Nefarious Internet activity (e.g. distributed denial of service (DDoS) attacks) has been rapidly growing both in frequency of occurrence and magnitude. Network monitoring and traffic analysis at the time-of-onset of anomalies or attacks is essential to their prevention and mitigation. We developed an open source architecture, referred to as AMON (All-packet MONitor), for online monitoring and analysis of multi-gigabit network streams. It utilizes the high-performance packet monitor PF RING in zero-copy mode and is readily deployable on commodity hardware. AMON examines all packets passing through the interface, partitions traffic into sub-streams by using rapid hashing and computes certain real-time statistical summaries for each sub-stream. The resulting data structures provide views of the intensity and connectivity structure of the network traffic at the time-scale of routing. We demonstrate our framework in the context of detection/identification of heavy-hitters as well as the visualization and statistical detection of high-connectivity events such as DDoS. This allows network operators to quickly visualize and detect network attacks and limit offline and time-consuming post-mortem analysis. AMON has been deployed and is currently processing 10Gbps+ live Internet traffic at Merit Network. It is extensible and allows the addition of further data products, statistical, and filtering modules for real-time forensics.