400GBPS FlowProbe: Network Traffic Monitoring

The FlowProbe provides full network visibility with the world’s highest density enriched flow metadata generator

Network traffic monitoring is essential for ensuring your organisation has all the information required to make evidence-based decisions to prevent and respond to cyber-attacks on your digital estate. Our FlowProbe security solution is a network monitoring tool capable of providing vital intrusion detection information for high-rate and high-volume network traffic without impacting network performance. Coupled with a security solution such as the Telesoft Data Analytics Capability (TDAC), the Flowprobe provides your NetSecOps teams with sophisticated intrusion detection and threat behavioural analysis capabilities.

The FlowProbe provides detailed un-sampled traffic statistics in the form of flow records from large-scale networks up to 4 x 100GbE per high-performance 1U appliance. The flow records created from the raw data can be passed in real-time to the Telesoft TDAC or any other compatible customer data platform. This data enrichment gives analysts detailed and accurate information about each and every communication session, including IP addresses and the endpoint identities, the session start and end times and the volume of traffic transmitted, without impacting the integrity of the sensitive data held within network packets. TCP session timing information allows the detection of anomalies and classification of traffic.

The 400G Telesoft FlowProbe is an integral part of network detection and response, providing highly accurate, unsampled network metadata, with targeted content capture and alerts provided by the 100G CERNE Intrusion Detection System to operational teams for incident response and proactive threat hunting.


  • HTTP flows

    HTTP flows are detected on any port and the host, URI, method and status fields which are extracted and included in the flow record.

  • SSL flows

    SSL flows have the server name extracted and support JA3 hashing for inclusion in the flow recor.

  • DNS flows

    DNS flows are detected, and the CNAME, host addresses, DNS query types and response codes are added to the flow record..

  • BGP correlation

    BGP correlation of IP address to AS is added to the flow record.

  • SIP flows

    Support the logging of SIP flows and counts of SIP methods and response codes are extracted and added to the flow record

Take a guided tour around the FlowProbe’s GUI


The Probe does not affect the monitored traffic and typically connects to monitoring infrastructures such as packet brokers or taps. Flow records are exported for analysis and storage to the scalable Telesoft Data Analytics Capability (TDAC) collection, retention, and analysis application or to another IPFIX/NetFlow compatible collector.


  • Real-time Network Traffic Monitoring & Visibility

  • Network Traffic Analysis

  • De-duplication improves monitoring tools efficiency, accuracy and storage requirements

  • Monitoring of Users & Services

  • Internet Access Supervision

  • Plan Network Capacity & Bandwidth Requirements

  • Map Peering and SLA compliance

Automatic detection of tunneled traffic (GRE,GTP, MPLS, IPinIP) and de-tunneling gives visibility of encapsulated traffic found on national ISP and telco carrier networks, making the ultra-high rate multi-100GbE FlowProbe ideal for large scale national network deployments, peering links or data centre backbone. When de-tunneling is selected, the FlowProbe will create flow records for the individual flows within a tunnel (including all the layer 7 details), and also identify the outer tunnel that is carrying it giving another layer of visibility and protection.

Related Products