PickPacket: A Distributed Parallel Architecture

[nileshkothari2]

Abstract
Use of computers and networks in information exchange has increased in the last few decades and led to establishment of high speed networks (up to 10 Gbps). These network speeds are approaching the memory interface speeds of general purpose processors. Monitoring networks with such high speed is not possible with today s general purpose processors. To solve this problem we propose a distributed parallel architecture for PickPacket[1], a network monitoring tool. We use network processor to split the traffic and then process that using general purpose multicore processor. We try to achieve these goals while preserving the simplicity of current architecture of PickPacket. We extend the PickPacket Packet Filter component of Pick- Packet to support parallelization. Testing of Gigabit PickPacket was also a challenging task. Index Terms Computer Networks, Network Monitoring.
I. INTRODUCTION
There has been a tremendous growth in the amount of information being transferred between computers with the advent of Internet. Many times this data contains sensitive information in which governments or law enforcement agencies might be interested. It is felt that careful and judicious monitoring of data flowing across the net can help to detect and prevent crime. Such monitoring tools, therefore, can have an important role in helping agencies gather information against terrorism, child pornography/exploitation, espionage, information warfare and fraud. Companies that want to safeguard their recent developments and research from falling into the hand of their competitors also resort to intelligence gathering. Thus there is a pressing need to monitor, detect and analyze undesirable network traffic [1]. Neeraj Kapoor [2] describes design of the network monitoring tool called PickPacket . PickPacket does context sensitive filtering and can search for specified patterns in network traffic. Srikanth describes Gigabit PickPacket [3], which provides a distributed architecture for PickPacket but it does not distribute the kernel level overhead of packet processing. The design of splitter provided in this paper is also PC based splitter which will not be able to handle today s high speed gigabit traffic. Iannaccone et al [4] provide a prototype of a tool for passive monitoring of gigabit links. In their prototype there is no online processing of data and it is dumped on disks that can be analyzed furthermore. To fulfill increased data transfer requirement the underlying hardware technology has also evolved rapidly and gigabit networks are become reality. To maintain and monitor these networks is a challenging task. The use of a general-purpose workstation as a traffic monitor [1], [5] may not achieve sufficient performance while purpose-specific ASICs may not be flexible enough. Use of network processors provides flexibility for modification while giving high packet throughput and low packet latency. Network processors meet network performance and flexibility requirements through highly parallel, programmable architecture. Our design of splitter uses network processor to process traffic. Srikanth [3] describes design of multithreaded version of PickPacket. We have extended this work to support four new application level protocols: Yahoo mail, IMAP, IRC, POP. We also did correctness and performance testing for multithreaded version.

Download full report
http://googleurl?sa=t&source=web&cd=1&ve...ungara.pdf&ei=p7JETr7ICJHMrQeM14HzAw&usg=AFQjCNHE4ZzgiNfT6jjHquKR2IOhyy3qwQ&sig2=02XV8VD70fDs2JeP__MOCA