Network monitoring projects
The Fairly Fast Packet Filter
The fairly fast packet filter (FFPF) is an approach to network
packet processing that adds many new features to existing filtering
solutions like BPF. FFPF is designed for high speed by pushing
computationally intensive tasks to the kernel (or even network
processor) and by minimising packet copying. By providing both a
richer programming language and explicit extensibility, it is also
considerably more flexible than existing approaches. FFPF provides a
complete solution for network monitoring that caters to all
applications available today. Using its extensibility, the language
can even be used as a meta-filter to `script' together filters from
other approaches, such as BPF.
Since FFPF has been completely rewritten and extended beyond recognition, it has been renamed Streamline. It now offers support for Streams (e.g., TCP flows), transmission, storage, etc.
about FFPF was published in the proceedings of OSDI'04 (San
Francisco, December 2004). See the publications page for
more FFPF papers and technical reports.
Streamline/FFPF code and documentation can be found at the Streamline/FFPF site.
CardGuard is a network intrusion detection/prevention system
implemented on a single IXP1200 network card. It works on
reconstructed TCP streams as well as individual UDP packets and scans
all traffic for the occurrence of up to thousands of intrusion
signatures. CardGuard can be used to protect a single host, or a
small cluster of machines attached to a switch, and supports full fast
Ethernet rates. An advantage of the system is that no precious cycles
on the hosts are spent on scanning network traffic for viruses and
A paper about CardGuard:
Towards software-based signature detection for intrusion prevention on the network card
Here is a technical
report about an older version of the system (much less advanced).
(Proceedings of Eighth International Symposium on Recent Advances in Intrusion
Detection (RAID2005), Seattle, Washington, September 2005 .)
Other monitoring projects
Information about other projects like (SCAMPI, LOBSTER, etc.)
is available from my website.