Date: Tue, 18 Jan 2005 12:36:15 +0300 From: dima <_pppp@mail.ru> To: Andrew McNaughton <andrew@scoop.co.nz> Cc: freebsd-isp@freebsd.org Subject: Re: Monitoring traffic volumes by country Message-ID: <E1CqpmZ-000Ebc-00._pppp-mail-ru@f9.mail.ru> In-Reply-To: <20050118204636.K9021@a2.scoop.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
> Can anyone suggest a tool that can collect statistics on traffic volumes > by the country of the remote host. That on its own would go a long way > for me, but if it coulod also break down on incoming vs outgoing traffic > and by local port number that would be ideal. NetFlow is the "ideal" solution for you. The best solution for FreeBSD would be ng_netflow kernel module since all the other implementations (softflowd, fprobe, ntop etc) use pcap which is a quite CPU-consuming way. You can: 1) force collector to aggregate traffic by source AS and find out autonomous system to country relation somehow; 2) aggregate traffic by source IP and make the IP address to country resolution with GeoIP. > > I figure someone must have built something like this already, probably > using something along the lines of the GeoIP service to do IP -> country > code lookups. > > Any suggestions? > > Andrew McNaughton
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1CqpmZ-000Ebc-00._pppp-mail-ru>