From owner-freebsd-isp@FreeBSD.ORG  Sat Dec 13 13:29:16 2008
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2D8D31065677
	for <freebsd-isp@freebsd.org>; Sat, 13 Dec 2008 13:29:16 +0000 (UTC)
	(envelope-from david_5073@yahoo.com)
Received: from web38502.mail.mud.yahoo.com (web38502.mail.mud.yahoo.com
	[209.191.125.48])
	by mx1.freebsd.org (Postfix) with SMTP id E1DE08FC1A
	for <freebsd-isp@freebsd.org>; Sat, 13 Dec 2008 13:29:15 +0000 (UTC)
	(envelope-from david_5073@yahoo.com)
Received: (qmail 15639 invoked by uid 60001); 13 Dec 2008 13:29:15 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
	b=HseMj9D+UftYjQP6V2cOHHWukYF+deckPc46/uCbxS3G9uBqXbZYRNvzWNS8pOZCCUXWvbNpJeiLwP6f5SrdXBKBi3r2nG8FeC4AaA3nyT/mlswPEF1TkGyT/li040+RaFsYnfoQZog6CNjyjSEwW7SW1pju6MJpwpS5CaVF+JY=;
X-YMail-OSG: Hc4GC4sVM1nW0e2XbhC4kCGzsX0bcmMEfFJEPPefof_cHy6xgIKvHdYq0AlNoNTd92ikc_vvS8egKlY.98IDTXe.TLN7bnMPnev1z0sP8mlUA5Jtns7N9JWzauVLuN4yFQ4FTfNwwlWFXxKYdWKOHaiT3pMSJdssHDZmXlF9LNOBn3WafKPtN4CWZ7enZyJ0Eua.fI8Zb2JlfJ9YGqPlX3BDAgvKxnTX
Received: from [98.242.222.229] by web38502.mail.mud.yahoo.com via HTTP;
	Sat, 13 Dec 2008 05:29:15 PST
X-Mailer: YahooMailWebService/0.7.260.1
Date: Sat, 13 Dec 2008 05:29:15 -0800 (PST)
From: David Roseman <david_5073@yahoo.com>
To: Stanislav Sedov <stas@FreeBSD.org>
In-Reply-To: <20081202012350.5f2415f3.stas@FreeBSD.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Message-ID: <282383.15620.qm@web38502.mail.mud.yahoo.com>
Cc: freebsd-isp@freebsd.org,
	=?iso-8859-1?Q?Sebastian_Tymk=F3w?= <sebastian.tymkow@gmail.com>,
	Marcello Barreto <marcello@linconet.com.br>
Subject: Re: PF + ALTQ - Bandwidth per customer
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: david_5073@yahoo.com
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Dec 2008 13:29:16 -0000

Well, have you run tcpdump on a network with 200Mb/s? The function is=20
performed in the kernel, so its a lot more efficient than tcpdump.

The monitor sorts by usage, so you can see which connection, IP or MAC
is using the most traffic. When you're getting DOS attacked or have a worm
you can find your problems instantly. It doesn't show each packet; it=20
provides a listing of each connection, sorted from high to low usage. You
can also use rules as filters, so you can quickly create complex filters.

Turning tcpdump on a production shaper isn't an option.

David

--- On Mon, 12/1/08, Stanislav Sedov <stas@FreeBSD.org> wrote:

> From: Stanislav Sedov <stas@FreeBSD.org>
> Subject: Re: PF + ALTQ - Bandwidth per customer
> To: david_5073@yahoo.com
> Cc: freebsd-isp@freebsd.org, "Sebastian Tymk=F3w" <sebastian.tymkow@gmail=
.com>, "Marcello Barreto" <marcello@linconet.com.br>, freebsd-pf@freebsd.or=
g
> Date: Monday, December 1, 2008, 5:23 PM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> On Sat, 29 Nov 2008 08:26:57 -0800 (PST)
> David Roseman <david_5073@yahoo.com> mentioned:
> > It also has a traffic monitor that is indispensable in
> tracking down=20
> > DOS attacks, worms and out of control servers. I'd
> pay $500. just for the monitor. I have a problem, I fire up
> the monitor and bingo, I find the=20
> > problem. I think you can buy the lowest priced license
> and still use the
> > monitor and gather statistics no matter how large your
> network is.
> >=20
>=20
> How does this traffic monitor differ from tcpdump? From
> pictures it looks like
> just a web-interface for tcpdump and nothing more...
>=20
> - --=20
> Stanislav Sedov
> ST4096-RIPE
> -----BEGIN PGP SIGNATURE-----
>=20
> iEYEARECAAYFAkk0Y/sACgkQK/VZk+smlYFIMgCePZdDAbMJRrH/L7uvrTDoPGk6
> LfYAn1BWfBBDyTTmALteVUEFcxfMvOib
> =3Djnfa
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to
> "freebsd-isp-unsubscribe@freebsd.org"=0A=0A=0A