netraf - Network Analyzing Tool - consist of three independent, autonomous programs:

• netrafg - Graphical User Interface program. It is "remote control" allowing user to steer particular parameters of daemons described below. It is also the only "window" showing everything live.
• netrafd - This is in fact "work horse" of whole project. It is responsible for packet capturing, applying filters to them and generating statistics.
• netrafl is a logging daemon. It's only work is writing statistics gathered by netrafd to files.

    Beside the complexity of every component in netraf project, major thing is communication. We have to realize, that every of the three programs are independent processes that have their own memory space allocated by system separately. Also we must take in consideration fact, that simple communication protocol (implemented for example on UNIX sockets) wouldn't be sufficient - netrafd is "producing" lot of data that have to be read by netrafg as well as by netrafl. Thus we need data structure with random access allowing many processes to read at one time and at least one process with a possibility to write. And that is netraf Shared Memory Model which meets these assumptions.
    When netrafd is starting to gather statistics, it is creating one shared memory segment and inform readers about that memory unique identifier. Then every interested reader can "connect to" that memory and read data that are interesting to him. It is important to know, that one working instance of netrafd can create multiple shared memory segments - one segment per one type of logging.

M.S.