Our goal is to build passive monitoring equipment for use at 10Gb/s (e.g. 10GE and OC-192) and above. We already have in place an OC-48 passive monitoring system for capturing and storing a detailed record for every packet. But because of constraints on storage and bus bandwidth this will not be feasible at 10Gb/s and above. Therefore, taking advantage of the fact that packets can be considered as belonging to flows, our system will store per-flow records that are created at the time of capture, and stored alongside small per-packet records. This way storage requirements can be reduced several-fold. Results indicate that it will be possible to capture and store detailed flow information at OC-192 without losing much information compared to our OC-48 packet traces.
展开▼
