thank you so much, the graph in Monitoring section was exactly what I was looking for.

ntop going to be your choice for something like that, or just a sniff.

@mikhailcompo

And that is NOT an in-addr.arp domain now is it!! So no that is not going to work..

Create your 168.192.in-addr.arpa domain override if your AD has its reverse zone setup and responds for whatever 192.168 network your using.

If your using 172.16.1 then create that

1.16.172.in-addr.arpa

I agree, how can we make this work?

It removes it.

Basically the new ntopng removed the ability to disable alerts via the command line, so if you had that option checked in the ntop settings, it would cause everything else to act up.

The interfaces you chose and the local networks would be ignored.

This patch just removes the command line flag from being generated.

ntopng update to v0.8.12 resolved the issue. Thank you!

just wondering if there is any way to upgrade this to the full non community version I need its full functionality for a school I work for

If it spiked to 12MB, compression would NOT at play…intuitively, you should have grasped that it seems!

If I had to guess, it's because the FreeBSD port of ntopng is likely the open source/community version, which probably doesn't have a way to support a commercial license. You'd need to get the ntop folks to create a pfSense package for their commercial version that could be installed in order to use a paid license.

Of course, they'd say "Why are you running this on a router/firewall?", and they'd probably try to direct you to their ARM versions, even though pfSense runs on Intel/AMD CPUs (with the exception of the newer Netgate produced devices; SG-1000 and SG-3100 are both ARM devices).