View unanswered posts | View active topics It is currently Wed Nov 14, 2018 2:01 pm



Post new topic Reply to topic  [ 2 posts ] 
 decoding speed 
Author Message

Joined: Thu Jan 12, 2012 2:53 pm
Posts: 12
Reply with quote
Post decoding speed
Hi,

what is "decoding speed" of xplico? Is it possible to enhance it somehow (more threads, divide load on multiple machines - cluster)?
If Xplico works with probe (like netsniff-ng), probe SW could collect huge amount of data (BTW, is there some limit of netsniff-ng; e.g. capture 4 Gbps on 10 Gbps link?)
If probe can deliver huge amount of data can Xplico decode it in "real time"?

I am not programmer, sorry if my question sounds "lame"; but I hope you understand my point ;-)

Thanks & best regards,
Domagoj


Tue Mar 20, 2012 11:34 am
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: decoding speed
Quote:
what is "decoding speed" of xplico?

it depends by:
  • the type of network traffic data (http, mail, https, p2p, voip, ...)
  • the HD speed, CPU cores and speed, the amount of ram, ...
  • what is your goal
Here you can find some data.

Quote:
Is it possible to enhance it somehow (more threads, divide load on multiple machines - cluster)?

Yes. Xplico is multi threads, and it is designed to run in multiple machines.

Quote:
If Xplico works with probe (like netsniff-ng), probe SW could collect huge amount of data (BTW, is there some limit of netsniff-ng; e.g. capture 4 Gbps on 10 Gbps link?)

Xplico natively uses pcap file, so any acquisition system that produces this type of file is compatible with it.

Quote:
If probe can deliver huge amount of data can Xplico decode it in "real time"?

if you split the data (from the probe) in to many (sized according to the type of traffic) server/machines where Xplico run then it is possible. But everything should be dimensioned according to the amount of traffic and the type of network traffic.
Not knowing your purpose, I think it is more appropriate to use a probe to filter (select) the network traffic you wish to capture. In this way a selective probe avoids having to manage huge amounts of data.
The probe can capture network data for example based on the source IP or according to the presence of specific patterns.

Ciao.
Gianluca


Wed Mar 21, 2012 8:30 am
Profile WWW
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by Vjacheslav Trushkin for Free Forums/DivisionCore.