Update CAPTURE_BACKENDS.md

2024-06-07 07:26:08 +02:00 · 2015-05-13 10:31:03 +03:00 · 2015-05-13 10:31:03 +03:00 · 54704f86eb
parent 575c890942
commit 54704f86eb
1 changed files with 9 additions and 9 deletions
--- a/docs/CAPTURE_BACKENDS.md
+++ b/docs/CAPTURE_BACKENDS.md
@ -1,9 +1,9 @@
-|Name | Capture speed |Installation | CPU load | Platforms | Cost | Accuracy of attack detection |
-|-----|:-------------:|:-------:|:--:|:--:|:------:|:----:|
-|netmap | Up to wire speed (10GE, 14 MPPS) | Need kernel module and NIC driver patch [ixgbe provided](https://github.com/pavel-odintsov/ixgbe-linux-netmap)  |Normal |Linux, FreeBSD | BSD | Very accurate |
-|PF_RING | Up to 2-3 MPPS, 2-3 GE |Need kernel module install |Very big| Linux  only | GPLv2 | Enough accurate | 
-|PF_RING ZC | Up to wire speed (10GE, 14 MPPS) | Need kernel module + patched drivers (provided in package)|Normal| Linux only | Commercial ~200 euro | Very accurate | 
-| pcap | very slow, 10-100 mbps | Simple | huge | FreeBSD, Linux | GPL | Not so accurate |
-| sFLOW | Up to 40-100GE | Very simple | Small | Linux, FreeBSD, MacOS | Free |  Accurate |
-| NetFlow | Up to 40-100GE | Very simple | Small | Linux, FreeBSD, MacOS | Free | Not so accurate | 
-| AF_PACKET (not implemented yet) | Up to 5-10 MPPS/5-10GE | Very simple | Normal-huge | Linux (since 3.6 kernel) | GPLv2 | Very accurate | 
+|Name | Capture speed |Installation | CPU load | Platforms | Cost | Accuracy of attack detection | Speed of attack detection 
+|-----|:-------------:|:-------:|:--:|:--:|:------:|:----:|:---:|
+|netmap | Up to wire speed (10GE, 14 MPPS) | Need kernel module and NIC driver patch [ixgbe provided](https://github.com/pavel-odintsov/ixgbe-linux-netmap)  |Normal |Linux, FreeBSD | BSD | Very accurate | Very fast|
+|PF_RING | Up to 2-3 MPPS, 2-3 GE |Need kernel module install |Very big| Linux  only | GPLv2 | Enough accurate | Very fast|
+|PF_RING ZC | Up to wire speed (10GE, 14 MPPS) | Need kernel module + patched drivers (provided in package)|Normal| Linux only | Commercial ~200 euro | Very accurate | Very fast|
+| pcap | very slow, 10-100 mbps | Simple | huge | FreeBSD, Linux | GPL | Not so accurate | Very fast|
+| sFLOW | Up to 40-100GE | Very simple | Small | Linux, FreeBSD, MacOS | Free |  Accurate but depends on sampling rate (1-128 sampling rate recommended but significantly depends on traffic in network) | Very fast|
+| NetFlow | Up to 40-100GE | Very simple | Small | Linux, FreeBSD, MacOS | Free | Not so accurate | So slow, up to multiple minutes depends on flow timeout configuration  on routers|
+| AF_PACKET (not implemented yet) | Up to 5-10 MPPS/5-10GE | Very simple | Normal-huge | Linux (since 3.6 kernel) | GPLv2 | Very accurate | Very fast|