In today’s Internet, IT security is a key component that faces new challenges every day to secure its services. In this regard, network monitoring represents the main point to be able to detect cyber attacks, and, in today’s network infrastructure it is increasingly implemented thanks to NFV (Network Function Virtualization) technology where network services are implemented in pure software. This brings several advantages such as flexibility and cost reduction as these functions can be performed on general purpose hardware. In this context, eBPF (Extended Berkeley Packet Filter) is an excellent technology, suitable for creating network functions for fast packet processing in the Linux kernel.