数据包捕获解决方案:Stenographer
jopen
10年前
Stenographer是一个完整的数据包捕获工具,用于缓冲数据包到磁盘。实现入侵检测和事件响应的目的。它提供了网卡到磁盘包写入一个高性能实现,当磁盘满时会处理删除这些文件,并且提供了快速和简便地回读这些数据包的特定集合。
它被设计成:
- Write packets to disk, very quickly (~10Gbps on multi-core, multi-disk machines)
- Store as much history as it can (managing disk usage, storing longer durations when traffic slows, then deleting the oldest packets when it hits disk limits)
- Read a very small percentage (<1%) of packets from disk based on analyst needs