GitPedia

Microflow nano

Nano is a cross-architecture host traffic analyze super microprobe with extensive deployment experience. It can provide high-quality, fine-grained traffic log data for various data analysis platforms, enabling rich functionality and value.

From Microflow-IO·Updated April 2, 2025·View on GitHub·

- Nano is a cross-architecture basic data capability. **It is the world's smallest Linux tool of its kind.** - Nano is a **host-based**, high-performance, fine-grained, multi-dimensional traffic analyze tool, providing L4~L7 log output, real-time packet forwarding, and PCAP playback. - Nano is designed according to commercial product standards, featuring large-scale deployment and 24/7/365 operation capabilities, and has successfully deployed **over 18,000 VMs and K8S-nodes**. - Nano is a type o... The project is written primarily in PowerShell, first published in 2024. Key topics include: api-monitoring, api-performance, cloud-traffic-analysis, east-west-lateral-movement-attack-detection, host-based-traffic-analyzer.

Latest release: v4.0v4.0.0
November 26, 2024View Changelog →
<img src="https://github.com/Microflow-IO/microflow-nano/blob/main/docs/github_microflow_B.png" alt="logo" style="float:left; margin-right:10px;" />

Microflow Nano

<h2 style="font-size: 20px;color: #1E90FF;">Featherweight Probe. Heavyweight Security. </h3>

🎬Brief Introduction

  • Nano is a cross-architecture basic data capability. It is the world's smallest Linux tool of its kind.
  • Nano is a host-based, high-performance, fine-grained, multi-dimensional traffic analyze tool, providing L4~L7 log output, real-time packet forwarding, and PCAP playback.
  • Nano is designed according to commercial product standards, featuring large-scale deployment and 24/7/365 operation capabilities, and has successfully deployed over 18,000 VMs and K8S-nodes.
  • Nano is a type of DaaS tool, and various data analysis platforms can realize rich cloud network security, data security, and performance monitoring scenarios through Nano data.

🚀 Key Features

  • Ultra-Lightweight: Just 500KB standalone Linux tool, yet incredibly powerful.
  • Cross-Platform: Works on Linux, Windows Server (above 2008); ARM86, X86; K8S & containers.
  • Ultra-High Performance: Without additional CPU resources, fixed 110MB memory footprint.
  • Fine-grained Data: Output HTTP/header/body, SQL, DNS, TCP/UDP......,raw packets, and host metrics.
  • Superior Security: Fully silent deployment, with no interference to business, hosts, or cloud networks.

💡 Adaptation platform

  • ELK/ES, Splunk, Graylog, OpenSearch;
  • AWS Cloudwatch/Log, AZURE Monitor/Log Analytics; Datadog/Log Management, New Relic/Logs;
  • SOC/XDR platforms, Wazuh, QRadar, etc...

🎯 Use Cases

function

More details

🚦 Simplified Deployment

  1. Linux
  2. Windows
  3. Docker
  4. ARM86

📊Output List

Data & KPIs

📺Demo

We have built a demo using Graylog to help you understand the powerful capabilities of Nano. We are very grateful to Graylog.

Demo Login:guest PS:mfnano@2024

☎FAQ

Nano FAQ

🏆 Battle-Tested Reliability

  • Developed since 2019, now in version 4.0
  • Deployed on 1000+ IaaS Server and 18,000+ PaaS VMs/K8S nodes

💰 Free and Open Source

User TypePlan
IndividualsFree Forever
EducationFree Forever
SMBsFree Forever
Medium to Large UsersCommercially licensed, but open source

www.microflow.io

microflow.io@gmail.com

07/23/2023

Contributors

Showing top 2 contributors by commit count.

Microflow-IO

Microflow-IO

160 commits

laoyang103

laoyang103

43 commits

View all contributors on GitHub →

This article is auto-generated from Microflow-IO/microflow-nano via the GitHub API.Last fetched: 6/25/2026