Call us: 800.288.7387
salesteam@nyi.net
  • Get a Quote
  • Login
NYINYINYINYI
  • Solutions
    • Cloud Solutions
    • Colocation & Data Centers
    • Bare Metal
    • Network & Interconnection
    • Professional Services
    • Managed Services
  • Resources
    • News
    • Events
    • Blog
  • About NYI
    • The NYI Difference
    • Industries We Serve
    • Testimonials & Case Studies
    • Partner Program
    • Careers
    • Community
    • Compliance
  • Contact
Next Previous

Net Sensor: Customized Solutions Begin Here

25 June, 2012

At NYI, customized solutions start with customized tools. Net Sensor is one such tool.

Developed originally as a dissertation project at the Polytechnic Institute of NYU, Net Sensor has since evolved into a “general-purpose, modular network-analysis suite for use in research, monitoring, diagnostics, forensics, and statistics-gathering.”

Boris Kochergin, Senior System Administrator at NYI, is Net Sensor’s project founder and primary developer. At a chapter meeting last week of the Open Web Application Security Project (OWASP), held at NYI Bridgewater, Kochergin gave a history of the project as well as demonstrated its more advanced features.

Net Sensor’s latest iteration includes five sensor modules:

1) HTTP (sensor/modules/http)

  • Parses HTTP messages and maintains a table of active HTTP sessions

2) HTTP Logger (sensor/modules/httpLog)

  • Writes HTTP session headers to disk
  • HTTP session headers may be read back from disk with the dumpHTTP utility (tools/dumpHTTP)

3) BitTorrent (sensor/modules/bt)

  • Detects .torrent file downloads over HTTP
  • Detects communication with HTTP BitTorrent trackers
  • Detects communication with UDP BitTorrent trackers
  • Sends detailed e-mail notifications of any of the above actitivies to any number of e-mail addresses

4) Printer Job Language (sensor/modules/pjl)

  • Parses Printer Job Language/PostScript print jobs and maintains a table of active PJL sessions
  • Writes various useful information about them to disk
  • PJL data may be read back from disk with the dumpPJL utility (tools/dumpPJL)
  • Pages printed per computer can be counted up with the countPJL utility (tools/countPJL)

5) Packets per Second (sensor/modules/pps)

  • Monitors inbound and outbound packet rates of IPv4 addresses
  • Sends out e-mail about IPv4 addresses that exceed a configured packet rate threshold
    • E-mail includes a snippet of traffic to and from a reported IPv4 address

Those curious about the architecture of Net Sensor are advised to consult slides two and three of Kochergin’s presentation. The presentation also includes an interesting breakdown of the HTTP Module Architecture, which generated the following intelligence after deployment on a segment of NYI’s network:

  • 600 Mbit/s of TCP traffic @ 150,000 packets/s
  • 24,000 active HTTP sessions
    • Utilizes 60% of one core of an Intel Xeon E5520 @ 2.27 GHz
    • Uses 140 MiB of resident memory
      • Due primarily to a large number of buckets in the HTTP session hash table
        • Optimized for time, not space
          • 0.006% packet loss

Along with general network intelligence, Kochergin’s presentation proceeded with a live demonstration of Net Sensor’s capabilities with  BitTorrent. The result was a real-time detection of network misuse, which not only impressed the information security professionals in attendance, but also brought the presentation to a satisfying conclusion.

Net Sensor is an open source suite that free and available for use by the broader community. As INFER, it has been covered by Network World and Macworld.

To download Net Sensor, please visit the Net Sensor wiki. For system requirements, visit: http://acm.poly.edu/wiki/Net_Sensor#Requirements

NYI is proud to support OWASP. It also welcomes other organizations looking for space to host meetings. Those interested, please get in touch.

 

Recently on the NYI Blog

  • JEMB Realty Selects NYI to Re-establish 75 Broad as NYC Interconnection Hub
  • NYI Expands 60 Hudson Street Operations
  • 1025Connect Selects NYI as Strategic Partner for Relaunch
  • NYI Newsletter: 4Q 2021
  • DE-CIX and NYI Expand Partnership in North America

NYI
NYI is a trusted infrastructure partner to small and medium-sized enterprise clients across a range of industries. We drive infrastructure optimization through flexible integrated hybrid IT solutions and strategic partnerships that result in cost and performance efficiencies. Our experts offer insights and end-to-end support so that your teams can be freed to focus on innovation and growth.

Recent Tweets

Have you heard? @7x24Exchange is launching a New England Chapter on 3.22! NYI COO Phillip Koblence is excited to be an Inaugural Speaker, joining @nabeelmahmood & @carriejgoetz, in discussing the future of the #datacenter industry! #digitalinfrastructure https://t.co/mDO4m8LOfx https://t.co/xivl7fP7Hg

- 6 days ago

Some insights from @Gartner_inc for women tech leaders: https://t.co/ypJgwUy8eF Happy #InternationalWomensDay! #EmbraceEquity

- 12 days ago

Follow @nyinternet

Contact Us

  • New York City
    60 Hudson Street
    New York, New York 10013
  • Chicago
    800 Jorie Blvd.
    Oak Brook, IL 60523
  • NYI Headquarters
    T: 212.269.1999     
    T:
    800.288.7387
  • Terms and Conditions
  • Service Level Agreement
  • Privacy Policy
New York Internet
Copyright 2023. All rights reserved worldwide.
  • Solutions
    • Cloud Solutions
    • Colocation & Data Centers
    • Bare Metal
    • Network & Interconnection
    • Professional Services
    • Managed Services
  • Resources
    • News
    • Events
    • Blog
  • About NYI
    • The NYI Difference
    • Industries We Serve
    • Testimonials & Case Studies
    • Partner Program
    • Careers
    • Community
    • Compliance
  • Contact
NYI