What about PF_RING aware fast network analyzer subsystem?

[pavel-odintsov]

Hello!

I'm very excited about sysdig! It's very useful and compex (in good way) tool. You will replace almost all linux tools.

But what about hight performance network analyzer for replacing old and tcpdump? I tried to create fast network analyzer based on PF_RING and all works fine

[gianlucaborello]

Hi,

Thanks for liking sysdig.

We definitely are planning a tighter integration with the networking subsystem in order to correlate system and network events, not necessarily to replace tcpdump which is a very good tool, but more like to provide a unified filtering context for the user.

As far as the implementation goes, there are two ways to do it: one is to gather statistics by looking at the packets using a pcap-like interface (like you did in your project), and the other one is to use kernel tracepoints in the networking subsystem, so the implementation will likely use one or the other.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.