Per protocol / port thresholds

[gregory-mac]

Hi Pavel!

If I understand correctly, since nDPI removal Fastnetmon can no longer recognize amplification attack types listed here.

I was wondering, are there any plans to add/return this ability? Issue somewhat related:

911

Even without DPI, it could be valuable to have L4 port-aware thresholds.

[pavel-odintsov]

Hello!

We removed this logic as it was mostly broken as nDPI expected to see whole packets and in case of sFlow or sampled mirror it wasn't a case and it did not work for most popular Netflow v9 / IPFIX.

In Advanced version we have detailed per protocol thresholds: https://features.fastnetmon.com/feature-requests/p/add-option-to-create-thresholds-based-on-arbitrary-traffic-types

[gregory-mac]

Thanks for the answer.

[pavel-odintsov]

Advanced edition can easily do it: https://fastnetmon.com/docs-fnm-advanced/flexible-thresholds/