Architecture of a Network Monitor

This paper describes a system for simultaneously monitoring multiple protocols. It performs full line-rate capture and implements on-line analysis and compression to record interesting data without loss of information. The researchers accept that the balance must be maintained in such a system between disk-bandwidth, CPU-capacity and data-reduction in order to perform monitoring at full line-rate. The researchers present the architecture in detail and measure the performance of the sample implementation, Nprobe.