Sentinel, part of the Vantage Platform, is the enterprise capture daemon for persistent, high-volume packet recording at the network edge. Captures, indexes, and analyzes inline. Serves multiple analysts simultaneously. The packets never leave the server.
Copyright (c) 2025 Sly Technologies Inc. Type 'help' for commands, Tab for completion, Ctrl-C to cancel > show status Sentinel Daemon Status 2026-02-27 13:12:50 State Running Uptime 14d 3h 22m PID 4821 Version Sentinel v1.0.0 Host dco-server1 Captures 3 (1 recording, 2 complete) Clients 2 connected Interfaces eth0, eth1 CPU 12% Memory 48 / 128 GB (37%) Disk 2.1 / 8.0 TB (26%) Net I/O 42 Gbps in, 1.2 Gbps out > discover Scanning... ● localhost:9800 Sentinel v1.0.0 ● lab-server.internal:9800 Sentinel v1.0.0 ○ prod-tap-east.acme.com:9800 offline Found 2 servers (1 offline) > show sessions USER LEVEL ADDRESS CONNECTED VIEWING ───────────────────────────────────────────────────────── sarah 8 10.0.0.50 2h 14m live-perimeter mike 5 10.0.0.51 45m live-perimeter > show captures CAPTURE STATE SIZE PACKETS RATE STARTED ──────────────────────────────────────────────────────────────────────────────── live-perimeter recording 127.4 GB 142,847,293 1.2 Gbps Dec 20 08:00 incident-1217.cap complete 847 MB 1,247,892 - Dec 17 02:14 baseline.cap complete 12.1 GB 24,847,123 - Dec 1 00:00 > help Vantage Query Quick Reference Status & Info show status Daemon status overview show captures List all captures show capture <name> Capture details show interfaces Network interfaces show stats Performance metrics show errors Error summary show sessions Connected users show servers Discovered servers show env Environment variables Data Queries show packets [where <filter>] Query packets show flows [where <filter>] Query flows show streams [where <filter>] Query reassembled streams Capture Management capture start <name> [options] Start new capture capture stop <name> Stop capture capture resume <name> Resume paused capture capture delete <name> Delete capture
800 Gbps sustained with DPDK and Napatech support. Zero-copy, NUMA-aware. Multiple interfaces aggregated.
Security levels 0–20 enforced at capture time. PII/IMSI obfuscation. Policy-driven encryption. Air-gap support.
SIX and DIX indexes built live. Metadata tokens for fast lookup. No post-processing delay.
Analysis tokens pre-computed at capture time. Replay any past session at full fidelity — no re-processing required.
20 configurable security levels enforced per-packet at the point of capture. PII/IMSI obfuscation. Encryption at rest. Audit trail on every access.
Multiple Lynx clients connect simultaneously, each enforced at their own security level. No interruption to live capture while analysts work.
Install the package. Start the daemon. Sentinel runs as a systemd service with automatic restart, log rotation, and health monitoring.
Configuration via YAML config file or command-line arguments. Prometheus metrics endpoint for integration with your existing monitoring infrastructure.
Deploy on your datacenter tap. Your cloud gateway. Your SOC sensor. Sentinel runs continuously without human intervention. When something happens, the data is already there — part of the Vantage Platform ecosystem.
# Install $ apt install sentinel # Start as daemon (systemd) $ systemctl enable sentinel $ systemctl start sentinel # Or start manually $ sentinel start \ --interface eth0,eth1 \ --output /captures/ \ --retention 90d \ --security-level 5 # Check status $ sentinel status Sentinel v1.0.0 - running Uptime: 14d 3h 22m Captures: 3 | Clients: 2 Disk: 2.1/8 TB (26%) # Enter interactive console $ sentinel console
Lynx Sentinel View and analyze Capture and index Perpetual license Subscription per server │ │ └────────────┬────────────┘ │ Same dashboard Same discovery Same security model Same analysis tokens │ ▼ Vantage Platform (2026) Federate and scale Exabyte-scale capture Global cluster management
Start with Lynx and local files. Add Sentinel when you need persistent infrastructure. Scale to Vantage Platform when you're managing petabytes across continents. Lynx, Sentinel, and Quarry all run on jNetWorks.
Schedule a demo or talk to our team about deployment.