PcapWT: An Efficient Packet Extraction Tool for Large Volume Network Traces

Abstract : Network packet tracing has been used for many different purposes during the last few decades, such as network software debugging, networking performance analysis, forensic investigation, and so on. Meanwhile, the size of packet traces becomes larger, as the speed of network rapidly increases. Thus, to handle huge amounts of traces, we need not only more hardware resources, but also e fficient software tools. However, traditional tools are inefficient at dealing with such big packet traces. In this paper, we propose pcapWT, an efficient packet extraction tool for large traces. PcapWT provides fast packet lookup by indexing an original trace using a Wavelet Tree structure. In addition, pcapWT supports multi-threading for avoiding synchronous I/O and blocking system calls used for file processing, and is particularly efficient on machines with SSD. PcapWT shows remarkable performance enhancements in comparison with traditional tools such as tcpdump and most recent tools such as pcapIndex in terms of index data size and packet extraction time. Our benchmark using large and complex traces shows that pcapWT reduces the index data size down below 1% of the volume of the original traces. Moreover, packet extraction performance is 20% better than with pcapIndex. Furthermore, when a small amount of packets are retrieved, pcapWT is hundreds of times faster than tcpdump.
Type de document :
Article dans une revue
Computer Networks (Elsevier), Elsevier, 2015, 79, pp.12
Liste complète des métadonnées

Littérature citée [11 références]  Voir  Masquer  Télécharger

Contributeur : Thierry Turletti <>
Soumis le : mercredi 29 janvier 2014 - 11:37:19
Dernière modification le : jeudi 11 janvier 2018 - 16:48:39
Document(s) archivé(s) le : mercredi 30 avril 2014 - 04:45:27


Fichiers produits par l'(les) auteur(s)


  • HAL Id : hal-00938264, version 1



Young-Hwan Kim, Roberto Konow, Diego Dujovne, Thierry Turletti, Walid Dabbous, et al.. PcapWT: An Efficient Packet Extraction Tool for Large Volume Network Traces. Computer Networks (Elsevier), Elsevier, 2015, 79, pp.12. 〈hal-00938264〉



Consultations de la notice


Téléchargements de fichiers