or freeware that can be obtained from the website indicated. They are used by the corresponding Operating Systems. * Windows
INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK PACKET SNIFFING MS. SONALI A. KARALE 1, MS. PUNAM P. HARKUT 2 HVPM COET Amravati.
Practical Network Forensics
BCS-ISSG Practical Network Forensics Day BCS, London Practical Network Forensics Alan Woodroffe issg@securesystemssupport.co.uk www.securesystemssupport.co.uk Copyright Secure Systems Support Limited.
Bridgewalling - Using Netfilter in Bridge Mode
Bridgewalling - Using Netfilter in Bridge Mode Ralf Spenneberg, ralf@spenneberg.net Revision : 1.5 Abstract Firewalling using packet filters is usually performed by a router. The packet filtering software
Design of an Application Programming Interface for IP Network Monitoring
Design of an Application Programming Interface for IP Network Monitoring Evangelos P. Markatos Kostas G. Anagnostakis Arne Øslebø Michalis Polychronakis Institute of Computer Science (ICS), Foundation
EXPLORING LINUX KERNEL: THE EASY WAY!
EXPLORING LINUX KERNEL: THE EASY WAY! By: Ahmed Bilal Numan 1 PROBLEM Explore linux kernel TCP/IP stack Solution Try to understand relative kernel code Available text Run kernel in virtualized environment
I3: Maximizing Packet Capture Performance. Andrew Brown
I3: Maximizing Packet Capture Performance Andrew Brown Agenda Why do captures drop packets, how can you tell? Software considerations Hardware considerations Potential hardware improvements Test configurations/parameters
Linux Networking Basics
Linux Networking Basics Naveen.M.K, Protocol Engineering & Technology Unit, Electrical Engineering Department, Indian Institute of Science, Bangalore - 12. Outline Basic linux networking commands Servers
point to point and point to multi point calls over IP
Helsinki University of Technology Department of Electrical and Communications Engineering Jarkko Kneckt point to point and point to multi point calls over IP Helsinki 27.11.2001 Supervisor: Instructor:
Attacking the TCP Reassembly Plane of Network Forensics Tools
Attacking the TCP Reassembly Plane of Network Forensics Tools Gérard 12 Thomas Engel 1 1 University of Luxembourg - SECAN LAB 2 SES ASTRA Outline Introduction Definitions and terminology A PCAP file contains
PRODUCTIVITY ESTIMATION OF UNIX OPERATING SYSTEM
Computer Modelling & New Technologies, 2002, Volume 6, No.1, 62-68 Transport and Telecommunication Institute, Lomonosov Str.1, Riga, LV-1019, Latvia STATISTICS AND RELIABILITY PRODUCTIVITY ESTIMATION OF
CS 5410 - Computer and Network Security: Firewalls
CS 5410 - Computer and Network Security: Firewalls Professor Kevin Butler Fall 2015 Firewalls A firewall... is a physical barrier inside a building or vehicle, designed to limit the spread of fire, heat
Implementation and Performance Evaluation of M-VIA on AceNIC Gigabit Ethernet Card
Implementation and Performance Evaluation of M-VIA on AceNIC Gigabit Ethernet Card In-Su Yoon 1, Sang-Hwa Chung 1, Ben Lee 2, and Hyuk-Chul Kwon 1 1 Pusan National University School of Electrical and Computer
Data Center Bridging Attributes. John Fastabend LAN Access Division, Intel Corp.
Data Center Bridging Attributes John Fastabend LAN Access Division, Intel Corp. Agenda History & Background Knowledge Use Cases (Do we need a single API) DCB Infrastructure net_device model DCB Infrastructure
batman-adv scalability
batman-adv scalability Layer 2 Mesh Networks - Myths and Risks Linus Lüssing Freifunk Hamburg Geekend02, Sep. 2013 Outline Introduction 1 Introduction Layer 2 Mesh Networks 2 Experiences From Lübeck 3
Collecting Packet Traces at High Speed
Collecting Packet Traces at High Speed Gorka Aguirre Cascallana Universidad Pública de Navarra Depto. de Automatica y Computacion 31006 Pamplona, Spain aguirre.36047@e.unavarra.es Eduardo Magaña Lizarrondo
Introduction to Network Security Lab 1 - Wireshark
Introduction to Network Security Lab 1 - Wireshark Bridges To Computing 1 Introduction: In our last lecture we discussed the Internet the World Wide Web and the Protocols that are used to facilitate communication
Accelerate In-Line Packet Processing Using Fast Queue
Accelerate In-Line Packet Processing Using Fast Queue Chun-Ying Huang 1, Chi-Ming Chen 1, Shu-Ping Yu 1, Sheng-Yao Hsu 1, and Chih-Hung Lin 1 Department of Computer Science and Engineering, National Taiwan
ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration
ICS 351: Today's plan IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration IP address exhaustion IPv4 addresses are 32 bits long so there
Potential Performance Bottleneck in Linux TCP
To appear in the International Journal of Communication Systems, John Wiley & Sons Ltd, 2006 FERMILAB-PUB-06-432-CD Potential Performance Bottleneck in Linux TCP Wenji Wu *, Matt Crawford * Fermilab, MS-368,
A Distributed, Robust Network Architecture Built on an Ensemble of Open-Source Firewall-Routers Dr Simon A. Boggis IT Services, Queen Mary, University of London JANET Networkshop