Abstract
Traffic monitoring involves packet capturing and processing at a very high rate of packets per second. Typically, flow records are generated from the packet traffic, such as TCP flow records that feature the number of bytes and packets in each direction, flow duration, number of different ports, and other metrics. Delivering such flow records, about network traffic flowing at tens of Gbps is rather challenging in terms of processing power. To address this problem, traffic thinning can be applied to reduce the input load, by swiftly discarding useless packets at the sniffer NIC or driver level, which effectively reduces the load on software layers that handle traffic processing. This work proposes an algorithm that drops empty ACK packets from TCP traffic, thus achieving a significant reduction in the packets per second that must be handled by each traffic module. The tests discussed below show that the algorithm achieves a 25% decrease in the packets per second rate with minimal information loss.
Highlights
To meet increasing bandwidth demands, Internet providers are deploying high-speed lines across the network
Because TCP traffic accounts for most Internet traffic [10], [15], [16], [21], [25], a great number of quality-of-service Key Performance Indicators (KPIs) are related to TCP connection parameters
We perform a throughout performance assessment with NATRA use cases, which includes analyzing NATRA performance as a traffic thinning middleware for well-known traffic analysis tools
Summary
To meet increasing bandwidth demands, Internet providers are deploying high-speed lines across the network. In light of the above concerns, we advocate for traffic thinning techniques that decrease the sniffer load in terms of packets per second, without serious information loss. Such traffic thinning techniques can be implemented in the sniffer’s Network Interface Card (NIC), immediately after the packet. We propose several options for NATRA implementation, such as placing it between the NIC and the Storage Performance Development Kit (SPDK) libraries [35], [36] This option can be used to store packets in high-speed hard disks such as non-volatile memory express (NVMe) disks.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
