Extensible and Scalable Network Monitoring Using OpenSAFE
Administrators of today's networks are highly interested in monitoring traffic for purposes of collecting statistics, detecting intrusions, and providing forensic evidence. Unfortunately, network size and complexity can make this a daunting task. Aside from the problems in analyzing network traffic for this information - an extremely difficult task itself - a more fundamental problem exists: how to route the traffic for network analysis in a robust, high performance manner that does not impact normal network traffic. Current solutions fail to address these problems in a manner that allows high performance and easy management. This paper proposes OpenSAFE, a system for enabling the arbitrary direction of traffic for security monitoring applications at line rates.