Network traffic information observed at the measuring points has to be exported to a flow collector. For these purposes we use INVEA-TECH‘s FlowMon exporter.

The main advantage of this exporter is a flexible architecture allowing us to use our own plugins for data input, processing, filtering and exporting. This way, we are able to read input data preprocessed by the HANIC firmware in a COMBO card. Based on the input FlowMon exporter creates flow records that can be optionally further processed by a specific processing plugin. Finally, at the specified time, the flow records are exported by an export plugin to the flow collector. Optionally, flow records can be filtered and only the records with the specified properties are exported. In addition, several export plugins can be used simultaneously.

We have created a plugin for INVEA-TECH’s Flowmon Exporter, which can parse DNS traffic and extract DNS application data.