{"title":"Hardware nanosecond-precision timestamping for line-rate packet capture","authors":"Xiaoying Huang","doi":"10.1049/ntw2.12114","DOIUrl":null,"url":null,"abstract":"<p>Cybersecurity events occur frequently. When it comes to investigating security threats, it is essential to offer a 100 percent accurate and packet-level network history, which depends on packet capture with high precision packet timestamping. Many packet capture applications are developed based on data plane development kit (DPDK)—a set of libraries and drivers for fast packet processing. However, DPDK cannot give an accurate timestamp for every packet, and it is unable to truly reflect the order in which packets arrive at the network interface card. In addition, DPDK-based applications cannot achieve zero packet loss when the packet is small such as 64 B for beyond 10 Gigabit Ethernet. Therefore, the authors proposed a new method based on Field-Programmable Gate Array (FPGA) to solve this problem. The authors also develop a DPDK driver for FPGA devices to make the design compatible with all DPDK-based applications. The proposed method performs timestamping at line-rate for 10 Gigabit Ethernet traffic at 4 ns precision and 1 ns precision for 25 Gigabit, which greatly improves the accuracy of security incident retrospective analysis. Furthermore, the design can capture full-size packets for any protocol with zero packet loss and can be applied to 40/100 Gigabit systems as well.</p>","PeriodicalId":46240,"journal":{"name":"IET Networks","volume":null,"pages":null},"PeriodicalIF":1.3000,"publicationDate":"2024-01-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ntw2.12114","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Networks","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/ntw2.12114","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Cybersecurity events occur frequently. When it comes to investigating security threats, it is essential to offer a 100 percent accurate and packet-level network history, which depends on packet capture with high precision packet timestamping. Many packet capture applications are developed based on data plane development kit (DPDK)—a set of libraries and drivers for fast packet processing. However, DPDK cannot give an accurate timestamp for every packet, and it is unable to truly reflect the order in which packets arrive at the network interface card. In addition, DPDK-based applications cannot achieve zero packet loss when the packet is small such as 64 B for beyond 10 Gigabit Ethernet. Therefore, the authors proposed a new method based on Field-Programmable Gate Array (FPGA) to solve this problem. The authors also develop a DPDK driver for FPGA devices to make the design compatible with all DPDK-based applications. The proposed method performs timestamping at line-rate for 10 Gigabit Ethernet traffic at 4 ns precision and 1 ns precision for 25 Gigabit, which greatly improves the accuracy of security incident retrospective analysis. Furthermore, the design can capture full-size packets for any protocol with zero packet loss and can be applied to 40/100 Gigabit systems as well.
IET NetworksCOMPUTER SCIENCE, INFORMATION SYSTEMS-
CiteScore
5.00
自引率
0.00%
发文量
41
审稿时长
33 weeks
期刊介绍:
IET Networks covers the fundamental developments and advancing methodologies to achieve higher performance, optimized and dependable future networks. IET Networks is particularly interested in new ideas and superior solutions to the known and arising technological development bottlenecks at all levels of networking such as topologies, protocols, routing, relaying and resource-allocation for more efficient and more reliable provision of network services. Topics include, but are not limited to: Network Architecture, Design and Planning, Network Protocol, Software, Analysis, Simulation and Experiment, Network Technologies, Applications and Services, Network Security, Operation and Management.