What does it take to use Fl0wer?
Fl0wer is a platform normally packaged for Linux-like systems and is distributed for Intel/AMD x64 platforms. The following distributions are supported:
- RHEL 7 / CentOS 7
- RHEL 8 / CentOS 8
- RHEL 9 / CentOS Stream
- Debian 8 and derivatives
- Debian 9 and derivatives
- Debian 10 and derivatives
- Debian 11 / *Ubuntu 20.04 and derivatives
- Debian 12
A pre-configured reporting VM based on Debian 12 is also available (upon request).
The demo versions for the above-mentioned platforms (as well as the Windows 10 client) can be downloaded freely from the site and have the following limitations:
- multithreading support is disabled;
- Netflow 9 and IPFix protocols are not supported;
- IPv6 traffic flows are not managed;
- Certificates for Fl0wer client/server communications are of the exclusively dynamic SSLv2/SSLv3 type.
- Flow Matrix is limited to 50 entries
Also available for download are the so-called Fl0wer RTE (Runtime Environment), which contain a stand-alone Python 3.7 environment with which you can work with the sources of the various applications made available in source format (GUI, CLI, Data Pumper, etc.).
Which network probes are supported?
The Fl0wer platform is able to receive traffic metadata transmitted via the following standard protocols:
- Netflow version 1.
- Netflow version 5.
- Netflow version 9.
- IPFix (RFC7012).
- sFlow version 5.
Traffic must be directed to the Fl0wer system via UDP port 2056 for the Netflow and IPFix protocols, and via port 6343 for the sFlow protocol.
These protocols describe data traffic in a very similar way to a telephone bill. Very briefly, they report the start and end time of the conversation, protocols, source and destination of the conversation, network ports used. The content is absolutely not transmitted.
Netflow and IPFix protocols are often available on firewalls, routers, virtualization platforms, and agents on host systems.
The sFlow protocol is often available on Layer 2 Switches, Firewalls and agents on host systems.
Some vendors have implemented Netflow or IPFix type protocols using other names (e.g. Huawei calls its Netflow implementation Netstream), but in almost all cases the only difference found is the name.
A partial list of devices and systems tested with Fl0wer is available at the following link: