Readability of stored Flowmon monitoring data trough third-party nfdump tools

Flowmon nfcapd files are only readable trough Flowmon collectors

Product: Flowmon collector

Version: any

Platform: any

"If an attacker steals Flowmon's data, is it possible for them to access the data inside the nfcapd file using certain tools?"

Monitored data that the collector works with are stored as nfcapd files.

In general, nfcapd files are just binary files, so there is no encryption securing them.

In Flowmon, the structure of nfcapd files is heavily modified compared to the standard nfcapd files outside of Flowmon, so they will not be readable / accessible by nfdump tools that are publicly available.

However, from the security standpoint, this isn't something the user should rely on - the transit between the probe and the collector can be encrypted via TLS, and the access to the collector itself should be secured internally if there are security concerns.