PcapIndex: An Index for Network Packet Traces With Legacy Compatibility
Long-term historical analysis of captured network traffic is a topic of great interest in network monitoring and network security. A critical requirement is the support for fast discovery of packets that satisfy certain criteria within large-scale packet repositories. This paper presents the first indexing scheme for network packet traces based on compressed bitmap indexing principles. The authors' approach supports very fast insertion rates and results in compact index sizes. The proposed indexing methodology builds upon libpcap, the defacto reference library for accessing packet-trace repositories. Their solution is therefore backward compatible with any solution that uses the original library.