FastNetMon - A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines (NetFlow, IPFIX, sFlow, AF_PACKET, SnabbSwitch, netmap, PF_RING (obsoleted), PCAP).
What do we do?
We detect hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows, per second and perform a configurable action to handle that event. These configurable actions include notifying you, switching off the server, or blackholing the client.
Flow is one or more ICMP, UDP, or TCP packets which can be identified via their unique src IP, dst IP, src port, dst port, and protocol fields.
Integration with flow systems
At a very high level integration with FastNetMon is fairly simple. In both cases the work flow is the same and the main difference being the port numbers provided. The port numbers are configurable.
sFlow
Configure the IP of the server running FastNetMon using port 6343. This port number is configurable.
Netflow
Configure the IP of the server running FastNetMon using port 2055. This port number is configurable.
License: GPLv2
Official mirror at GitLab
Project
Official support groups:
Follow us at social media:
Supported packet capture engines
Complete integration with the following vendors
Features
Running Fastnetmon
Supported platforms
Supported architectures
Hardware requirements
Router integration instructions
Distributions supported
Screenshots
Main program:
Example CPU load on Intel i7-2600 with Intel X540/82599 NIC at 400Kpps load:
Example of notification email about detected attack:
Author: Pavel Odintsov
github.com/Exa-Networks/exabgp
github.com/pavel-odintsov/fastnetmon
github.com/pavel-odintsov/fastnetmon/blob/master/docs/images/deploy.png
github.com/pavel-odintsov/fastnetmon/blob/master/docs/images/fastnetmon_stats.png
github.com/pavel-odintsov/fastnetmon/blob/master/src/a10_plugin
github.com/pavel-odintsov/fastnetmon/blob/master/src/juniper_plugin
github.com/pavel-odintsov/fastnetmon/blob/master/src/mikrotik_plugin
gitlab.com/fastnetmon/fastnetmon