Header Field Based Partitioning of Network Traffic for Distributed Packet Capturing and Processing

Maintaining correctly operating computer networks is paramount for assuring properly operating information technology infrastructures. Thereby, the acquisition of network traffic data is one of the first steps. The acquisition of network traffic, however, can be very challenging, e.g., with respect to performance and resource requirements. In this paper, we analyze the possibility of using packet header data for efficiently partitioning live network traffic data into subsets with the aim on enabling distributed packet capturing and processing. The goal is to employ multiple sensors in a coordinated fashion such that the overall task is distributed among the participating sensors. Our results show that efficiently partitioning live network traffic based on packet header data is possible. Furthermore, we implemented a prototype of a distributed packet capturing system that achieves significantly higher capture rates than a single, uncoordinated sensor.