Short answers, pulled from the story.
The LOBSTER project emerged from the SCAMPI initiative active during 2004 and 2005 and concluded operations in 2007. It received funding from the European Commission to build an advanced pilot infrastructure based on passive network monitoring sensors.
LOBSTER relies on passive network traffic monitoring rather than active probing methods to record all IP packets flowing through monitored links. This approach captures both headers and payloads for complete information capture without interfering with normal operations.
M Polychronakis and colleagues published design details for the Monitoring Application Programming Interface known as MAPI in 2004 within the context of SCAMPI and LOBSTER projects. Programmers could express complex monitoring needs while choosing only the information they required using this interface.
Thirty-six sensors operated across nine countries throughout Europe by various organizations at any given moment. The system monitored traffic spanning over 2.3 million IP addresses and fed into IST 2.3.5 Research Networking testbeds aimed at improving European internet infrastructure.
The system successfully identified more than 400,000 Internet attacks during its operational lifespan through automated analysis of captured packet data. Security researchers utilized the complete packet records to identify malicious patterns and threats without human intervention.