Morning Glory
Technologies, Kirkland, WA, USA
Active IP
Sensor Enterprise v2.0.0 BETA
May 2008
Contents
Why should I become an Active IP Sensor Enterprise v2.0.0
BETA participant?
Installation Instructions
Download and run the Active IP Sensor Enterprise v2.0.0 BETA installer from HERE:
The installer creates a short cut on the desktop when completed:
Active IP Sensor Enterprise
Active IP
Sensor is a client/server application composed of a client UI (ActiveIPSensor.exe) and a multi threaded server (IPSensorProxy.exe) that supplies clients with active IP port
information from local or remote network nodes. This document describes some of
the functionality provided by Active IP Sensor
Enterprise v2.0.0 BETA.
Active IP Sensor has been successfully installed and tested using a non-Admin user account in the following environments:
·
Windows
VISTA Home
·
Windows XP
Home
·
Windows XP
Professional
·
Windows 2003
Server
·
Windows 2000
Professional
The installer may complain about installing or registering the following components:
·
MSCOMCTL32.OCX
·
richtx32.ocx
·
PSAPI.dll
Typically, these components are already installed with Windows and it may be possible to ignore any installer warnings and continue without them. The installer creates the following directory structure:
C:\Program Files
\Active IP Sensor
\Log
Theory of Operation
Referring to Figure 1 Active IP Sensor Architecture below, Active IP
Sensor is a client/server application composed of a client UI (ActiveIPSensor.exe)
and a multi threaded server (IPSensorProxy.exe) that supplies clients with
active IP port information from local or remote network nodes.
The client UI starts and stops server threads. A server thread can refer to a local or remote network node. The server disconnects active IP port sensing operations from client operations so that both can run independently of each other. The server interrupts the client when the server scheduler has enabled the clients thread. The server scheduler itself is a client thread added during initialization. It is a special client thread referred to as Prime in Figure 1. A Prime thread is distinct from other threads in that only it can run the servers scheduler code. This allows for multiple or dynamic schedulers in future releases.
The scheduler communicates with clients using asynchronous interrupts. When a client thread has been enabled, the client stops its current activity and requests a data sample from the server. It then resumes its activity. When the server has gathered a single sample, it again interrupts the client to inform it that there is data ready. The client stops its current activity and processes the server data. When the server has streamed all samples, the client is interrupted. The client inspects nodes from the previous sampling and removes those missing so that only nodes from the current sample are displayed. The client thread then resumes its activity until it is scheduled again.
The server operates on a thread pool maintained by each client. Server parameter CONCURRENT_THREADS enforces a limit on the maximum number of client threads that can be concurrently running. Over time, all threads are eventually scheduled. This ensures that the server appears the same to the system no matter if there are 10 threads in the server pool or 10,000. This parameter can be specified via the Scheduler tool menu item.
Each client specifies a THREAD_PRIORITY. While a thread is actively sampling, the server raises data ready interrupts after each sample for the client. THREAD_PRIORITY specifies how many data interrupts are generated before the thread is returned to the scheduler pool. Higher thread priorities cause more data ready interrupts. Lower values cause a client thread to update slower.
The server can sense IP port activity from the local environment of from remote environments that are recording their samples with Active IP Sensor.
Each client
maintains a list of filters and alarms. After each sample, the list is
interrogated and if the sample contains a filter item for one of the sampled
nodes, the specified filter alarm action is invoked (This is NOT
implemented in v2.0.0 BETA).
Operating Instructions
Startup
Start Active IP Sensor. During installation, file permissions are not explicitly set. This could result in the following startup error message:
You must explicitly enable full file permissions for ActiveIPSensor.exe and IPSensorProxy.exe using the File Properties Security Tab. The Security Tab isn’t displayed unless Advanced File Sharing is enabled.
To Turn on
Advanced File Sharing:
1. In Windows Explorer, click Tools, and then click Folder Options.
2. On the View tab, in the
Advanced Settings area, click to check the Use
Simple File Sharing (Recommended) check box.
For Windows VISTA, select the Run as Administrator check box found on the Compatibility Tab as well.
Sensor Modes
Active IP Sensor operates in one of two modes: Local and Remote. To open a local sensor, select the New menu item. To open a remote sensor, select the Open menu item
Sampling Modes
Only data that has changed from the previous sample is displayed. Each sensor displays data in Snapshot or History mode. In Snapshot mode, only nodes from the current sample are displayed. In History mode, all nodes from each sample are displayed. History mode recordings grow in size with each sample. Snapshot recordings are always the size of the last sample. Select Snapshot or History mode from the command button bar at the top of a sensors tree view or by clicking the Snapshot/History icon on the bottom status bar:
Each sensor displays all the Active IP ports on the sensed node. The display is organized by IP protocol and state for each active IP port. For each IP state, the connected foreign address and all the executables currently connected to it are shown. For each active IP executable, the process ID and the modules and libraries that make up the executable are shown. The last node for any connection shows the local port.
Pausing a Sensor
To pause an Active IP Sensor, press the Pause button on the command button bar at the top of a sensors tree view:
Sensor Properties
Each node in the Active IP Sensor tree view provides properties via a popup menu invoked by right clicking on that node:
Sensor Recordings
Active IP Sensor recordings provide the ability to
monitor active IP port activity on remote nodes. The release version will allow
Active IP Sensor recordings on remote nodes in Silent
mode. Remote nodes could then
include Active IP Sensor in their startup sequence silently collecting data yet
monitored on the Network Administrators desktop. Coupled with Sensor Filters and Alarms, a self-sufficient, autonomous
event driven network can be created allowing for real time monitoring and
actions without the System Administrators manual intervention. This is the true
purpose of Active IP Sensor Enterprise. Both Silent mode and
Filters/Alarms are not included in Active IP Sensor v2.0.0 BETA.
To begin recording an Active IP Sensor, select the Record menu item. Select a share and folder to record the active IP port activity. Several sensors could simultaneously record their activity in a single file. Several sensors could monitor a single recording file at once. History/Snapshot mode on the recording sensor controls how much data is recorded in the file. History recordings grow with each sample. Snapshot recordings only show data from the current sample.
Figure 2 below shows two sensors. The left most sensor is recording active IP port activity in History mode. The left sensor is monitoring the recording in Snapshot mode. Although the History mode recording is growing in size, the sensor monitoring it in Snapshot mode only shows the most current sample.
·
Active IP Sensor
Enterprise v2.0.0 BETA can comfortably handle 100’s
of remote sensor threads. Start new instances of Active IP Sensor to monitor
more. The limit is imposed by the
Microsoft MSCOMCTL32.OCX component used but will
be surmounted for the public release.
Features not included
Active IP Sensor Enterprise v2.0.0 BETA does not include the following features:
· Active IP Sensor only runs on Windows clients and Windows networks.
· Project Open/Save.
· Silent Mode operation.
· Filters and Alarms.
· Client thread parent detach.
· Etc…
Bug Reporting
Your role as an Active IP Sensor Enterprise v2.0.0 BETA user is twofold:
1. Discover bugs that are by now, invisible to me. A naïve user uninitiated in v2.0.0 BETA details is required before the remaining bugs can be made visible.
2. Discover features and UI characteristics that are deficient or lacking in v2.0.0 BETA.
Once a bug is discovered, write down the particular operating modes when the bug occurred. Record the History/Snapshot mode and whether or not the bug occurred during local or remote sensing. Record as much as necessary to reproduce the bug consistently. Send the report along with the Active IP Sensor HTML log for that day found in the /Log folder to:
Why should I become an Active IP Sensor Enterprise v2.0.0 BETA participant?
· Being a BETA participant provides you the ability to help shape what the final public release will be.
· You will be given a royalty free license for the public release when it is available.
· You will be heaped with much prestige and glory with the possibility of further insider interactions with Morning Glory Technologies.