A Highly Configurable Packet Sniffer Based on Field-Programmable Gate Arrays for Network Security Applications

Web applications and online business transactions have grown tremendously in recent years. As a result, cyberattacks have become a major threat to the digital services that are essential for our society. To minimize the risks of cyberattacks, many countermeasures are deployed on computing nodes and network devices. One such countermeasure is the firewall, which is designed with two main architectural approaches: software running on standard or embedded computers, or hardware specially designed for the purpose, such as (Application Specific Integrated Circuits) ASICs. Software-based firewalls offer high flexibility and can be easily ported to upgradable hardware, but they cannot handle high data rates. On the other hand, hardware-based firewalls can process data at very high speeds, but are expensive and difficult to update, resulting in a short lifespan. To address these issues, we explored the use of an (Field-Programmable Gate Array) FPGA architecture, which offers low latency and high-throughput characteristics along with easy upgradability, making it a more balanced alternative to other programmable systems, like (Graphics Processor Unit) GPUs or microcontrollers. In this paper, we presented a packet sniffer designed on the FPGA development board KC705 produced by Xilinx, which can analyze Ethernet frames, check the frame fields against a set of user-defined rules, and calculate statistics of the received Ethernet frames over time. The system has a data transfer rate of 1 Gbit/s (with preliminary results of increased data rates to 10 Gbit/s) and has been successfully tested with both ad hoc-generated Ethernet frames and real web traffic by connecting the packet sniffer to the internet.