Intrusion Detection Systems (IDS) detect unwanted attempts to access, manipulate, and/or disable computer systems, through network attacks, e.g. crackers, viruses, Trojan horses and worms.
The best known IDS is the public domain software packet SNORT which utilizes the standard LibPCAP network interface. The LibPCAP interface is supported by the Napatech adapters.
Implementation of Intrusion Detection Systems is supported by the Napatech Network Adapters via functionality, such as:
- Frame Classification: The adapter can classify the frames before they are delivered to the host CPU (e.g. find the byte offset to the IP, TCP or UDP payload), whereby the host processing can be accelerated.
- Packet Coloring / Tagging: Captured frames can be colored/tagged depending on frame type. This can accelerate host CPU processing.
- Channel Merging: Enables network frames from several ports to be merged in reception time order and placed in one host buffer, simplifying retrieval of the frames in time order.
- Hash Key Generation: Supports generation of either 2-tuple hash keys (identifying IP-to-IP flows) or 5-tuple hash keys (identifying application-to-application flows). The generated hash keys can be used for Multi-CPU Buffer Splitting but can also be used as part of the frame information to the host, enabling the host CPU to quickly identify a flow.
- Multi-CPU Buffer Splitting: The Multi-CPU Buffering functionality enables the distribution of the IDS processing to up to 32 CPU cores.