Monitoring traffic volumes by country

Andrew McNaughton andrew at scoop.co.nz
Tue Jan 18 03:05:42 PST 2005


On Tue, 18 Jan 2005, dima wrote:

> Date: Tue, 18 Jan 2005 12:36:15 +0300
> From: dima <_pppp at mail.ru>
> To: Andrew McNaughton <andrew at scoop.co.nz>
> Cc: freebsd-isp at freebsd.org
> Subject: Re: Monitoring traffic volumes by country
> 
>> Can anyone suggest a tool that can collect statistics on traffic volumes
>> by the country of the remote host.  That on its own would go a long way
>> for me, but if it coulod also break down on incoming vs outgoing traffic
>> and by local port number that would be ideal.
> NetFlow is the "ideal" solution for you.
> The best solution for FreeBSD would be ng_netflow kernel module
> since all the other implementations (softflowd, fprobe, ntop etc)
> use pcap which is a quite CPU-consuming way.
>
> You can:
> 1) force collector to aggregate traffic by source AS
>   and find out autonomous system to country relation somehow;
> 2) aggregate traffic by source IP and make the IP address to country resolution with GeoIP.


Where does the CPU time go with pcap?  Is it in the kernal or in userland?

I suspect that for my current needs I can live with a bit of CPU load, 
but am not sure where to expect to look for it  to turn up.

Andrew


--

The United States is committed to the worldwide elimination of
torture and we are leading this fight by example."
   - George Bush, 26 June 2003

-------------------------------------------------------------------
Andrew McNaughton           Living in a shack in Tasmania
andrew at scoop.co.nz          Between the bush and the sea

Mobile: +61 422 753 792     http://staff.scoop.co.nz/andrew/cv.doc
                             http://www.scoop.co.nz/



More information about the freebsd-isp mailing list