The DDoS detection tool
NANOG operators are switching to.
NANOG 97 brings together North America's top ISPs, carriers, and network engineers. If automated BGP FlowSpec and sub-second detection are on your shortlist, Flowtriq is $9.99/node/month — no dedicated server, no NetFlow infrastructure, no enterprise sales process.
Built for the NANOG community
The same operators who debate BGP policy at NANOG are using Flowtriq to automate their DDoS response.
The pricing reality
What FastNetMon actually costs in 2026
FastNetMon's LiveView dashboard ($70/user/month) launched April 2026 — on top of their $115+/month Advanced license. Here's the real total for a NOC team.
Advanced license (10G): $115/month. LiveView dashboard: $70 × 3 users. Dedicated server: ~$100/month.
FastNetMon
- $115/mo base + $70/user/mo dashboard
- Dedicated server required (~$60–150/mo)
- 30–60s latency via NetFlow
- No PCAP forensics
- Automated FlowSpec unreliable
- Trial by application — gated
Flowtriq — $9.99/node/month
- $9.99/node/month — unlimited users, dashboard included
- No dedicated server — runs on existing Linux hosts
- <1s detection — kernel-level, unsampled
- PCAP with pre-attack ring buffer
- Confidence-gated FlowSpec + auto-rollback
- 7-day free trial — no card, no application
Feature comparison
FastNetMon Advanced vs Flowtriq
The full technical breakdown for network engineers who need specifics.
| Capability | FastNetMon Advanced + LiveView | Flowtriq |
|---|---|---|
| Detection | ||
| Detection method | NetFlow / sFlow / IPFIX (sampled) | Kernel-level per-packet, unsampled |
| Detection latency | 30–60s | <1 second |
| Attack classification | Flood type only | 7 families + confidence score |
| L7 HTTP flood detection | L3/L4 only | Access log parsing |
| Botnet source flagging | No | 300+ known botnet sources |
| BGP & Mitigation | ||
| BGP RTBH blackhole | Yes | Yes |
| BGP FlowSpec | Advanced only | Included at $9.99/node |
| Automated FlowSpec | Manual (false positives block automation) | Confidence-gated + auto-rollback |
| BGP speaker support | ExaBGP, GoBGP | ExaBGP, GoBGP, BIRD 2, FRRouting |
| Detection → BGP in <2s | No | Yes |
| iptables / nftables / XDP | Script-based | 46 automated rule types |
| Forensics & Evidence | ||
| PCAP capture | Not available | Pre-attack ring buffer + analyzer |
| AI incident summaries | No | Yes |
| Hash-chained audit log | No | SHA-256 |
| Operations | ||
| Web dashboard | +$70/user/mo | Included, unlimited users |
| REST API + Terraform | API Advanced only; no Terraform | Both included |
| Prometheus metrics | Advanced only | 15+ metric families |
| Dedicated server required | Yes (~$60–150/mo) | No |
| Setup time | Hours | 60s: pip install ftagent |
Technical architecture
How Flowtriq works
For network engineers who need to understand the stack before trusting it with production traffic.
Kernel-level capture
AF_PACKET + BPF — every packet header, unsampled, at line rate. No NetFlow infrastructure. No router changes required.
EWMA dynamic baselines
Per-node baselines via EWMA. Auto-learns in ~5 minutes. No manual thresholds. Handles diurnal patterns and traffic growth without false positives.
Confidence-gated FlowSpec
FlowSpec fires only above a confidence threshold. Auto-rollback on confidence drop. Supports ExaBGP, GoBGP, BIRD 2, FRRouting.
PCAP ring buffer
Rolling pre-attack buffer. At incident declaration, the buffer is flushed and attached — packet-level evidence from before the attack peaked.
Lightweight agent
<30 MB RAM, <0.1% CPU idle. systemd service. Any Linux kernel ≥ 3.10. No DPDK, no PF_RING, no kernel module.
Multi-tenancy
Workspace-based RBAC (Owner, Admin, Analyst, Readonly). ISPs manage customer nodes under separate workspaces with isolated alerting and reporting.
Deploy before NANOG 97 — no application required
7 days full access. No credit card. No bandwidth questionnaire. Ship on any Linux server you already operate in 60 seconds.