FlowMon

From HandWiki
Revision as of 17:30, 6 February 2024 by Steve2012 (talk | contribs) (over-write)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Short description: Computer network monitoring and security tool

Flowmon is a name for monitoring probe which is the result of academic research activity on CESNET and also a name for a commercial product which is marketed by university spin-off company Flowmon Networks.

Flowmon probe - result of research activities

Flowmon probe is an appliance for monitoring and reporting information of IP flows in high-speed computer networks. The probe is being developed by Liberouter team within the scope of CESNET research plan Optical National Research Network and its New Applications, research activity 602 - Programmable hardware.

Flowmon probe is built upon a pair of programmable network cards, called COMBO, and a host computer with Linux operating system. The pair of COMBO cards consists of a main card with PCI, PCI-X or PCI-Express connector for a connection to a motherboard of the host computer and of an add-on card with 2 or 4 network interfaces. Both cards contain programmable chips (FPGAs) which are able to process high amount of data at multi-gigabit speed. The flow monitoring process itself is split between the hardware (acceleration cards) and the application software running on the host computer. Following the principle of hardware/software codesign, all time-critical tasks are implemented in FPGA chips on acceleration cards while more complex operations are carried out by the application software. This concept enables monitoring of modern high-speed (1 Gbps, 10 Gbps) networks with no packet loss and with no necessity of input sampling. At the same time, a flexible and user-friendly interface is provided by software.

Flowmon probe is a passive monitoring device, i.e. it does not alter passing traffic in any way. Therefore, its detection is hardly possible. When connected to a network, Flowmon probe observes all passing traffic/packets, extracts and aggregates information of IP flows into flow records. Flowmon probe is able to export aggregated data to external collectors in NetFlow (version 5 and 9) and IPFIX format. Collectors collect incoming flow records and store them for automated or manual and visual analysis (automated malicious traffic detection, filter rules, graphs and statistical schemas). The whole system allows monitoring of actual state of monitored network as well as long-term traffic analysis.

Flowmon probe is part of GÉANT2 Security Toolset, which consists of the NetFlow analysis tools NfSen and NfDump and the Flowmon appliance.

See also