FastNetMon Advanced has comprehensive support for variety of telemetry protocols and it may not be easy to find out protocol which is the best in your particular case
You can find full table with all vendors and telemetry protocols supported by FastNetMon, recommended protocols highlighted by star:
| Port Mirror | Netfow v9 | IPFIX | IPFIX 315 | sFlow v5 | Vendor specific | |
| Juniper MX | Yes | Yes | Yes | Yes ⭐ | Yes, has issues | |
| Juniper PTX | Yes | Yes | Yes | Yes ⭐ | Yes | |
| Juniper EX, QFX | Yes | No | No | No | Yes ⭐ | |
| Nokia SR | Yes | Yes | Yes | Yes ⭐ | Yes ⭐ | SHIM ⭐ |
| Cisco ASR 1000 | No | Yes | Yes | No | No | |
| Cisco ASR 9000 | Yes | Yes | Yes | Yes ⭐ | Yes ⭐ | |
| Cisco Nexus | Yes | No | No | No | Yes ⭐ | |
| Arista | Yes | Yes | Yes | No | Yes ⭐ | |
| Huawei | Yes | Yes | Yes | No | Yes ⭐ | |
| Extreme | Yes | No | No | No | Yes | |
| Mikrotik | No | Yes ⭐ | Yes ⭐ | No | No | |
| OcNOS | Yes | No | No | No | Yes ⭐ | |
| VyOS | No | No, buggy | No, buggy | No | Yes ⭐ | |
| Netgate TNSR | No | No | Yes ⭐ | No | No | |
| A-10 Networks | No | Yes ⭐ | Yes ⭐ | No | No | |
| Amazon AWS | No | No | No | No | No | VPC Flow Logs |
| Google Cloud | No | No | No | No | No | VPC Flow Logs |
According to this page we can make conslusions:
- If your support supports IPFIX 315 (also known as ie315 and inline monitoring services) then it's the best protocol for DDoS detection
- If your platform supports sFlow then it's second best protocol for DDoS detection
Port mirror is fully supported by FastNetMon but we recommend it only in cases when no other options are available due to complexity of operations