Improving Passive Packet Capture: Beyond Device Polling by Luca Deri on 13/01/04

Passive packet capture is necessary for many activities including network debugging and monitoring. With the advent of fast gigabit networks, packet capture is becoming a problem even on PCs due to the poor performance of popular OSs. The introduction of device polling has improved the capture process quite a bit but not really solved the problem.

This paper proposes a new approach to passive packet capture that combined with device polling allows packets to be captured and analyzed using the NetFlow protocol at (almost) wire speed on Gbit networks using a commodity PC.

