BestHub
Sign in
Tagged articles
5 articles
Page 1 of 1
Qunar Tech Salon
Qunar Tech Salon
Oct 19, 2021 · Databases

Design and Implementation of a MySQL Traffic Sniffer for Full‑stack Access Logging

This article describes the background, functional requirements, architecture, packet‑capture implementation using libpcap, MySQL protocol parsing, result processing, and storage strategy (Kafka + ClickHouse) of a custom MySQL sniffer developed at Qunar to provide complete database access logs for auditing, performance analysis, and operations.

Database AuditingPacket Captureclickhouse
0 likes · 16 min read
Design and Implementation of a MySQL Traffic Sniffer for Full‑stack Access Logging
Refining Core Development Skills
Refining Core Development Skills
Sep 8, 2021 · Fundamentals

How tcpdump Captures Packets Inside the Linux Kernel

This article explains the internal mechanisms of tcpdump, showing how it registers a virtual protocol in the kernel's ptype_all list to intercept packets during both receive and transmit paths, how netfilter interacts with these paths, and provides guidance for building a custom packet‑capture program.

Packet Capturelibpcapnetfilter
0 likes · 10 min read
How tcpdump Captures Packets Inside the Linux Kernel
ITPUB
ITPUB
Nov 17, 2020 · Fundamentals

Understanding Linux Packet Capture Engines: libpcap, PF_RING, DPDK, and XDP

This article compares four classic Linux packet‑capture engines—libpcap (and its mmap variant), PF_RING, DPDK, and XDP—explaining their data‑flow architectures, copy operations, zero‑copy techniques, and typical use‑cases such as DDoS defense and high‑speed networking.

DPDKLinuxPF_RING
0 likes · 9 min read
Understanding Linux Packet Capture Engines: libpcap, PF_RING, DPDK, and XDP