CoMo (Continuous Monitoring)
CoMo (Continuous Monitoring) is an open-source passive network monitoring system that allows for fast implementation and deployment of network monitoring applications. CoMo has been designed to be the basic building block of an open network monitoring infrastructure that will allow researchers and network operators to easily process and share network traffic statistics over multiple sites.
CoMo follows a modular approach where users can easily define monitoring applications as plug-in modules written in the C language, making use of a feature-rich API provided by the core platform. Users are also required to specify a simple stateless filter to be applied to the incoming packet stream (it could be all the packets) as well as the granularity of the measurements (measurement interval). All complex stateful computations are then contained within the plug-in module code.
The architecture of CoMo is divided in two main components. On the one hand, the core processes control the data path through the CoMo system and perform all management operations common to any monitoring application (e.g., traffic collection, filtering, memory management, storage, etc.). On the other hand, the plug-in modules contain the code needed to compute a specific traffic metric or even complex monitoring applications, such as systems for intrusion and anomaly detection, traffic accounting, traffic classification, network performance evaluation, billing and pricing, etc. While the core processes are implemented by a core team of developers and are optimized to operate in high-speed networks, the plug-in modules are written by end users.
Project website: http://como.sourceforge.net