MONOSEK Network Analyzer

Monosek is a high-end Network Packet Processing and Protocol Analysis System. The product can analyse incoming traffic in Real-time at 1gbps and above (up to 40gbps), using specialized dedicated network processor card. The card has built-in time- stamping in micro-seconds, detection of flows and extraction of  fields in each network packet layer. Bundled libraries such as  Protocol library, flow library, Application detection and Virus/content detection libraries provide excellent development platform for students and researchers to understand network packets and do further research in network security and Network  Protocols.


Product Description

  • Flow Identifier for each packet with new-flow/existing-flow indicator
  • User Rule Context
  • Flow timeout and Each flow with individual Programmable flow timeout
  • Timestamp on packet arrival with 11ns accuracy
  • Static rules in TCAM
  • Dynamic flow control in Micro-engines
  • Packet drop/forward in micro-engines
  • Load Balancing of flows to host
  • Jumbo Frames
  • Ethernet Encapsulation
  • Stealth mode – No network activity, making it difficult to hack.

“It can identify and segregate the packets belonging to more than one million concurrent Flow”.

  • 40 multi-threaded flow processing cores operating at up to 1.4 GHz
  • 320 threads
  • Microengine v2.7 (8k instructions or 16k shared between 2 MEs; 1k-word local memory)
  • ARM11 core @ 700MHz, 500MHz and 325MHz/32-bit data path
  • SRAM interface (QDR) (two channels) with peak bandwidth of 2GBytes/sec per channel using 250MHz SRAMs (1GByte/sec Read, 1GByte/secWrite)
  • DDR3 DRAM (two channels) with peak bandwidth 8.5GBytes/sec (68.2 Gbps) for 64-bit channel
  • Up to 40 flow processing cores
  • OpenFlow 1.3 support with 42 match fields
  • OVS 2.0 acceleration
  • Packet classification and filtering
  • Stateful flow analysis and action processing for up to 8 million flows in hardware
  • Hardware-based cryptography and PKI operations
  • Extremely low latency
  • I/O virtualization
  • Packet timestamping with 11ns accuracy
  • GPS time synchronization
  • Dynamic load balancing to parallelize application performance
  • Layer 2 switching
  • Layer 3 routing
  • Network address and port translation (NAPT)
  • Full programming flexibility to support network or protocol changes
  • APIs controlling flow processing cores

PCIe Gen2 interface x 8 offering up to 40 Gbps of bandwidth to the x86

  • 2x10GigE, SFP+
  • 6x1GigE, RJ-45
  • TCAM, up to 36Mb TCAM
  • SRAM, up to 32MB @ 300Mhz
  • DDR3 DRAM, up to 8GB
  • 40W (average)
  • 65W (maximum)

0-70°C ambient

  • Comprehensive software and hardware development tools
  • Comprehensive library of application software building blocks
  • Ubuntu Server LTS 64-bit (currently 12.04)
  • CentOS 6.x 64-bit

Intel Xeon host CPUs (PCIe Gen2 and Gen3)

“20 user licence with speed support upto 6*1 Gbps.”

  • Virus signatures – Study and analysis.
  • Network attacks – Known attacks – Identifying and alerting, creating statistics.
  • Network attacks – Behavioral pattern matching to estimate possible new threats.
  • Monitoring the high speed network traffic.
  • Developing own pattern of traffic with API calls.
  • Enables us to understand protocols practically.
  • To study various protocol traffic patterns.
  • To have in-depth analysis of all protocols.
  • To create sessions and perform session reconstruction of analyzed protocols.
  • Vast scope for Research and Development in Protocols using API calls.
  • API-calls serve us to build our own application.
  • Monosek provides programmable filters, so that only packets of interest can be observed.
  • Filters provide deep packet inspection. So programs can be written to analyse not only headers but also contents of the packets (DPI).
  • Monosek provides for dynamic filters so that depending on how network traffic is behaving, the interfacing C/C++ program can add, modify or disable any/some of the filters.


  • Practical work, extensive observations, observe network traffic with readily available GUI.
  • C/C++ programmable interface enables Developers to access analysed packet information as well as raw packets in real time, Develop C programs to work on real-time packets, making use of analysis already carried out by Monosek.
  • API calls serve you to build your own application. By using our API calls, you can get the information like Packet Arrival time, size of the packet, packet number, Source and Destination IP address, MAC address etc
  • Captures entire header information for each packet, such as IP addresses of source and Destination, port addresses of TCP and UDP protocols, MAC addresses of previous and next network elements, number of bytes per packet ,etc. and time stamp for each packet with Hour-Minute-Seconds –Milliseconds-micro seconds.
  • Experiments for the students for understanding of Computer Networks. Enables students to develop applications in network domain with C and C++ on our SDK.
  • Users can develop new algorithms and recreate sessions for a protocol based on n-Tuple flow criteria
  • Applications can be built by the users which can make use of Monosek powerful analysed data such as viewing of web sites visited, viewing mail contents and contents of the files sent as attachment in the mails, listen to VoIP sessions and watch videos that were streamed into the network under analysis by Monosek.
  • These module contains Protocol Library, Flow Library, GEOIP Library, and Application Service Detection (ASD) Library, Virus Signature Detection(VSD) Library and Session Library.
Sl No.Sample Experiments for students ( available with SDK library and Source code)
1Display all packets (irrespective of Transport Protocol) in a table format.
2Display all TCP packets in a table format.
3Display all UDP packets in a table format.
4Display all TCP packets in a table format.
5Display all SMTP packets in a complete packet format..
6Display all POP3 packets in a table format.
7Display all HTTP packets in a table format.
8Display list of all captured IPv4 addresses being monitored.
9Display list of all captured IPv4 addresses using HTTP services.
10Display all packets (irrespective of Transport Protocol) in a complete packet format.
11Display all TCP packets in a complete packet format.
12Display all UDP packets in a complete packet format.
13Display all packets with layer wise information display ( TCP/IP model based)
14Display a Flow Analysis of TCP Handshake mechanism.
15VoIP Analysis using SIP/RTP protocols and performs VoIP session reconstruction.
16Deep Packet Inspection techniques to detect XSS, SQLI vulnerabilities.
17IP Trace back to map an IPv4 addresses to Geo locations.
18Deep Packet Inspection techniques to detect Flow based Application protocols.
19Pattern matching filter for the analyzed and reconstructed sessions (HTTP, SMTP, POP3).
20Detect IPv4 addresses from the session reconstructed data of POP3 mail containing details of Origin, Receiver and Proxies involved.

“Monosek on Cloud”, for people to learn, develop, perform Research in the cloud or on-premise in their own environment.


  1. Prof and HOD at a Premiere Institute of Technology in India

    Monosek is a great tool for students and people who want to do research. This is an ideal tool for network labs. Students can conduct experiments and do projects in network protocol or flow and network security domains for understanding of Firewalls, IDS and IPS, with simple C or C++ Callable library functions

Add a review

Your email address will not be published. Required fields are marked *