Pf_Ring - High-Speed Parcel Capture, Filtering Together With Analysis
PF_RING™ is a novel type of network socket that dramatically improves the bundle capture speed, in addition to that’s characterized yesteryear the next properties:
- Available for Linux kernels 2.6.32 in addition to newer.
- No ask to piece the kernel: simply charge the heart module.
- 10 Gbit Hardware Packet Filtering using commodity network adapters
- User-space ZC (new generation DNA, Direct NIC Access) drivers for extreme bundle capture/transmission speed equally the NIC NPU (Network Process Unit) is pushing/getting packets to/from userland without whatsoever heart intervention. Using the 10Gbit ZC driver y'all tin send/received at wire-speed at whatsoever bundle sizes.
- PF_RING ZC library for distributing packets inward zero-copy across threads, applications, Virtual Machines.
- Device driver independent.
- Support of Accolade, Exablaze, Endace, Fiberblaze, Inveatech, Mellanox, Myricom/CSPI, Napatech, Netcope in addition to Intel (ZC) network adapters.
- Kernel-based bundle capture in addition to sampling.
- Libpcap back upward (see below) for seamless integration alongside existing pcap-based applications.
- Ability to specify hundred of header filters inward add-on to BPF.
- Content inspection, in addition to then that exclusively packets matching the payload filter are passed.
- PF_RING™ plugins for advanced bundle parsing in addition to content filtering.
