What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags

View all Tags

ISP / Hosting Company Needs...




We are evaluating PRTG for our monitoring needs. We are a hosting company that will have approximately 1000 servers, and even though i have been able to setup basic stuff on PRTG, i have not been able to find all the information I need.

Please let me know if there are answers to the following questions:

1. Related to Custom Netflow/SNMP Sensors. 1.1 Is there a KB article that can explain how to add these types of sensors? 1.2 Are the sensors "exportable"? If so, is there any sample configuration for one of these sensors? 1.3 Are there any videos on how to create these? I have searched, so far nothing.

2. Related to Detecting Network Attacks. I am planning to have PRTG monitor the activity at the perimeter of our network, we will be pushing some 60Gbps of traffic, and it is Imperative that we have visibility into the network, as far as attacks go.

2.1 Is there any documentation that covers how to detect SYN Flood attacks? 2.2 Is there any documentation that covers how to detect DOS attacks? 2.3 Is there any documentation that covers how to detect DDoS attacks?

With this i can work and hopefuly decide if this is what we are looking for.



attacks ddod display dos hosting isp

Created on Oct 7, 2015 4:45:35 PM

3 Replies




1.1 In each sensor manual you can find detailed information about how to add sensors and what are the requirements

1.2 Can you please explain in few more details what you mean with "exportable"?

1.3 Please have a look at this video tutorial regarding the bandwidth monitoring with Flows and Packet Sniffing.

Please have a look at this video tutorial regarding the SNMP Custom sensor.

2.0-2.3 This is possible using a Packet Sniffer sensor or Flow sensors. For more details please have a look at this article.

Created on Oct 12, 2015 11:26:34 AM by  [email protected]



Hi Jochen,

I'm aware of the sniffing sensors, and i have configures many SPAN and RSPAN sessions for the police, etc however, please keep in mind the following:

1. We will be pushing around 60 Gb/s of traffic at any given time over the network.

2. All this traffic will be Exiting our network over an etherchannel between our Core and Distribution.

3. We do not really want to monitor the edge because we will be a transit system.

4. We want to monitor the traffic once its in our core network.

Network scenario.

Router A: This router handles all the BGP, ISP, Peering and the etherchannel to the Distribution of our network Router B: This router handles all the L3 functionality and has as its ONLY exit, the etherchannel to Router A. The Router B will Always send all its traffic out to Router A, and will receive all the incoming traffic from Router A as well.

Given this situation, we cant expect to SPAN or RSPAN that about of traffic (60Gb/s) at least. I would like to know what would you advise on this particular scenario.

If you need a network diagrram, i can create one and provide a link to it, if it makes things easier. Again, thanks for your time.


Created on Oct 13, 2015 3:27:28 AM



Hello Foster,

Using netflow (or sflow, jflow, ipfix) for traffic analysis will work fine in a 10G environment but it´s not build to analyse 60gb/s traffic. However, the netflow sensors and the packet sniffer sensor work differently: they don't send out queries. Rather, they passively wait for the flow data or the traffic to arrive, and then analyse it.

For netflow, since you can define a sampling rate, you can configure the switches to send less netflow data, if it turns out to be a problem in an 10G network. So flow sensors are also fine with 10G.

However, the packet sniffer is a special case: it receives a copy of *every* packet, so it is possible to overload a PRTG server by sending it too much traffic. The PRTG server (or the machine with the remote probe) has to not only receive and processes every packet on its NIC - it also needs to evaluate the contents of the packet to create the results for the sensor, which creates a heavy load on the server.

Paessler simply doesn't focus on in-line deep-level packet inspection -- it's just not a feature that we offer. The PRTG packet sniffer was never meant as a competitor for packet inspection tools. Rather, it's meant for customers who want information similar to netflow but who don't have netflow available. For this reason, we also don't test our packet sniffer at 10G.

Created on Oct 15, 2015 5:49:33 PM by  [email protected]

Last change on Oct 15, 2015 5:50:57 PM by  [email protected]

Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.