explaingit

pavel-odintsov/fastnetmon

Analysis updated 2026-07-03

3,664C++Audience · ops devopsComplexity · 4/5Setup · hard

TLDR

A high-speed network monitoring tool that detects DDoS attacks within one to two seconds by watching traffic from routers and automatically sending alerts or announcing attacked IPs to BGP peers for instant blocking.

Mindmap

mindmap
  root((repo))
    What it does
      DDoS detection
      Traffic monitoring
      Auto mitigation
    Input Sources
      NetFlow
      sFlow and IPFIX
      Packet mirroring
    Actions
      Email alerts
      BGP blackhole
      Custom scripts
    Integrations
      Prometheus and Grafana
      Kafka and InfluxDB
      Juniper and MikroTik
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Monitor your network for DDoS attacks and receive email alerts within two seconds of an attack starting.

USE CASE 2

Automatically announce a victim IP address to BGP peers so upstream routers drop the attack traffic at the network edge.

USE CASE 3

Ingest NetFlow or sFlow data from existing routers and visualize per-IP traffic in Grafana dashboards.

USE CASE 4

Set per-IP thresholds for packets per second and trigger a custom mitigation script when a threshold is crossed.

What is it built with?

C++NetFlowsFlowIPFIXBGPPrometheusGrafanaInfluxDB

How does it compare?

pavel-odintsov/fastnetmonfacebookresearch/habitat-simantimicrox/antimicrox
Stars3,6643,6643,661
LanguageC++C++C++
Setup difficultyhardhardeasy
Complexity4/55/52/5
Audienceops devopsresearchergeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1day+

Requires router-side NetFlow or sFlow configuration pointing at the monitoring server, BGP mitigation also requires access to a BGP peering session.

In plain English

FastNetMon is a network traffic monitoring tool that detects DDoS attacks within seconds. It watches the flow of traffic on a network and raises an alert or takes automated action when any single IP address sends or receives an unusually large volume of data. It is built in C++ and is developed by FastNetMon LTD, a UK company. This repository is the Community Edition, which is free and open source. A commercial Advanced edition with additional features is also available separately. The tool works by receiving traffic information from the network in several standard formats: NetFlow (a protocol from Cisco routers), IPFIX, sFlow, or direct port mirroring where a copy of every packet is sent to the monitoring server. Each format is a different way that routers and switches can report what traffic is passing through them. FastNetMon processes that information at high speed and compares it against configurable thresholds you set for packets per second, bytes per second, or flows per second. When a threshold is crossed, the tool can take several actions: send you an email notification, run a custom script, or announce the affected IP address to your routers via BGP (a routing protocol) so the routers automatically stop forwarding traffic to that IP. This last option is a common way to drop a DDoS attack at the network edge. Detection happens within one to two seconds of the attack starting. The tool integrates with standard monitoring and data infrastructure: Prometheus, Grafana, InfluxDB, Graphite, Kafka, Redis, ClickHouse, and MongoDB. Hardware vendor integrations for Juniper, A10 Networks, and MikroTik are included. IPv6 is fully supported. Installation packages are available for Linux, macOS via Homebrew, and FreeBSD.

Copy-paste prompts

Prompt 1
Show me how to configure FastNetMon to receive sFlow from a MikroTik router and send an email alert when any IP hits 500 Mbps inbound.
Prompt 2
How do I set up FastNetMon to automatically announce a victim IP to BGP peers using ExaBGP when an attack is detected?
Prompt 3
Write a FastNetMon notify script that fires when an attack starts and adds a null-route firewall rule on a Linux host.
Prompt 4
How do I connect FastNetMon to Prometheus and Grafana to visualize per-IP traffic trends in real time?
Prompt 5
What is the difference between FastNetMon Community Edition and the commercial Advanced edition?

Frequently asked questions

What is fastnetmon?

A high-speed network monitoring tool that detects DDoS attacks within one to two seconds by watching traffic from routers and automatically sending alerts or announcing attacked IPs to BGP peers for instant blocking.

What language is fastnetmon written in?

Mainly C++. The stack also includes C++, NetFlow, sFlow.

How hard is fastnetmon to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is fastnetmon for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub pavel-odintsov on gitmyhub

Verify against the repo before relying on details.