The technical design of ASDIC

Click to enlarge

Many design considerations has been done designing the ASDIC traffic analysis system. Many times, standard components and libraries was tried, but failed, because of the need for performance.


ASDIC uses a custom database engine optimized for speed. This database is small, quite stupid (no SQL), very memory intense but extremely fast. On standard hardware, it's capable of tens of millions transactions per second. It's also very demanding. Memory errors not showing themselves for years of ordinary system operations, can cause ASDIC database failure within seconds. We did actually discover this ourself the hard way during the development of ASDIC. Make sure to run a good memory diagnostics. Memtest86+ highly recommended.

Programming language

ASDIC is more or less entirely written in the C programming language. This is also, of course, to get the highest possible speed out of the hardware. Even the cgi binaries are written in C.


Performance is depending of lots of different factors, like type of input data, hardware and of course, the ASDIC distributions (32 vs. 64 bit). When processing textual log data, it processes around 200 000 sessions per second, and the network sniffer much more.

Scalability & Modularity

ASDIC is by design distributed, scalable and modular. The components communicates via well defined interfaces. This makes the system scale well over multiple CPUs in the same system, and also makes it possible to cluster systems in larger installations. Additional modules are also easy to integrate for expanded functionality.

Ping Research