posted on 2024-07-13, 07:43authored byJulie-Anne Bussiere, Jason ButJason But
NetSniff is an IP traffic analysis tool currently used in low traffic scenarios. Before deployment under higher traffic scenarios, it is important to perform a study into the processing and live capture performance of NetSniff. We have previously investigated the processing performance of NetSniff, in this technical report we subject NetSniff to a performance evaluation with regard to live capture of network traffic. We show the impact of increasing the captured traffic rate and in increasingthe number of concurrent flows for NetSniff (release version v050722) to process on differing hardware configurations. Our results also indicate that the small PCAP (version 0.9.4) buffer (32kB) on a FreeBSD (version 5.3) based system limits the processing performance of NetSniff under high-bandwidth scenarios, while the Linux (kernel version 2.6) based PCAP library passes packets to NetSniff in non-chronological order – posing further problems in correctly determining TCP layer statistics.