FlowMon
It is proposed that this article be deleted because of the following concern:
If you can address this concern by improving, copyediting, sourcing, renaming, or merging the page, please edit this page and do so. You may remove this message if you improve the article or otherwise object to deletion for any reason. Although not required, you are encouraged to explain why you object to the deletion, either in your edit summary or on the talk page. If this template is removed, do not replace it. This message has remained in place for seven days, so the article may be deleted without further notice. Find sources: "FlowMon" – news · newspapers · books · scholar · JSTOR Nominator: Please consider notifying the author/project: {{subst:proposed deletion notify|FlowMon|concern=no evidence of notability}} ~~~~Timestamp: 20090910142121 14:21, 10 September 2009 (UTC) Administrators: delete |
 | The topic of this article may not meet Wikipedia's general notability guideline. (September 2009) |
 |
FlowMon probe is an appliance for monitoring and reporting information on IP flows in high-speed computer networks. The probe is being developed by Liberouter team within the scope of CESNET research activity Optical National Research Network and its New Applications - 602 - Programmable hardware.
FlowMon probe is build upon a pair of programmable network cards, called COMBO, and a host computer with Linux operating system. The pair of COMBO cards consists of a main card with PCI-Express connector for a connection to a motherboard of the host computer and of an add-on card with 2 or 4 network interfaces. Both cards contain programmable chips (FPGA) which are able to process high amount of data at high speed. Flow monitoring process itself is split between hardware (acceleration cards) and application software running in a host computer. Following a principle of hardware software co-design, all time critical tasks are implemented in FPGA chips on acceleration cards while more complex operations are executed by application software. This concept enables for monitoring of modern high-speed networks (1Gbps, 10Gbps) with no packet loss and with no necessity of input sampling. At the same time a flexible and user-friendly interface is provided by software.
FlowMon probe is a passive monitoring device, i.e., it does not alter passing traffic in any way. Therefore its detection is hardly possible. When connected to a network FlowMon probe observes all passing traffic/packets, extracts and aggregates information on IP flows into so called flow records. FlowMon probe is able to export aggregated data to external collectors in NetFlow (version 5 and 9) and IPFIX format. Collectors collect incomming flow records and store them for automated or manual and visual analysis (automated malicious traffic detection, filter rules, graphs and statistical schemas). The whole system allows for monitoring of actual state of monitored network as well as it allows for a long-term traffic analysis.
See also
External sources
- Flexible FlowMon technical report
- User and Test Report on NetFlow Probe (DJ2.2.2,2)
- Liberouter project web page
- CESNET web page