Plixer FlowPro Terms

A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge
Command and Control
Command and Control cyberattacks (C2 or C&C) happen when bad actors infiltrate a system and install malware that lets them remotely send commands from a C2 server to infected devices
Data exfiltration
Unauthorized data transfer, either manually from a device or over a network
DGA (Domain Generation Algorithms)
Algorithms seen in various families of malware that are used to periodically generate a large number of domain names that can be used as rendezvous points with the command and control servers
DNS Data Leak
DNS server requests that are visible to third parties
Domain Reputation List
List of domains that have been determined, with a high probability, to be “bad domains”
DPI (Deep Packet Inspection)
An advanced method of examining and managing network traffic, functioning at the application layer of the OSI model
JA3 Signature
A method to fingerprint an SSL/TLS client connection based on fields in the Client Hello message from the SSL/TLS handshake. So named as it was first published by John Althouse, Jeff Atkinson, and Josh Atkins from Salesforce in 2017.
NXDOMAIN (No Existing Domain)
Error message indicating that the domain is either not registered or invalid
Observation Domain
A value used by the collector device to group devices when receiving data sessions
Plixer FlowPro configuration file.
Trusted Domain list
List of domains that are allowed on the network (whitelisted)

General Networking Terms

2LD (Second-level Domain)
Part of the naming convention domain names. For example, in, example is the second-level domain of the .com TLD (Top level domain)
3LD (Third-level Domain)
For example, in, www is the third-level domain
API (Application Programming Interface)
A software component that allows applications to share data and functionality
CA (Certification Authority)
A trusted entity that issues, signs, and stores digital certificates
CIDR (Classless Inter-Domain Routing)
An Internet Protocol addressing method that improves the efficiency of allocating IP addresses. The general way of representing the CIDR IP address is a.b.c.d/n with n representing the number of bits used for the identification of the network.
CLI (Command-line Interface)
A text-based interface for applications and operating systems that allows a user to enter commands and receive
SIEMs, Flow Collectors, SNMPTrap Receivers, or other network management systems that analyze data forwarded by the Plixer Replicator from other networked devices
DNS (Domain Name System)
The system by which computers and other devices on the Internet or Internet Protocol networks are uniquely identified using names matched to their IP addresses
Traffic that exits a device or network
ERSPAN (Encapsulated Remote Switched Port Analyzer)
A Cisco proprietary feature that brings generic routing encapsulation (GRE) for all captured traffic and allows it to be extended across Layer 3 domains
A networked device such as a router, switch, or server that generates data and sends it to the Plixer Replicator for replication and forwarding
Fault tolerance
A system’s ability to continue operating without interruptions in the event of a hardware or software failure
FQDN (Fully Qualified Domain Name)
The comple domain name of a specific computer, host, or online presence. For example, Plixer’s website’s FQDN would be
GRE (Generic Routing Encapsulation)
A tunneling protocol developed by Cisco Systems
IP address
A unique numerical label assigned to a networked device
IPFIX (Internet Protocol Flow Information Export)
A protocol that standardizes Internet Protocol flow information from networked devices
The latency of a network is the time it takes for a data packet to be transferred from its source to the destination
LDAP (Lightweight Directory Access Protocol)
An open, cross platform protocol used to authenticate and store information about users, groups, and applications
MAC (Media Access Control) address
A unique hardware identifier typically assigned by manufacturers to network adapters and devices
NIC (Network Interface Card)
Adapter that provides devices network connections, either wired or wireless
OVF (Open Virtualization Format)
An open-source standard for packaging and distributing virtual machines and software applications
A block of data transmitted across a network
Duplicated or alternative network devices and connections meant to serve as a failsafes against the primary service becoming unavailable
A device that forwards or routes data packets to devices on a network
A system or device that provides resources, data, services, or applications to other devices over a network
SIP/RTP (Session Initiation Protocol/Real Time Protocol)
SIP is the control protocol, and RTP is the payload protocol used to send and receive Voice over IP (VoIP)
SSH (Secure Shell Protocol)
A network communication protocol that allows network services to be used securely over an unsecured network
SSL (Secure Sockets Layer)
A protocol for establishing secure connections between networked devices
A device that connects devices in a network and allows them to communicate with each other
A standard for message logging that allows a wide variety of networked devices to share the same repositories and management systems
TLS handshake (Transport Layer Security)
TLS is a network protocol used to ensure secure and private communications over the internet. A TLS handshake is the process that kicks off a communication session that uses TLS encryption
UDP (User Datagram Protocol)
A communication protocol used by applications to send messages to other hosts on an Internet Protocol network via low-latency, loss-tolerating connections
Virtual appliance
A pre-configured virtual machine image with pre-installed software meant to serve a specific function
VoIP (Voice over Internet Protocol)
A technology that allows voice calls using an internet connection