Profiling and optimization of software-based network-analysis applications

A large set of tools for network monitoring and accounting, security, traffic analysis and prediction - more broadly, for network operation and management - require direct and efficient real-time access to data traveling on the network. Software tools are often preferred because of their low cost and high versatility. However, these tools are often considered to suffer from performance problems on high-speed networks. We demonstrate that, despite the common belief, the performance limits for software real-time network analysis tools are still far from being reached and it can even be improved with limited hardware support. We analyze the performance of a widely used library for network analysis, WinPcap, highlight its bottlenecks, and propose some solutions that almost double the overall speed, thus enabling the deployment of software-based tools on high speed networks.