In the current Microolap EtherSensor version (5.1.0.13519), the sensor runs the following services to work with data sources: EtherSensor EtherCAP, EtherSensor ICAP and EtherSensor LotusTXN.
The following diagram shows how the services generally work:
Fig. 2. EtherSensor EtherCAP, EtherSensor ICAP, EtherSensor LotusTXN services operation diagram.
The EtherSensor EtherCAP service is responsible for passive traffic capture at network adapters, processing the traffic from PCAP files, and the reconstruction of application-level protocol sessions:
Fig. 3. EtherSensor EtherCAP service configuration window.
The EtherSensor ICAP service is responsible for obtaining traffic via ICAP from any ICAP clients and the subsequent delivery of received objects to the EtherSensor Analyser service:
Fig. 4. EtherSensor ICAP service configuration window.
The EtherSensor LotusTXN service is responsible for extracting messages from Lotus Notes Transaction Log files:
Fig. 5. EtherSensor LotusTXN service configuration window.
The output of all these services is reconstructed objects delivered to the result analysis service, EtherSensor Analyser.
To start and stop EtherSensor EtherCAP, EtherSensor ICAP and EtherSensor LotusTXN services, you can use both the standard Windows Services framework and EtherSensor Configuration Editor (ethersensor_console.exe) from the installation directory Microolap EtherSensor:
Fig. 6. Data source services start/stop.