PF + ALTQ - Bandwidth per customer

David Roseman david_5073 at
Sat Dec 13 05:29:16 PST 2008

Well, have you run tcpdump on a network with 200Mb/s? The function is 
performed in the kernel, so its a lot more efficient than tcpdump.

The monitor sorts by usage, so you can see which connection, IP or MAC
is using the most traffic. When you're getting DOS attacked or have a worm
you can find your problems instantly. It doesn't show each packet; it 
provides a listing of each connection, sorted from high to low usage. You
can also use rules as filters, so you can quickly create complex filters.

Turning tcpdump on a production shaper isn't an option.


--- On Mon, 12/1/08, Stanislav Sedov <stas at> wrote:

> From: Stanislav Sedov <stas at>
> Subject: Re: PF + ALTQ - Bandwidth per customer
> To: david_5073 at
> Cc: freebsd-isp at, "Sebastian Tymków" <sebastian.tymkow at>, "Marcello Barreto" <marcello at>, freebsd-pf at
> Date: Monday, December 1, 2008, 5:23 PM
> Hash: SHA1
> On Sat, 29 Nov 2008 08:26:57 -0800 (PST)
> David Roseman <david_5073 at> mentioned:
> > It also has a traffic monitor that is indispensable in
> tracking down 
> > DOS attacks, worms and out of control servers. I'd
> pay $500. just for the monitor. I have a problem, I fire up
> the monitor and bingo, I find the 
> > problem. I think you can buy the lowest priced license
> and still use the
> > monitor and gather statistics no matter how large your
> network is.
> > 
> How does this traffic monitor differ from tcpdump? From
> pictures it looks like
> just a web-interface for tcpdump and nothing more...
> - -- 
> Stanislav Sedov
> ST4096-RIPE
> =jnfa
> _______________________________________________
> freebsd-isp at mailing list
> To unsubscribe, send any mail to
> "freebsd-isp-unsubscribe at"


More information about the freebsd-isp mailing list