This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages) The topic of this article may not meet Wikipedia's general notability guideline. Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be merged, redirected, or deleted. Find sources: "FlowMon" – news · newspapers · books · scholar · JSTOR (March 2023) (Learn how and when to remove this message) This article does not cite any sources. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "FlowMon" – news · newspapers · books · scholar · JSTOR (April 2026) (Learn how and when to remove this message) (Learn how and when to remove this message)

Flowmon is a name for monitoring probe which is the result of academic research activity on CESNET and also a name for a commercial product which is marketed by university spin-off company Flowmon Networks.

Flowmon probe is an appliance for monitoring and reporting information of IP flows in high-speed computer networks. The probe is being developed by Liberouter team within the scope of CESNET research plan Optical National Research Network and its New Applications, research activity 602 - Programmable hardware.

Flowmon probe is built upon a pair of programmable network cards, called COMBO, and a host computer with Linux operating system. The pair of COMBO cards consists of a main card with PCI, PCI-X or PCI-Express connector for a connection to a motherboard of the host computer and of an add-on card with 2 or 4 network interfaces. Both cards contain programmable chips (FPGAs) which are able to process high amount of data at multi-gigabit speed. The flow monitoring process itself is split between the hardware (acceleration cards) and the application software running on the host computer. Following the principle of hardware/software codesign, all time-critical tasks are implemented in FPGA chips on acceleration cards while more complex operations are carried out by the application software. This concept enables monitoring of modern high-speed (1 Gbps, 10 Gbps) networks with no packet loss and with no necessity of input sampling. At the same time, a flexible and user-friendly interface is provided by software.

Flowmon probe is a passive monitoring device, i.e. it does not alter passing traffic in any way. Therefore, its detection is hardly possible. When connected to a network, Flowmon probe observes all passing traffic/packets, extracts and aggregates information of IP flows into flow records. Flowmon probe is able to export aggregated data to external collectors in NetFlow (version 5 and 9) and IPFIX format. Collectors collect incoming flow records and store them for automated or manual and visual analysis (automated malicious traffic detection, filter rules, graphs and statistical schemas). The whole system allows monitoring of actual state of monitored network as well as long-term traffic analysis.

Flowmon probe is part of GÉANT2 Security Toolset, which consists of the NetFlow analysis tools NfSen and NfDump and the Flowmon appliance.

• Network traffic measurement
• IP Flow Information Export
• NetFlow