Tracing traffic using commodity hardware in contemporary high- speed access or aggregation networks such as 10-Gigabit Ethernet
is an increasingly common yet challenging task. In this paper we investigate if today’s commodity hardware and software is
in principle able to capture traffic from a fully loaded Ethernet. We find that this is only possible for data rates up to
1 Gigabit/s without reverting to using special hardware due to, e. g., limitations with the current PC buses. Therefore, we
propose a novel way for monitoring higher speed interfaces (e. g., 10-Gigabit) by distributing their traffic across a set
of lower speed interfaces (e. g., 1-Gigabit).
This opens the next question: which system configuration is capable of monitoring one such 1-Gigabit/s interface? To answer
this question we present a methodology for evaluating the performance impact of different system components including different
CPU architectures and different operating system. Our results indicate that the combination of AMD Opteron with FreeBSD outperforms
all others, independently of running in single- or multi-processor mode. Moreover, the impact of packet filtering, running
multiple capturing applications, adding per packet analysis load, saving the captured packets to disk, and using 64-bit OSes
is investigated.
Keywords Packet Capturing - Measurement - Performance - Operating Systems