Technologies for determining sensor placement and topology

What is claimed is: 1 . A method comprising: receiving, by a computing device, messages from sensors deployed around a network, each of the messages reporting a respective flow captured by a reporting sensor from the sensors; identifying flows reported in the messages; for each of the flows, generating a respective list of sensors that reported that flow; and based on the respective list of sensors, inferring at least one of a respective placement of the sensors within the network and a topology of the sensors. 2 . The method of claim 1 , wherein the sensors comprise a first sensor, a second sensor, and a third sensor, and wherein the sensors are respectively deployed in one of a virtual machine, a hypervisor hosting the virtual machine, or a network device configured to route traffic associated with the hypervisor, and wherein the inferring step comprises determining that the first sensor is deployed in the virtual machine, the second sensor is deployed in the hypervisor, and the third sensor is deployed in the network device. 3 . The method of claim 2 , wherein the determining is based on: a first determination that a first flow was reported by the first sensor, the second sensor, and the third sensor; and a second determination that a second flow was not reported by the first sensor. 4 . The method of claim 3 , wherein the determining is further based on a third determination that a third flow was only reported by the third sensor. 5 . The method of claim 1 , wherein each of the messages comprises a sensor identifier associated with the respective flow, and wherein generating the list is based on the sensor identifier associated with each respective flow. 6 . The method of claim 1 , wherein each of the sensors is deployed at a respective hop within a network path, and wherein each of the sensors is configured to report, to the computing device, each flow observed at the respective hop. 7 . The method of claim 6 , wherein the network path comprises a plurality of hops, the plurality of hops comprising a virtual machine, a hypervisor hosting the virtual machine, and a network device configured to route traffic associated with the hypervisor. 8 . The method of claim 7 , wherein the plurality of hops further comprises a server hosting the hypervisor and virtual machine. 9 . The method of claim 7 , wherein the inferring step comprises determining which of the sensors is deployed at the virtual machine, which of the sensors is deployed at the hypervisor, and which of the sensors is deployed at the network device. 10 . The method of claim 1 , wherein each message comprises a list of one or more network flows captured and reported by a respective sensor. 11 . The method of claim 1 , wherein the generating and inferring steps comprise: generating a plurality of respective lists of sensors for the flows, each of the plurality of respective lists of sensors identifying one or more respective sensors reporting a respective one of the flows; for each specific sensor in each respective list of sensors from the plurality of respective lists of sensors: identifying a respective set of other listed sensors comprising all sensors in the respective list of sensors excluding the specific sensor; generating a list of respective sets of other listed sensors, the list of respective sets comprising each respective set of other listed sensors identified for the specific sensor; determining a respective union of sensors in the list of respective sets; determining a respective intersection of sensors in the list of respective sets; computing a respective difference between the respective union and the respective intersection; identifying one or more front sensors corresponding to the respective intersection of sensors, the one or more front sensors comprising a first set of all sensors that can observe all flows from the specific sensor; and identifying one or more rear sensors corresponding to the respective difference, the one or more rear sensors comprising a second set of all sensors whose flows can also be observed by the specific sensor. 12 . The method of claim 11 , wherein inferring the at least one of the respective placement of the sensors within the network and the topology of the sensors is based on the one or more rear sensors and one or more front sensors identified for each specific sensor. 13 . The method of claim 11 , further comprising: when the respective intersection contains multiple sensors and the respective difference is zero or empty, determining that the specific sensor is deployed on a virtual machine; when the respective intersection contains one sensor and the respective difference is a different sensor, determining that the specific sensor is deployed on a hypervisor hosting the virtual machine; and when the respective intersection contains zero sensors and the respective difference is zero, determining that the specific sensor is deployed on a network device configured to route traffic associated with the hypervisor. 14 . The method of claim 1 , wherein: at least one of the sensors comprises at least one of a first process, a first kernel module, or a first kernel driver on a guest operating system installed on a virtual machine; at least one sensor comprises at least one of a second process, a second kernel module, or a second kernel driver on a host operating system installed at a hypervisor layer; and at least one sensor comprises at least one of a third process or a software agent running on a network device. 15 . A system comprising: a processor; and a computer-readable storage medium having stored therein instructions which, when executed by the processor, cause the processor to perform operations comprising: receiving messages from sensors deployed around a network, each of the messages reporting a respective flow captured by a reporting sensor from the sensors; identifying flows reported in the messages; for each of the flows, generating a respective list of sensors that reported that flow; and based on the respective list of sensors, inferring at least one of a respective placement of the sensors within the network and a topology of the sensors. 16 . The system of claim 15 , wherein the generating and inferring steps comprise: generating a plurality of respective lists of sensors for the flows, each of the plurality of respective lists of sensors identifying one or more respective sensors reporting an associated flow; for each specific sensor in each respective list of sensors from the plurality of respective lists of sensors, identifying a respective set of other listed sensors comprising all sensors in the respective list of sensors excluding the specific sensor; for each specific sensor, generating a list of respective sets of other listed sensors, the list of respective sets comprising each respective set of other listed sensors identified for the specific sensor; for each specific sensor: determining a respective union of sensors in the list of respective sets; determining a respective intersection of sensors in the list of respective sets; computing a respective difference between the respective union and the respective intersection; identifying one or more front sensors corresponding to the respective intersection of sensors, the one or more front sensors comprising a first set of all sensors that can observe all flows from the specific sensor; and identifying one or more rear sensors corresponding to the respective difference, the one or more rear sensors comprising a second set of all sensors w