- This event has passed.
Webcast – BPF – Picking Packets
January 5 @ 2:00 pm - 3:00 pm EST
What do you do when you’re caught between a loaded high-speed network cable and a packet analysis tool that just can’t keep up? Instead of spending money on expensive load balancers or multiple analysis systems, why not simply stop analyzing high-speed connections on that cable? By stripping out known “good” traffic, your sniffer can focus on the malicious and grey traffic.
This webcast will focus on BPF (Berkeley Packet Filter); the packet filtering system that’s part of every operating system and the packet description language BPF uses. With a minimal amount of effort, you can filter out between 30% and 90% of the known good traffic, reducing packet loss, CPU load, and storage requirements.
Bill has authored numerous articles and tools for client use. He also serves as a content author and faculty member at the SANS Institute, teaching the Linux System Administration, Perimeter Protection, Securing Linux and Unix, and Intrusion Detection tracks. Bill’s background is in network and operating system security; he was the chief architect of one commercial and two open source firewalls and is an active contributor to multiple projects in the Linux development effort. Bill’s articles and tools can be found in online journals and at http://github.com/activecm/ and http://www.stearns.org.