What is the architecture of a single monitoring sensor?
A LOBSTER monitoring sensor consists of three main modules: the MAPI daemon, the communication agent, and the authorization daemon. The monitoring daemon (mapid) is the most sophisticated part of the software architecture, as this is where all the processing of the monitoring requirements of remote user applications is performed. Mapid is a user-level process with exclusive access to the captured packets, and is optimized to perform intensive monitoring tasks at high speeds, exploiting any specialized features of the underlying packet capture hardware. The communication agent (commd) handles all communication between remote applications and the sensor, forwarding their monitoring requests to mapid, and sending back to them the computed results. The authorization daemon (authd) is responsible for user authentication and access control.
