A framework of designing a Packet Filter for Low Cost Network Monitoring

The extensive use of computers and networks for exchange of information has ramifications on the growth and spread of crime through their uses. Law enforcement agencies need to keep up with the emerging trends in these areas for crime detection and prevention. Among the several needs of such agencies is the need to monitor, detect and analyze undesirable network traffic. However, the monitoring, detecting, and analysis of this traffic may be against the goal of maintaining privacy of individuals whose network communications are being monitored. While the majority of network operators rely on low-cost open-source tools based on commodity hardware and operating systems, the increasing link speeds and complexity of network monitoring applications have revealed inefficiencies in the existing software organization, which may prohibit the use of such tools in high-speed networks. Although several new architectures have been proposed to address these problems, they require significant effort in re-engineering the existing body of applications. To serve this purpose, the authors are in process of developing a low cost network-monitoring tool. In this paper the authors present an alternative approach that addresses the primary sources of inefficiency without significantly altering the software structure. The authors propose a framework of designing a packet liter for low cost network monitoring that will be further used as a module of above-mentioned project