Fastnetmon - Sanity check
- Chandrasekar Kannan
Owned by Chandrasekar Kannan
# Generate sample data with nping.. [root@localhost ~]# nping -c 100000 --tcp -p 80,433 20.20.20.178 Starting Nping 0.6.47 ( http://nmap.org/nping ) at 2015-07-07 14:45 PDT SENT (0.0089s) TCP 20.20.20.1:19853 > 20.20.20.178:80 S ttl=64 id=20020 iplen=40 seq=980459948 win=1480 RCVD (0.0092s) ICMP [20.20.20.178 > 20.20.20.1 Destination host 20.20.20.178 administratively prohibited (type=3/code=10) ] IP [ttl=64 id=44494 iplen=68 ] SENT (1.0092s) TCP 20.20.20.1:19853 > 20.20.20.178:433 S ttl=64 id=20020 iplen=40 seq=980459948 win=1480 RCVD (1.0096s) ICMP [20.20.20.178 > 20.20.20.1 Destination host 20.20.20.178 administratively prohibited (type=3/code=10) ] IP [ttl=64 id=44832 iplen=68 ] SENT (2.0106s) TCP 20.20.20.1:19853 > 20.20.20.178:80 S ttl=64 id=20020 iplen=40 seq=980459948 win=1480 RCVD (2.0109s) ICMP [20.20.20.178 > 20.20.20.1 Destination host 20.20.20.178 administratively prohibited (type=3/code=10) ] IP [ttl=64 id=45231 iplen=68 ] SENT (3.0121s) TCP 20.20.20.1:19853 > 20.20.20.178:433 S ttl=64 id=20020 iplen=40 seq=980459948 win=1480 Â [root@CloudRouter ~]# yum -y install fastnetmon Yum command has been deprecated, redirecting to '/usr/bin/dnf -y install fastnetmon'. See 'man dnf' and 'man yum2dnf' for more information. To transfer transaction metadata from yum to DNF, run: 'dnf install python-dnf-plugins-extras-migrate && dnf-2 migrate' Last metadata expiration check performed 0:02:58 ago on Tue Jul 7 19:16:47 2015. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: fastnetmon x86_64 1.1.2-1.fc22 cloudrouter 198 k Transaction Summary ================================================================================ Install 1 Package Total download size: 198 k Installed size: 646 k Downloading Packages: fastnetmon-1.1.2-1.fc22.x86_64.rpm 345 kB/s | 198 kB 00:00 -------------------------------------------------------------------------------- Total 344 kB/s | 198 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Installing : fastnetmon-1.1.2-1.fc22.x86_64 1/1 [78891.325745] systemd-sysv-generator[9165]: Overwriting existing symlink /run/systemd/generator.late/network.service with real service [78891.335650] systemd-sysv-generator[9165]: Overwriting existing symlink /run/systemd/generator.late/netconsole.service with real service Verifying : fastnetmon-1.1.2-1.fc22.x86_64 1/1 Installed: fastnetmon.x86_64 1.1.2-1.fc22 Complete! # systemctl enable fastnetmon # systemctl start fastnetmon ## Edit /etc/fastnetmon.conf ########################################################## # Pcap mode, very slow not suitable for production pcap = on # Netflow capture method with v5, v9 and IPFIX suppotr netflow = on # sFLOW capture suitable for switches sflow = on # Configuration for netmap, mirror, pcap modes # For pcap and PF_RING we could specify "any" # For netmap and PF_RING we could specify multiple interfaces separated by comma interfaces = ens3 ####################################################### # systemctl restart fastnetmon #fastnetmon_client FastNetMon - DoS/DDoS analyzer with sflow/netflow/mirror support...[87674.913749] device ens3 entered promiscuoFastNetMon v1.0 FastVPS Eesti OU (c) VPS and dedicated: http://FastVPS.host IPs ordered by: packets Incoming traffic 1 pps 0 mbps 0 flows 20.20.20.178 0 pps 0 mbps 0 flows Outgoing traffic 1 pps 0 mbps 0 flows 20.20.20.178 0 pps 0 mbps 0 flows Internal traffic 0 pps 0 mbps Other traffic 2 pps 0 mbps PCAP statistics Received packets: 65 Dropped packets: 0 (0%) Dropped by driver or interface: 0 Screen updated in: 0 sec 167 microseconds Traffic calculated in: 0 sec 5 microseconds Total amount of not processed packets: 0 ##########################################################