1
0
mirror of https://github.com/pavel-odintsov/fastnetmon synced 2024-11-27 03:23:00 +01:00
mirror of the fastnetmon repo with rewritten history
Go to file
2023-06-07 13:10:36 +01:00
.circleci Switched to next version which will be 1.2.6 2023-05-23 18:49:29 +01:00
.github Improved issue template 2022-03-28 14:58:01 +01:00
docs/images Added Grafana total traffic image 2023-03-11 03:55:08 -08:00
src Poretd parser to new logic which does not alter buffer content during parsing process 2023-06-07 13:10:36 +01:00
.gitignore Adjusted to new path for proto file 2023-03-01 12:36:56 +00:00
.gitmodules
LICENSE
README.md Added README corrections recommended by Grammarly 2023-05-22 21:19:57 +01:00
SECURITY.md Update SECURITY.md 2023-03-11 12:52:49 +01:00
THANKS.md Added Rui Chen to Thanks file 2022-11-26 12:17:24 +00:00

logo

Community Edition

FastNetMon - A high-performance DDoS detector/sensor built on top of multiple packet capture engines: NetFlow, IPFIX, sFlow, AF_PACKET (port mirror).

What do we do?

We detect hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows per second and perform a configurable action to handle that event. These configurable actions include notifying you, calling script or making BGP announcements.

Project

🌏 Official site
FastNetMon Advanced, Commercial Edition
🌟 FastNetMon Advanced, free one-month trial
📜 FastNetMon Advanced and Community difference table
📘 Detailed reference
🔏 Privacy policy

Installation

Supported packet capture engines

  • NetFlow v5, v9, v9 Lite
  • IPFIX
  • sFlow v5
  • PCAP
  • AF_PACKET (recommended)
  • AF_XDP (XDP based capture)
  • Netmap (deprecated, still supported only for FreeBSD)
  • PF_RING / PF_RING ZC (deprecated, available only for CentOS 6 in 1.2.0)

You can check out the comparison table for all available packet capture engines.

Features

  • Detects DoS/DDoS in as little as 1-2 seconds
  • Scales up to terabits on single server (sFlow, Netflow, IPFIX) or to 40G + in mirror mode
  • Trigger block/notify script if an IP exceeds defined thresholds for packets/bytes/flows per second
  • Complete support for most popular attack types
  • Thresholds can be configured per-subnet basis with the hostgroups feature
  • Email notifications about detected attack
  • Complete IPv6 support
  • Prometheus support: system metrics and total traffic counters
  • Flow and packet export to Kafka in JSON and Protobuf format
  • Announce blocked IPs via BGP to routers with ExaBGP or GoBGP (recommended)
  • Full integration with InfluxDB and Graphite
  • API
  • Redis integration
  • MongoDB protocol support compatible with native MongoDB and FerretDB
  • VLAN untagging in mirror and sFlow modes
  • Capture attack fingerprints in PCAP format

We track multiple platform and environment-specific metrics to understand ways how our product is being used and prioritise development accordingly.

Official support groups:

Follow us at social media:

Router integration instructions

Complete integration with the following vendors

Screenshots

Command line interface Main screen image


Standard Grafana dashboard Grafana total traffic

Example deployment scheme

Network diagramm

FastNetMon is a product of FastNetMon LTD, UK. FastNetMon ® is a registered trademark in the UK and EU.

CI build status

CircleCI

Upstream versions in different distributions

FastNetMon upstream distro packaging status