samplicator
FastNetMon
samplicator | FastNetMon | |
---|---|---|
11 | 8 | |
382 | 3,345 | |
- | - | |
0.0 | 8.9 | |
8 months ago | 17 days ago | |
C | C++ | |
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
samplicator
-
Forward SNMP traps using snmptrapd without changing the source IP?
However, if the SNMP traps happen over UDP (and I think they do, SNMP generally travels over UDP) you can use something like samplicator to receive and re-send the traps while spoofing an IP address. The -S flag tells it which IP address to spoof.
- UDP Directors?
- How do you force local DNS server usage?
-
Help: UDP proxy/relay to multiple destinations
This tool should help with the UDP duplication beyond the two target challenge with iptables: https://github.com/sleinen/samplicator - still, some additional details on the app/data being transmitted would help; data actually push only? Did you verify that targets other than the original host would correctly interpret the data?
- Help: UDP relay/proxy to multiple destinations
-
Network Hub (not switch)
You could also flip this idea on its head and point the feed at something which will replicate the packets to both the endpoints, like samplicator, which you could run on one or the other of the servers if you wanted. I use this sometimes to replicate netflow or syslog data. It does create a bit more dependency chaining, but is simple and basically 'free'.
-
Multiple Netflow Export Destinations from Fortigate
I can't say for sure on the Fortigate, but I use Samplicator for duplicating flows to more collectors than my equipment can export to.
-
Samplicator
Samplicator is a simple tool for receiving UDP datagrams on a given port and resending them to a specified set of receivers for occasions when you need to export NetFlow traffic to more than one NetFlow collector. Can also be configured to individually specify a sampling divisor N for each receiver that will only receive one in N of the received packets. crankynetadmin adds, "It's normally used for replicating netflow data, but can also replicate any UDP traffic."
- Service/app to rebroadcast/relay WOL packets?
-
nfsen vs fastnetmon for sFlow and DDoS monitoring
As another commented mentioned we use Samplicator. Works for lots of different UDP traffic.
FastNetMon
- Versatile open source toolkit to detect volumetric DDoS attacks
-
A DDoS attack with unknown scr and dst port.
If you have a BGP peering with you ISP/upstream provider, ask them if they have a blackhole community you can broadcast to. Usually they are ASN:666. The only downside is you would only be able to advertise your IP address to that, essentially killing your internet (if that's your only IP) as long as the block is up. We usually set our filter to 15 minutes and most attackers give up after that. At this level, you probably would have your own ASN with a small range and could potentially use something like FastNetMon (https://fastnetmon.com) to automatically advertise and remove IPs from the community.
-
Processing netwflow data
Have you looked at fastnetmon ? It's freemium and It looks like the commercial version would work you, but I think the community edition is aslo worth a look. It's primary function is to detect DDOS attacks, but it can export data in ways that might be useful to you.
- Got shaken down today.
- FastNetMon – DDoS Sensor with SFlow/Netflow/Ipfix/Span Support
-
WAN Attacks is it just whack-a-mole?
To mitigate DoS attacks means you need information - preferably before the users start screaming. Running sampling on your edge router with something like Fastnetmon will give you alerting of a probable DDoS attack before it becomes a significant problem.
-
fastnetmon notify_about_attack.sh question
notify_about_attack.sh https://github.com/pavel-odintsov/fastnetmon/blob/master/src/notify_about_attack.sh
- nfsen vs fastnetmon for sFlow and DDoS monitoring
What are some alternatives?
rtlmuxer - rtl_tcp stream splitter
ElastiFlow - Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack
dump1090 - Dump1090 is a simple Mode S decoder for RTLSDR devices
ntopng - Web-based Traffic and Security Network Traffic Monitoring
DupUDP - simple python script for duplicating UDP traffic
pmacct - pmacct is a small set of multi-purpose passive network monitoring tools [NetFlow IPFIX sFlow libpcap BGP BMP RPKI IGP Streaming Telemetry].
statsd_exporter - StatsD to Prometheus metrics exporter
Mikrotik-RouterOS-automatic-backup-and-update - Script sends backups to email and keep your mikrotik firmware up to date.
softflowd - softflowd: A flow-based network traffic analyser capable of Cisco NetFlow data export software.
vFlow - Enterprise Network Flow Collector (IPFIX, sFlow, Netflow)
ostinato - Ostinato - Packet/Traffic Generator and Analyzer
panoptes-stream - A cloud native distributed streaming network telemetry.