Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 19 Jan 2005 00:05:40 +1300 (NZDT)
From:      Andrew McNaughton <andrew@scoop.co.nz>
To:        dima <_pppp@mail.ru>
Cc:        freebsd-isp@freebsd.org
Subject:   Re: Monitoring traffic volumes by country
Message-ID:  <20050118233707.W9021@a2.scoop.co.nz>
In-Reply-To: <E1CqpmZ-000Ebc-00._pppp-mail-ru@f9.mail.ru>
References:  <E1CqpmZ-000Ebc-00._pppp-mail-ru@f9.mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 18 Jan 2005, dima wrote:

> Date: Tue, 18 Jan 2005 12:36:15 +0300
> From: dima <_pppp@mail.ru>
> To: Andrew McNaughton <andrew@scoop.co.nz>
> Cc: freebsd-isp@freebsd.org
> Subject: Re: Monitoring traffic volumes by country
> 
>> Can anyone suggest a tool that can collect statistics on traffic volumes
>> by the country of the remote host.  That on its own would go a long way
>> for me, but if it coulod also break down on incoming vs outgoing traffic
>> and by local port number that would be ideal.
> NetFlow is the "ideal" solution for you.
> The best solution for FreeBSD would be ng_netflow kernel module
> since all the other implementations (softflowd, fprobe, ntop etc)
> use pcap which is a quite CPU-consuming way.
>
> You can:
> 1) force collector to aggregate traffic by source AS
>   and find out autonomous system to country relation somehow;
> 2) aggregate traffic by source IP and make the IP address to country resolution with GeoIP.


Where does the CPU time go with pcap?  Is it in the kernal or in userland?

I suspect that for my current needs I can live with a bit of CPU load, 
but am not sure where to expect to look for it  to turn up.

Andrew


--

The United States is committed to the worldwide elimination of
torture and we are leading this fight by example."
   - George Bush, 26 June 2003

-------------------------------------------------------------------
Andrew McNaughton           Living in a shack in Tasmania
andrew@scoop.co.nz          Between the bush and the sea

Mobile: +61 422 753 792     http://staff.scoop.co.nz/andrew/cv.doc
                             http://www.scoop.co.nz/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050118233707.W9021>