Plixer FlowPro Terms


A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge

Command and Control

Command and Control cyberattacks (C2 or C&C) happen when bad actors infiltrate a system and install malware that lets them remotely send commands from a C2 server to infected devices

Data exfiltration

Unauthorized data transfer, either manually from a device or over a network

DGA (Domain Generation Algorithms)

Algorithms seen in various families of malware that are used to periodically generate a large number of domain names that can be used as rendezvous points with the command and control servers

DNS Data Leak

DNS server requests that are visible to third parties

Domain Reputation List

List of domains that have been determined, with a high probability, to be “bad domains”

DPI (Deep Packet Inspection)

An advanced method of examining and managing network traffic, functioning at the application layer of the OSI model

JA3 Signature

A method to fingerprint an SSL/TLS client connection based on fields in the Client Hello message from the SSL/TLS handshake. So named as it was first published by John Althouse, Jeff Atkinson, and Josh Atkins from Salesforce in 2017.

NXDOMAIN (No Existing Domain)

Error message indicating that the domain is either not registered or invalid

Observation Domain

A value used by the collector device to group devices when receiving data sessions


Plixer FlowPro configuration file.

Trusted Domain list

List of domains that are allowed on the network (whitelisted)

General Networking Terms

2LD (Second-level Domain)

Part of the naming convention domain names. For example, in, example is the second-level domain of the .com TLD (Top level domain)

3LD (Third-level Domain)

For example, in, www is the third-level domain

API (Application Programming Interface)

A software component that allows applications to share data and functionality

CA (Certification Authority)

A trusted entity that issues, signs, and stores digital certificates

CIDR (Classless Inter-Domain Routing)

An Internet Protocol addressing method that improves the efficiency of allocating IP addresses. The general way of representing the CIDR IP address is a.b.c.d/n with n representing the number of bits used for the identification of the network.

CLI (Command-line Interface)

A text-based interface for applications and operating systems that allows a user to enter commands and receive


SIEMs, Flow Collectors, SNMPTrap Receivers, or other network management systems that analyze data forwarded by the Plixer Replicator from other networked devices

DNS (Domain Name System)

The system by which computers and other devices on the Internet or Internet Protocol networks are uniquely identified using names matched to their IP addresses


Traffic that exits a device or network

ERSPAN (Encapsulated Remote Switched Port Analyzer)

A Cisco proprietary feature that brings generic routing encapsulation (GRE) for all captured traffic and allows it to be extended across Layer 3 domains


A networked device such as a router, switch, or server that generates data and sends it to the Plixer Replicator for replication and forwarding

Fault tolerance

A system’s ability to continue operating without interruptions in the event of a hardware or software failure

FQDN (Fully Qualified Domain Name)

The comple domain name of a specific computer, host, or online presence. For example, Plixer’s website’s FQDN would be

GRE (Generic Routing Encapsulation)

A tunneling protocol developed by Cisco Systems

IP address

A unique numerical label assigned to a networked device

IPFIX (Internet Protocol Flow Information Export)

A protocol that standardizes Internet Protocol flow information from networked devices


The latency of a network is the time it takes for a data packet to be transferred from its source to the destination

LDAP (Lightweight Directory Access Protocol)

An open, cross platform protocol used to authenticate and store information about users, groups, and applications

MAC (Media Access Control) address

A unique hardware identifier typically assigned by manufacturers to network adapters and devices

NIC (Network Interface Card)

Adapter that provides devices network connections, either wired or wireless

OVF (Open Virtualization Format)

An open-source standard for packaging and distributing virtual machines and software applications


A block of data transmitted across a network


Duplicated or alternative network devices and connections meant to serve as a failsafes against the primary service becoming unavailable


A device that forwards or routes data packets to devices on a network


A system or device that provides resources, data, services, or applications to other devices over a network

SIP/RTP (Session Initiation Protocol/Real Time Protocol)

SIP is the control protocol, and RTP is the payload protocol used to send and receive Voice over IP (VoIP)

SSH (Secure Shell Protocol)

A network communication protocol that allows network services to be used securely over an unsecured network

SSL (Secure Sockets Layer)

A protocol for establishing secure connections between networked devices


A device that connects devices in a network and allows them to communicate with each other


A standard for message logging that allows a wide variety of networked devices to share the same repositories and management systems

TLS handshake (Transport Layer Security)

TLS is a network protocol used to ensure secure and private communications over the internet. A TLS handshake is the process that kicks off a communication session that uses TLS encryption

UDP (User Datagram Protocol)

A communication protocol used by applications to send messages to other hosts on an Internet Protocol network via low-latency, loss-tolerating connections

Virtual appliance

A pre-configured virtual machine image with pre-installed software meant to serve a specific function

VoIP (Voice over Internet Protocol)

A technology that allows voice calls using an internet connection