This is the accepted version of the following article: [Moreno, V., Santiago del Río, P. M., Ramos, J., Muelas, D., García-Dorado, J. L., Gomez-Arribas, F. J. and Aracil, J. (2014), Multi-granular, multi-purpose and multi-Gb/s monitoring on off-the-shelf systems. Int. J. Network Mgmt., 24: 221–234. doi: 10.1002/nem.1861, which has been published in final form at http://onlinelibrary.wiley.com/doi/10.1002/nem.1861/abstractAs an attempt to make network managers’ life easier, we present M3Omon, a system architecture that helps
to develop monitoring applications and perform network diagnosis. M3Omon behaves as an intermediate
layer between the traffic and monitoring applications that provides advanced features, high performance and
low cost. Such advanced features leverage a multi-granular and multi-purpose approach to the monitoring
problem. Multi-granular monitoring gives answer to tasks that use traffic aggregates to identify an event,
and requires either flow records or packet data or even both to understand it and, eventually, take the
convenient countermeasures. M3Omon provides a simple API to access traffic simultaneously at several different
granularities—i.e., packet-level, flow-level and aggregate statistics. The multi-purposed design of M3Omon
allows not only performing tasks in parallel that are specifically targeted to different traffic-related purposes
(e.g., traffic classification and intrusion detection) but also sharing granularities between applications—e.g.,
several concurrent applications fed from flow records that are provided by M3Omon. Finally, the low-cost
characteristic is brought by off-the-shelf systems (the combination of open-source software and commodity
hardware) and the high performance is achieved thanks to modifications in the standard NIC driver, low-level
hardware interaction, efficient memory management and programming optimization
