{"id":13419473,"url":"https://github.com/pavel-odintsov/fastnetmon","last_synced_at":"2025-05-13T16:08:26.789Z","repository":{"id":11269828,"uuid":"13674972","full_name":"pavel-odintsov/fastnetmon","owner":"pavel-odintsov","description":"Very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support","archived":false,"fork":false,"pushed_at":"2025-05-01T10:37:45.000Z","size":33412,"stargazers_count":3501,"open_issues_count":56,"forks_count":571,"subscribers_count":197,"default_branch":"master","last_synced_at":"2025-05-01T11:32:17.352Z","etag":null,"topics":["analyzer","attack-detector","cisco","ddos","ddos-defender","ddos-detector","ddos-mitigation","ddos-monitor","ddos-reporter","ddos-sensor","dos","fastnetmon","ipfix","juniper","mikrotik","netflow","netflow-collector","netmap","pcap","sflow"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pavel-odintsov.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":null},"created_at":"2013-10-18T10:09:53.000Z","updated_at":"2025-05-01T10:37:49.000Z","dependencies_parsed_at":"2024-02-05T13:33:00.747Z","dependency_job_id":"e4281895-8106-4959-9a67-b7d9621f4a4b","html_url":"https://github.com/pavel-odintsov/fastnetmon","commit_stats":{"total_commits":3151,"total_committers":52,"mean_commits":60.59615384615385,"dds":0.04823865439543007,"last_synced_commit":"784479731f6f2550b43cc775eac858b0ff077b04"},"previous_names":[],"tags_count":21,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pavel-odintsov%2Ffastnetmon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pavel-odintsov%2Ffastnetmon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pavel-odintsov%2Ffastnetmon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pavel-odintsov%2Ffastnetmon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pavel-odintsov","download_url":"https://codeload.github.com/pavel-odintsov/fastnetmon/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253980052,"owners_count":21994042,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analyzer","attack-detector","cisco","ddos","ddos-defender","ddos-detector","ddos-mitigation","ddos-monitor","ddos-reporter","ddos-sensor","dos","fastnetmon","ipfix","juniper","mikrotik","netflow","netflow-collector","netmap","pcap","sflow"],"created_at":"2024-07-30T22:01:16.528Z","updated_at":"2025-05-13T16:08:26.783Z","avatar_url":"https://github.com/pavel-odintsov.png","language":"C++","funding_links":[],"categories":["TODO scan for Android support in followings","C++","\u003ca id=\"1233584261c0cd5224b6e90a98cc9a94\"\u003e\u003c/a\u003e渗透\u0026\u0026offensive\u0026\u0026渗透框架\u0026\u0026后渗透框架","\u003ca name=\"cpp\"\u003e\u003c/a\u003eC++","C++ (225)","others","\u003ca id=\"5dd93fbc2f2ebc8d98672b2d95782af3\"\u003e\u003c/a\u003e工具","Tools"],"sub_categories":["\u003ca id=\"a0897294e74a0863ea8b83d11994fad6\"\u003e\u003c/a\u003eDDOS"],"readme":"Community Edition\n===========\nIt's a high-performance DDoS detector/sensor built on top of multiple packet capture engines: NetFlow, IPFIX, sFlow, AF_PACKET (port mirror).\n\nWhat do we do?\n--------------\nWe detect hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows per second and\nperform a configurable action to handle that event. These configurable actions include notifying you, calling script or making BGP announcements. \n\nProject \n-------\n🌏️ [Official site](https://github.com/pavel-odintsov/fastnetmon)\n🌟️ [Author](https://pavel-odintsov.com/)  \n📜️ [Author LinkedIN](https://www.linkedin.com/in/podintsov/)  \n\nLegal\n--------------\n\nAuthor and legal owner: Pavel Odintsov \n\n\n### Installation\n- [Linux install instructions](https://fastnetmon.com/install/)\n- [macOS install instructions](https://formulae.brew.sh/formula/fastnetmon)\n- [FreeBSD port](https://www.freshports.org/net-mgmt/fastnetmon/)\n- [VyOS bundled support](https://vyos.io/)\n\nSupported packet capture engines\n--------------------------------\n- NetFlow v5, v9, v9 Lite\n- IPFIX\n- ![sFlow](http://sflow.org/images/sflowlogo.gif) v5\n- PCAP\n- AF_PACKET (recommended)\n- AF_XDP (XDP based capture)\n- Netmap (deprecated, still supported only for FreeBSD)\n- PF_RING / PF_RING ZC (deprecated, available only for CentOS 6 in 1.2.0)\n\nFeatures\n--------\n- Detects DoS/DDoS in as little as 1-2 seconds\n- Scales up to terabits on single server (sFlow, Netflow, IPFIX) or to 40G + in mirror mode\n- Trigger block/notify script if an IP exceeds defined thresholds for packets/bytes/flows per second\n- Thresholds can be configured per-subnet basis with the hostgroups feature\n- Email notifications about detected attack\n- Complete IPv6 support\n- Prometheus support: system metrics and total traffic counters\n- Flow and packet export to Kafka in JSON and Protobuf format\n- Announce blocked IPs via BGP to routers with [ExaBGP](https://github.com/pavel-odintsov/fastnetmon/blob/5b960f76d6bf3dca2c80ef13a3776dfa544fb897/src/fastnetmon.conf#L227) or [GoBGP](https://github.com/pavel-odintsov/fastnetmon/blob/5b960f76d6bf3dca2c80ef13a3776dfa544fb897/src/fastnetmon.conf#L249) (recommended)\n- Full integration with [Clickhouse](https://github.com/pavel-odintsov/fastnetmon/blob/7f0ad9c6cd2db3856607aeed04b5e8125fad3124/src/fastnetmon.conf#L287) [InfluxDB](https://github.com/pavel-odintsov/fastnetmon/blob/5b960f76d6bf3dca2c80ef13a3776dfa544fb897/src/fastnetmon.conf#L275) and [Graphite](https://github.com/pavel-odintsov/fastnetmon/blob/5b960f76d6bf3dca2c80ef13a3776dfa544fb897/src/fastnetmon.conf#L314)\n- [API](https://github.com/pavel-odintsov/fastnetmon/blob/5b960f76d6bf3dca2c80ef13a3776dfa544fb897/src/fastnetmon.conf#L357)\n- [Redis](https://github.com/pavel-odintsov/fastnetmon/blob/5b960f76d6bf3dca2c80ef13a3776dfa544fb897/src/fastnetmon.conf#L211) integration\n- MongoDB protocol support compatible with native [MongoDB](https://github.com/pavel-odintsov/fastnetmon/blob/5b960f76d6bf3dca2c80ef13a3776dfa544fb897/src/fastnetmon.conf#L221) and [FerretDB](https://github.com/FerretDB/FerretDB)\n- VLAN untagging in mirror and sFlow modes\n- Capture attack fingerprints in PCAP format\n\nWe track [multiple](https://github.com/pavel-odintsov/fastnetmon/blob/5b960f76d6bf3dca2c80ef13a3776dfa544fb897/src/fastnetmon_logic.cpp#L3033) platform and environment-specific metrics to understand ways how our product is being used and prioritise development accordingly. \n\nOfficial support groups:\n-------\n- [Mailing list](https://groups.google.com/g/fastnetmon)\n- [Slack](https://join.slack.com/t/fastnetmon/shared_invite/zt-1i2cutd07-qEafHVoJvAOV5ODlHFsLoQ)\n- IRC: #fastnetmon at irc.libera.chat:6697 (TLS) [web client](https://web.libera.chat/?channels=#fastnetmon)\n- Telegram: [fastnetmon](https://t.me/fastnetmon)\n- Discord: [fastnetmon](https://discord.gg/Q4h9AUqFng)\n\nFollow us at social media:\n-------\n- [LinkedIn](https://www.linkedin.com/in/podintsov/)\n\nComplete integration with the following vendors\n--------------------------------\n- [Juniper integration](src/juniper_plugin)\n- [A10 Networks Thunder TPS Appliance integration](src/a10_plugin)\n- [MikroTik RouterOS](src/mikrotik_plugin)\n\n\nScreenshots\n------------\nCommand line interface\n![Main screen image](docs/images/fastnetmon_screen.png)\n\n------------\nStandard Grafana dashboard\n![Grafana total traffic](docs/images/grafana_total.png)\n\nExample deployment scheme\n--------------\n\n![Network diagramm](docs/images/deploy.png)\n\n\nCI build status\n--------------\n[![CircleCI](https://circleci.com/gh/pavel-odintsov/fastnetmon/tree/master.svg?style=svg)](https://circleci.com/gh/pavel-odintsov/fastnetmon/tree/master)\n\nUpstream versions in different distributions\n--------------\n\n[![FastNetMon upstream distro packaging status](https://repology.org/badge/vertical-allrepos/fastnetmon.svg)](https://repology.org/project/fastnetmon/versions) \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpavel-odintsov%2Ffastnetmon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpavel-odintsov%2Ffastnetmon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpavel-odintsov%2Ffastnetmon/lists"}