Title :
Bottleneck Analysis of Traffic Monitoring using Wireshark
Author :
Dabir, Abes ; Matrawy, Ashraf
Author_Institution :
Carleton Univ., Ottawa
Abstract :
This paper looks at the bottlenecks associated with packet capturing using commodity hardware in local area networks (LANs) without losing data. Experiments were carried out using the Wireshark packet sniffer to write captured packets directly to disk in a Fast Ethernet network with various test setups. These experiments involved generating large packets at almost line rate. Various sizes of the kernel level buffer associated with the packet capturing socket were also experimented with. As well, a simple multithreaded design with user level buffers was proposed for the capturing application and experiments were carried out with this solution. The results showed that increasing the buffering at either the kernel level or the application level can significantly improve capturing performance. The best results can be achieved by using a mix of increased kernel socket buffering and a multithreaded capturing application with its own store and hold buffers.
Keywords :
local area networks; telecommunication traffic; bottleneck analysis; commodity hardware; fast Ethernet network; local area networks; multithreaded design; packet capturing; packet capturing socket; traffic monitoring; user level buffers; wireshark packet sniffer; Application software; Computerized monitoring; Displays; Ethernet networks; Graphical user interfaces; Kernel; Personal communication networks; Sockets; Systems engineering and theory; Writing;
Conference_Titel :
Innovations in Information Technology, 2007. IIT '07. 4th International Conference on
Conference_Location :
Dubai
Print_ISBN :
978-1-4244-1840-4
Electronic_ISBN :
978-1-4244-1841-1
DOI :
10.1109/IIT.2007.4430446
