Community Edition
FastNetMon - A high-performance DDoS detector/sensor built on top of multiple packet capture engines: NetFlow, IPFIX, sFlow, AF_PACKET (port mirror).
What do we do?
We detect hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows per second and
perform a configurable action to handle that event. These configurable actions include notifying you, calling script or making BGP announcements.
Project
🌏️ Official site
⭐️ FastNetMon Advanced, Commercial Edition
🌟️ FastNetMon Advanced, free one-month trial
📜️ FastNetMon Advanced and Community difference table
📘️ Detailed reference
Legal
📖 FastNetMon Community Edition Terms and Conditions
🔏️ FastNetMon Community Edition Privacy Notice
FastNetMon is a product of FastNetMon LTD, UK. FastNetMon ® is a registered trademark in the UK and EU.
By installing or using this software, you confirm that you have read and agree to the FastNetMon Community Edition T&Cs and Privacy Notice, which will apply to your installation and use of the software
Installation
Supported packet capture engines
- NetFlow v5, v9, v9 Lite
- IPFIX
- v5
- PCAP
- AF_PACKET (recommended)
- AF_XDP (XDP based capture)
- Netmap (deprecated, still supported only for FreeBSD)
- PF_RING / PF_RING ZC (deprecated, available only for CentOS 6 in 1.2.0)
You can check out the comparison table for all available packet capture engines.
Features
- Detects DoS/DDoS in as little as 1-2 seconds
- Scales up to terabits on single server (sFlow, Netflow, IPFIX) or to 40G + in mirror mode
- Trigger block/notify script if an IP exceeds defined thresholds for packets/bytes/flows per second
- Thresholds can be configured per-subnet basis with the hostgroups feature
- Email notifications about detected attack
- Complete IPv6 support
- Prometheus support: system metrics and total traffic counters
- Flow and packet export to Kafka in JSON and Protobuf format
- Announce blocked IPs via BGP to routers with ExaBGP or GoBGP (recommended)
- Full integration with Clickhouse InfluxDB and Graphite
- API
- Redis integration
- MongoDB protocol support compatible with native MongoDB and FerretDB
- VLAN untagging in mirror and sFlow modes
- Capture attack fingerprints in PCAP format
We track multiple platform and environment-specific metrics to understand ways how our product is being used and prioritise development accordingly.
Official support groups:
Follow us at social media:
Router integration instructions
Complete integration with the following vendors
Screenshots
Command line interface
Standard Grafana dashboard
Example deployment scheme
CI build status
Upstream versions in different distributions