PF_RING – High-Speed Packet Capture, Filtering And Analysis

PF_RING™ is a new type of network socket that dramatically improves the packet capture speed, and that’s characterized by the following properties:Available for Linux kernels 2.6.32 and newer.No need to patch the kernel: just load the kernel module.10 Gbit Hardware Packet Filtering using commodity network adaptersUser-space ZC (new generation DNA, Direct NIC Access) drivers for extreme packet capture/transmission speed as the NIC NPU (Network Process Unit) is pushing/getting packets to/from userland without any kernel intervention. Using the 10Gbit ZC driver you can send/received at wire-speed at any packet sizes.PF_RING ZC library for distributing packets in zero-copy across threads, applications, Virtual Machines.Device driver independent.Support of Accolade, Exablaze, Endace, Fiberblaze, Inveatech, Mellanox, Myricom/CSPI, Napatech, Netcope and Intel (ZC) network adapters.Kernel-based packet capture and sampling.Libpcap support (see below) for seamless integration with existing pcap-based applications.Ability to specify hundred of header filters in addition to BPF.Content inspection, so that only packets matching the payload filter are passed.PF_RING™ plugins for advanced packet parsing and content filtering.If you want to know about PF_RING™ internals or for the User’s Manual visit the Documentation section.Download PF_RING

Link: http://feedproxy.google.com/~r/PentestTools/~3/JHNjKGg4NWI/pfring-high-speed-packet-capture.html