Knowing What's Under Your Hood - Implementing a Network Monitoring System

Explore network monitoring systems implementation in this conference talk from Hack3rcon II. Delve into the intricacies of high-speed packet capture, frame processing in FreeBSD and Linux, and various tuning techniques. Learn about PCI buses, kernel structures, and common problems encountered in network monitoring. Discover useful applications like PF_RING for Linux, netmap for FreeBSD, and speedometer. Gain insights into forwarding and relaying architectures, interface drop counts, and strategies for optimizing network monitoring performance.

Intro
What's Network Monitoring?
Focus
where the magic happens
gimme the data
Forwarding/Relaying
Architecture
High Speed Packet Capture
PCI buses
Typical Frame Processing
sk_buff kernel structure
Problems
FreeBSD Frame Processing
FreeBSD Processing cont.
Linux Frame Processing
Tuning: Interrupt Livelock
Tuning: Drivers
libpcap buffers
FreeBSD, interface drop counts
Linux, interface drop counts
PF_RING for Linux
PF_RING DNA
netmap FreeBSD
Useful Applications
speedometer