Date: Sat, 13 Dec 2008 05:29:15 -0800 (PST) From: David Roseman <david_5073@yahoo.com> To: Stanislav Sedov <stas@FreeBSD.org> Cc: freebsd-isp@freebsd.org, =?iso-8859-1?Q?Sebastian_Tymk=F3w?= <sebastian.tymkow@gmail.com>, Marcello Barreto <marcello@linconet.com.br> Subject: Re: PF + ALTQ - Bandwidth per customer Message-ID: <282383.15620.qm@web38502.mail.mud.yahoo.com> In-Reply-To: <20081202012350.5f2415f3.stas@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Well, have you run tcpdump on a network with 200Mb/s? The function is=20 performed in the kernel, so its a lot more efficient than tcpdump. The monitor sorts by usage, so you can see which connection, IP or MAC is using the most traffic. When you're getting DOS attacked or have a worm you can find your problems instantly. It doesn't show each packet; it=20 provides a listing of each connection, sorted from high to low usage. You can also use rules as filters, so you can quickly create complex filters. Turning tcpdump on a production shaper isn't an option. David --- On Mon, 12/1/08, Stanislav Sedov <stas@FreeBSD.org> wrote: > From: Stanislav Sedov <stas@FreeBSD.org> > Subject: Re: PF + ALTQ - Bandwidth per customer > To: david_5073@yahoo.com > Cc: freebsd-isp@freebsd.org, "Sebastian Tymk=F3w" <sebastian.tymkow@gmail= .com>, "Marcello Barreto" <marcello@linconet.com.br>, freebsd-pf@freebsd.or= g > Date: Monday, December 1, 2008, 5:23 PM > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > On Sat, 29 Nov 2008 08:26:57 -0800 (PST) > David Roseman <david_5073@yahoo.com> mentioned: > > It also has a traffic monitor that is indispensable in > tracking down=20 > > DOS attacks, worms and out of control servers. I'd > pay $500. just for the monitor. I have a problem, I fire up > the monitor and bingo, I find the=20 > > problem. I think you can buy the lowest priced license > and still use the > > monitor and gather statistics no matter how large your > network is. > >=20 >=20 > How does this traffic monitor differ from tcpdump? From > pictures it looks like > just a web-interface for tcpdump and nothing more... >=20 > - --=20 > Stanislav Sedov > ST4096-RIPE > -----BEGIN PGP SIGNATURE----- >=20 > iEYEARECAAYFAkk0Y/sACgkQK/VZk+smlYFIMgCePZdDAbMJRrH/L7uvrTDoPGk6 > LfYAn1BWfBBDyTTmALteVUEFcxfMvOib > =3Djnfa > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to > "freebsd-isp-unsubscribe@freebsd.org"=0A=0A=0A
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?282383.15620.qm>