Monitoring traffic volumes by country
dima
_pppp at mail.ru
Tue Jan 18 01:36:16 PST 2005
> Can anyone suggest a tool that can collect statistics on traffic volumes
> by the country of the remote host. That on its own would go a long way
> for me, but if it coulod also break down on incoming vs outgoing traffic
> and by local port number that would be ideal.
NetFlow is the "ideal" solution for you.
The best solution for FreeBSD would be ng_netflow kernel module
since all the other implementations (softflowd, fprobe, ntop etc)
use pcap which is a quite CPU-consuming way.
You can:
1) force collector to aggregate traffic by source AS
and find out autonomous system to country relation somehow;
2) aggregate traffic by source IP and make the IP address to country resolution with GeoIP.
>
> I figure someone must have built something like this already, probably
> using something along the lines of the GeoIP service to do IP -> country
> code lookups.
>
> Any suggestions?
>
> Andrew McNaughton
More information about the freebsd-isp
mailing list