From owner-freebsd-questions@FreeBSD.ORG  Tue Oct  9 19:00:00 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id CF6E3E91
 for <freebsd-questions@freebsd.org>; Tue,  9 Oct 2012 19:00:00 +0000 (UTC)
 (envelope-from mokomull@gmail.com)
Received: from mail-ie0-f182.google.com (mail-ie0-f182.google.com
 [209.85.223.182])
 by mx1.freebsd.org (Postfix) with ESMTP id 958378FC16
 for <freebsd-questions@freebsd.org>; Tue,  9 Oct 2012 19:00:00 +0000 (UTC)
Received: by mail-ie0-f182.google.com with SMTP id k10so16003453iea.13
 for <freebsd-questions@freebsd.org>; Tue, 09 Oct 2012 11:59:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=LmQ+V6y09Rs04J0ClVIjN9LiW3HPvBokQvmXyK6Gfl4=;
 b=Am0Nel3ZTpQqfh2cofowz104F8GzhnL4GRHR3WGmb0tOQIMUgK931wZaD2ofA/aHwj
 xvM/xuLb5AQi/GTndDIEulujBWpuSYd/hD7kIk9eWQHhM4dfumD5WrppL1HyWvkilCKB
 pnX6uzhpNnt1Lo5lImuEYjlJahCW7qtZnHuup7FxENjksE1XYHbGqPKHGRHJWimyf3UN
 ttjy78/v/hgis/qM58U3IjknEu4F6xqZ4coWbCrM+E0/UdlFwtY3RV/XeXwDtPxx6dQO
 Nzgm1sBApKuYw6BtKvwTKQfdjwvZg9jJYNsynxb1x8la0Ni1YXUmLL4njaDHF+E+PAyb
 1zXQ==
MIME-Version: 1.0
Received: by 10.50.13.138 with SMTP id h10mr2787034igc.55.1349809199707; Tue,
 09 Oct 2012 11:59:59 -0700 (PDT)
Received: by 10.231.252.28 with HTTP; Tue, 9 Oct 2012 11:59:59 -0700 (PDT)
In-Reply-To: <50744B51.20302@ifdnrg.com>
References: <50744B51.20302@ifdnrg.com>
Date: Tue, 9 Oct 2012 11:59:59 -0700
Message-ID: <CAPyT1SHzfYbOti_jmZ8vyaSyGM97x=L1_ej17t3k7HLc1ayWAQ@mail.gmail.com>
Subject: Re: Netflow capture question
From: Matt Mullins <mokomull@gmail.com>
To: Paul Macdonald <paul@ifdnrg.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: FreeBSD <freebsd-questions@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Oct 2012 19:00:00 -0000

On Tue, Oct 9, 2012 at 9:05 AM, Paul Macdonald <paul@ifdnrg.com> wrote:
> I don't have direct access to the router this is going via, will netflow,
> flowcapture allow me to monitor traffic ( by port/protocol etc) straight off
> the NIC?

flow-capture simply receives NetFlow data and stores it to disk.
You'll need to use that in combination with softflowd to listen for
raw packets on the NIC and generate the NetFlow information.

I highly suggest the book "Network Flow Analysis" by Michael Lucas if
you want to pursue this route; it's especially worth it if you're
going to leave this system around for long-term analysis.
--
Matt Mullins