Passive packet capture is necessary for many activities including network debugging
and monitoring. With the advent of fast gigabit networks, packet capture is
becoming a problem even on PCs due to the poor performance of popular OSs. The
introduction of device polling has improved the capture process quite a bit
but not really solved the problem.
This paper proposes a new approach to passive packet capture that combined with device polling allows packets to be captured and analyzed using the NetFlow protocol at (almost) wire speed on Gbit networks using a commodity PC.
This document is in pdf format. To
view it click here.