From www.kitploit.com
FastNetMon – A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines (NetFlow, IPFIX, sFlow, AF_PACKET, SnabbSwitch, netmap, PF_RING (obsoleted), PCAP).
What do we do?
We detect hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows, per second and perform a configurable action to handle that event. These configurable actions include notifying you, switching off the server, or blackholing the client.
Flow is one or more ICMP, UDP, or TCP packets which can be identified via their unique src IP, dst IP, src port, dst port, and protocol fields.
Integration with flow systems
At a very high level integration with FastNetMon is fairly simple. In both cases the work flow is the same and the main difference being the port numbers provided. The port numbers are configurable.