Brief overview of CoMo

CoMo (Continuous Monitoring) is a system for capturing network traffic at multi-Gbps speeds.

export relevant metrics computed in real time:
traffic and flow counts, top N flows, etc.;

store at least the last 24 hours of packet level traces:
useful for after-the-fact troubleshooting.

support high level queries to ease traffic analysis:
under attack, we don't have time to write queries in C