Stenographer
#Network & Cloud#Network Security
A powerful command-line packet analyzer and a portable C/C++ library for network traffic capture with comprehensive documentation.
Stenographer: A Comprehensive Full-Packet-Capture Utility
Stenographer is a full-packet-capture utility that is specifically designed to buffer packets to disk. This functionality is essential for intrusion detection and effective incident response.
High-Performance NIC-to-Disk Packet Writing and Management
It provides high-performance NIC-to-disk packet writing, effective disk management to manage file deletion as disk space becomes limited, and straightforward retrieval of specific packet sets.
It excels in quickly writing packets to disk
It excels in rapidly writing packets to disk at speeds of approximately 10Gbps on multi-core, multi-disk systems. It effectively manages disk usage to allow for longer storage durations during periods of low traffic and removes the oldest packets when disk capacity limits are reached.
However, it is not suitable for complex packet processing
However, it is not suitable for complex packet processing tasks, such as TCP stream reassembly. This limitation arises because its primary focus on speed compromises these functionalities. Furthermore, when reading back large volumes of packets (greater than 1% of packets written), there can be issues with competition between disk read and write operations.
