mirror of
https://github.com/pavel-odintsov/fastnetmon
synced 2024-11-23 09:12:14 +01:00
better English for the README
This commit is contained in:
parent
7b8852a967
commit
dc27b23927
46
README.md
46
README.md
@ -2,14 +2,14 @@ FastNetMon
|
||||
===========
|
||||
FastNetMon - A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines (NetFlow, IPFIX, sFLOW, SnabbSwitch, netmap, PF_RING, PCAP).
|
||||
|
||||
What can we do? We can detect hosts in our own network with a large amount of packets per second/bytes per second or flow per second incoming or outgoing from certain hosts. And we can call an external script which can notify you, switch off a server or blackhole the client.
|
||||
What can we do? We can detect hosts in our networks sending or receiving large volumes of packets/bytes/flows per second. We can call an external script to notify you, switch off a server, or blackhole the client.
|
||||
|
||||
To enable sFLOW simply specify IP of server with installed FastNetMon and specify port 6343.
|
||||
To enable netflow simply specify IP of server with installed FastNetMon and specify port 2055.
|
||||
To enable sFLOW, simply specify IP of the server running FastNetMon and specify (configurable) port 6343
|
||||
To enable netflow, simply specify IP of the server running FastNetMon and specify (configurable) port 2055
|
||||
|
||||
Why did we write this? Because we can't find any software for solving this problem in the open source world!
|
||||
|
||||
What is "flow" in FastNetMon terms? It's one or multiple udp, tcp, icmp connections with unique src IP, dst IP, src port, dst port and protocol.
|
||||
What is a "flow" in FastNetMon terms? It's one or multiple UDP, TCP, or ICMP connections with unique src IP, dst IP, src port, dst port, and protocol.
|
||||
|
||||
License: GPLv2
|
||||
|
||||
@ -23,7 +23,7 @@ Project
|
||||
- [Roadmap](docs/ROADMAP.md)
|
||||
- [Release Notes](docs/RELEASENOTES.md)
|
||||
- Chat: #fastnetmon at irc.freenode.net [web client](https://webchat.freenode.net/)
|
||||
- [Please fill survey, we need your voice!](https://docs.google.com/forms/d/1YoXQImMeEjBH-JPz3KYtcDwknHs8xrI538ObwSy9uZo/viewform)
|
||||
- [Please fill out the survey, we need your voice!](https://docs.google.com/forms/d/1YoXQImMeEjBH-JPz3KYtcDwknHs8xrI538ObwSy9uZo/viewform)
|
||||
- Detailed reference in Russian: [link](docs/FastNetMon_Reference_Russian.pdf)
|
||||
|
||||
Supported packet capture engines
|
||||
@ -33,16 +33,16 @@ Supported packet capture engines
|
||||
- ![sFLOW](http://sflow.org/images/sflowlogo.gif) v4 (dev branch only), v5
|
||||
- Port mirror/SPAN capture with PF_RING (with ZC/DNA mode support [need license](http://www.ntop.org/products/pf_ring/)), SnabbSwitch, NETMAP and PCAP
|
||||
|
||||
You could look [comparison table](docs/CAPTURE_BACKENDS.md) for all available packet capture engines.
|
||||
You can check out the [comparison table](docs/CAPTURE_BACKENDS.md) for all available packet capture engines.
|
||||
|
||||
Features
|
||||
--------
|
||||
- Complete [BGP Flow Spec support](docs/BGP_FLOW_SPEC.md), RFC 5575
|
||||
- Can process incoming and outgoing traffic
|
||||
- Can trigger block script if certain IP loads network with a large amount of packets/bytes/flows per second
|
||||
- Thresholds could be configured in per subnet basis with hostgroups feature
|
||||
- Could [announce blocked IPs](docs/EXABGP_INTEGRATION.md) to BGP router with [ExaBGP](https://github.com/Exa-Networks/exabgp)
|
||||
- GoBGP [integration](docs/GOBGP.md) for unicast IPv4 announces
|
||||
- Process and distinguish incoming and/or outgoing traffic
|
||||
- Trigger block/notify script if an IP exceeds defined thresholds for packets/bytes/flows per second
|
||||
- Thresholds can be configured per-subnet with the hostgroups feature
|
||||
- [Announce blocked IPs](docs/EXABGP_INTEGRATION.md) via BGP to routers with [ExaBGP](https://github.com/Exa-Networks/exabgp)
|
||||
- GoBGP [integration](docs/GOBGP.md) for unicast IPv4 announcements
|
||||
- Full integration with [Graphite](docs/GRAPHITE_INTEGRATION.md) and [InfluxDB](docs/INFLUXDB_INTEGRATION.md)
|
||||
- API
|
||||
- Redis integration
|
||||
@ -50,14 +50,14 @@ Features
|
||||
- Deep packet inspection for attack traffic
|
||||
- netmap support (open source; wire speed processing; only Intel hardware NICs or any hypervisor VM type)
|
||||
- SnabbSwitch support (open source, very flexible, LUA driven, very-very-very fast)
|
||||
- Could filter out NetFLOW v5 flows or sFLOW packets with script implemented in LUA (useful for port exclude)
|
||||
- Filter NetFlow v5 flows or sFLOW packets with LUA scripts (useful for excluding particular ports)
|
||||
- Supports L2TP decapsulation, VLAN untagging and MPLS processing in mirror mode
|
||||
- Can work on server/soft-router
|
||||
- Can detect DoS/DDoS in 1-2 seconds
|
||||
- [Tested](docs/PERFORMANCE_TESTS.md) up to 10GE with 12 Mpps on Intel i7 3820 with Intel NIC 82599
|
||||
- Works on server/soft-router
|
||||
- Detects DoS/DDoS in as little as 1-2 seconds
|
||||
- [Tested](docs/PERFORMANCE_TESTS.md) up to 10Gb with 12 Mpps on Intel i7 3820 with Intel NIC 82599
|
||||
- Complete plugin support
|
||||
- Could capture attack fingerprint in pcap format
|
||||
- Have [complete support](docs/DETECTED_ATTACK_TYPES.md) for most popular attack types
|
||||
- Captures attack fingerprints in PCAP format
|
||||
- [Complete support](docs/DETECTED_ATTACK_TYPES.md) for most popular attack types
|
||||
|
||||
Running Fastnetmon
|
||||
------------------
|
||||
@ -74,10 +74,10 @@ Running Fastnetmon
|
||||
- [Juniper MX Routers](docs/JUNOS_INTEGRATION.md)
|
||||
|
||||
### Distributions supported
|
||||
- We are part of [CloudRouter](https://cloudrouter.org/cloudrouter/2015/07/09/fastnetmon.html) distribution
|
||||
- We are part of [official FreeBSD ports](https://freshports.org/net-mgmt/fastnetmon/), [manual install](docs/FreeBSD_INSTALL.md)
|
||||
- We are part of the [CloudRouter](https://cloudrouter.org/cloudrouter/2015/07/09/fastnetmon.html) distribution
|
||||
- We are part in the [official FreeBSD ports collection](https://freshports.org/net-mgmt/fastnetmon/), [manual install](docs/FreeBSD_INSTALL.md)
|
||||
- [Amazon AMI image](docs/AMAZON.md)
|
||||
- [VyOS based iso image with bundled FastNetMon](docs/VYOS_BINARY_ISO_IMAGE.md)
|
||||
- [VyOS based ISO image with bundled FastNetMon](docs/VYOS_BINARY_ISO_IMAGE.md)
|
||||
- [Docker image](docs/DOCKER_INSTALL.md)
|
||||
- [Automatic install script for Debian/Ubuntu/CentOS/Fedora/Gentoo](docs/INSTALL.md)
|
||||
- [Automatic install script for Mac OS X](docs/MAC_OS_INSTALL.md)
|
||||
@ -87,11 +87,11 @@ Running Fastnetmon
|
||||
Screenshoots
|
||||
------------
|
||||
|
||||
Main program screen image:
|
||||
Main program screenshot:
|
||||
|
||||
![Main screen image](docs/images/fastnetmon_screen.png)
|
||||
|
||||
Example for cpu load on Intel i7 2600 with Intel X540/82599 NIC on 400 kpps load:
|
||||
Example CPU load on Intel i7 2600 with Intel X540/82599 NIC at 400 kpps load:
|
||||
![Cpu consumption](docs/images/fastnetmon_stats.png)
|
||||
|
||||
Example deployment scheme:
|
||||
@ -102,7 +102,7 @@ Example of [notification email](docs/ATTACK_REPORT_EXAMPLE.md) about detected at
|
||||
|
||||
How I can help project?
|
||||
-----------------------
|
||||
- We are looking for maintainer for Debian and Fedora/EPEL packages
|
||||
- We are looking for a maintainer for the Debian and Fedora/EPEL packages
|
||||
- Test it!
|
||||
- Share your experience
|
||||
- Share your use cases
|
||||
|
Loading…
Reference in New Issue
Block a user