Host tracking on LAN
-
Thank you.
Could you please tell me what packages, and where I can find them?
-
Does anyone else know what he’s talking about. Is there an addon to pfSense that shows the host data?
-
System–>Packages
bandwidthd or darkstat, also ntop might interrest you,
-
Thank you. That helped.
-
Is there a way to make PFSense track the amount of bandwidth each IP address uses? I have 253 external IP addresses behind my PFSense firewall running in transparent bridge mode. I am not using NAT for any of the machines. All of them have external IPs. I want to track how much bandwidth each IP is using so I can target which ones need to be managed better.
Any ideas on how to do this?
Thanks
Bob
-
Something is using the max amout of bandwith allowed on my system
When watching the bandwidth on my primary WAN I can see
something is using 30mbps yes 30 mbps. How can I find
this device and stop it? -
You can use pftop on console to monitor downloads in the "bytes" column, or ntop, darkstat, bandwithd for gui reporting, I would suggest setting up traffic shaper, there is an option to penalise users who go over a set down/up limit, although I havent played with this feature myself.
Slam
-
I tried ntop and its a great tool. I shows everything i can think of ever needing :D But, its using alot of cpu then crashes. I've seen some posts covering similar problems, but i dont understand. I am a n00b. ??? Does anyone know of a easy fix for this problem?
I get this when I try to run it.
$ ntop Thu Jan 29 09:45:32 2009 NOTE: Interface merge enabled by default Thu Jan 29 09:45:32 2009 Initializing gdbm databases Thu Jan 29 09:45:32 2009 ntop will be started as user nobody Thu Jan 29 09:45:32 2009 ntop v.3.3.8 Thu Jan 29 09:45:32 2009 Configured on Dec 4 2008 15:19:28, built on Dec 4 2008 15:19:59. Thu Jan 29 09:45:32 2009 Copyright 1998-2007 by Luca Deri <deri@ntop.org>Thu Jan 29 09:45:32 2009 Get the freshest ntop from http://www.ntop.org/ Thu Jan 29 09:45:32 2009 NOTE: ntop is running from 'ntop' Thu Jan 29 09:45:32 2009 NOTE: (but see warning on man page for the --instance parameter) Thu Jan 29 09:45:32 2009 NOTE: ntop libraries are in '/usr/local/lib' Thu Jan 29 09:45:32 2009 Initializing ntop Thu Jan 29 09:45:32 2009 No patterns to load: protocol guessing disabled. Thu Jan 29 09:45:32 2009 Checking bfe0 for additional devices Thu Jan 29 09:45:32 2009 Resetting traffic statistics for device bfe0 Thu Jan 29 09:45:32 2009 Initializing device bfe0 (0) Thu Jan 29 09:45:32 2009 DLT: Device 0 [bfe0] is 1, mtu 1514, header 14 Thu Jan 29 09:45:32 2009 Initializing gdbm databases Thu Jan 29 09:45:32 2009 VENDOR: Loading MAC address table. Thu Jan 29 09:45:32 2009 VENDOR: Checking for MAC address table file Thu Jan 29 09:45:32 2009 VENDOR: Loading newer file '/usr/local/etc/ntop/specialMAC.txt.gz' Thu Jan 29 09:45:32 2009 VENDOR: ...found 61 lines Thu Jan 29 09:45:32 2009 VENDOR: ...loaded 59 records Thu Jan 29 09:45:32 2009 VENDOR: Checking for MAC address table file Thu Jan 29 09:45:32 2009 VENDOR: Loading newer file '/usr/local/etc/ntop/oui.txt.gz' Thu Jan 29 09:45:32 2009 VENDOR: ...found 48541 lines Thu Jan 29 09:45:32 2009 VENDOR: ...loaded 7853 records Thu Jan 29 09:45:32 2009 Fingerprint: Loading signature file Thu Jan 29 09:45:32 2009 Fingerprint: Checking for Fingerprint file... file Thu Jan 29 09:45:32 2009 Fingerprint: Loading file '/usr/local/etc/ntop/etter.finger.os.gz' Thu Jan 29 09:45:32 2009 Fingerprint: ...loaded 0 records Thu Jan 29 09:45:32 2009 ASN: Checking for Autonomous System Number table file Thu Jan 29 09:45:32 2009 ASN: Loading file '/usr/local/etc/ntop/AS-list.txt.gz' Thu Jan 29 09:45:33 2009 ASN: ...found 111435 lines Thu Jan 29 09:45:33 2009 ASN: ....Used 3780 KB of memory (12 per entry) Thu Jan 29 09:45:33 2009 IP2CC: Checking for IP address <-> Country Code mapping file Thu Jan 29 09:45:33 2009 IP2CC: Loading file '/usr/local/etc/ntop/p2c.opt.table.gz' Thu Jan 29 09:45:34 2009 IP2CC: ...found 52395 lines Thu Jan 29 09:45:34 2009 Database support not compiled into ntop Thu Jan 29 09:45:34 2009 Initializing external applications Thu Jan 29 09:45:34 2009 THREADMGMT[t683676160]: SFP: Started thread for fingerprinting Thu Jan 29 09:45:34 2009 THREADMGMT[t683676416]: SIH: Started thread for idle hosts detection Thu Jan 29 09:45:34 2009 THREADMGMT[t683676672]: DNSAR(1): Started thread for DNS address resolution Thu Jan 29 09:45:34 2009 THREADMGMT[t683676928]: DNSAR(2): Started thread for DNS address resolution Thu Jan 29 09:45:34 2009 THREADMGMT[t683677184]: DNSAR(3): Started thread for DNS address resolution Thu Jan 29 09:45:34 2009 Calling plugin start functions (if any) Thu Jan 29 09:45:34 2009 SSL is present but https is disabled: use -W <https port="">for enabling it Thu Jan 29 09:45:34 2009 INITWEB: Initializing web server Thu Jan 29 09:45:34 2009 INITWEB: Initializing TCP/IP socket connections for web server Thu Jan 29 09:45:34 2009 INITWEB: Initialized socket, port 3000, address (any) Thu Jan 29 09:45:34 2009 INITWEB: Waiting for HTTP connections on port 3000 Thu Jan 29 09:45:34 2009 INITWEB: Starting web server Thu Jan 29 09:45:34 2009 THREADMGMT[t683677440]: INITWEB: Started thread for web server Thu Jan 29 09:45:34 2009 Listening on [bfe0] Thu Jan 29 09:45:34 2009 Loading Plugins Thu Jan 29 09:45:34 2009 Searching for plugins in /usr/local/lib/ntop/plugins Thu Jan 29 09:45:34 2009 CPACKET: Welcome to cPacket.(C) 2008 by Luca Deri Thu Jan 29 09:45:34 2009 ICMP: Welcome to ICMP Watch. (C) 1999-2005 by Luca Deri Thu Jan 29 09:45:34 2009 LASTSEEN: Welcome to Host Last Seen. (C) 1999 by Andrea Marangoni Thu Jan 29 09:45:34 2009 NETFLOW: Welcome to NetFlow.(C) 2002-08 by Luca Deri Thu Jan 29 09:45:34 2009 PDA: Welcome to PDA. (C) 2001-2005 by L.Deri and W.Brock Thu Jan 29 09:45:34 2009 Remote: Welcome to Remote. (C) 2006-07 by L.Deri Thu Jan 29 09:45:34 2009 RRD: Welcome to Round-Robin Databases. (C) 2002-07 by Luca Deri. Thu Jan 29 09:45:34 2009 SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri Thu Jan 29 09:45:34 2009 Calling plugin start functions (if any) Thu Jan 29 09:45:34 2009 RRD: Welcome to the RRD plugin Thu Jan 29 09:45:34 2009 RRD: Mask for new directories is 0700 Thu Jan 29 09:45:34 2009 RRD: Mask for new files is 0066 Thu Jan 29 09:45:34 2009 RRD_DEBUG: Parameters: Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpInterval 300 seconds Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpShortInterval 10 seconds Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpHours 72 hours by 300 seconds Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpDays 90 days by hour Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpMonths 36 months by day Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpDomains no Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpFlows no Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpSubnets no Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpHosts no Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpInterfaces yes Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpASs no Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpMatrix no Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpDetail medium Thu Jan 29 09:45:34 2009 RRD_DEBUG: hostsFilter Thu Jan 29 09:45:34 2009 RRD_DEBUG: rrdPath /var/db/ntop/rrd [normal] Thu Jan 29 09:45:34 2009 RRD_DEBUG: rrdPath /var/db/ntop/rrd [dynamic/volatile] Thu Jan 29 09:45:34 2009 RRD_DEBUG: umask 0066 Thu Jan 29 09:45:34 2009 RRD_DEBUG: DirPerms 0700 Thu Jan 29 09:45:34 2009 THREADMGMT: RRD: Started thread (t683679744) for data collection Thu Jan 29 09:45:34 2009 INIT: Created pid file (/var/run/ntop.pid) Thu Jan 29 09:45:34 2009 THREADMGMT[t683675904]: ntop RUNSTATE: INITNONROOT(3) Thu Jan 29 09:45:34 2009 Now running as requested user 'nobody' (65534:65534) Thu Jan 29 09:45:34 2009 Note: Reporting device initally set to 0 [bfe0] (merged) Thu Jan 29 09:45:34 2009 THREADMGMT[t683675904]: ntop RUNSTATE: RUN(4) Thu Jan 29 09:45:34 2009 THREADMGMT[t683680000]: NPS(1): Started thread for network packet sniffing [bfe0] Thu Jan 29 09:45:34 2009 THREADMGMT[t683676160]: SFP: Fingerprint scan thread starting [p24309] Thu Jan 29 09:45:34 2009 THREADMGMT[t683676160]: SFP: Fingerprint scan thread running [p24309] Thu Jan 29 09:45:34 2009 THREADMGMT[t683676416]: SIH: Idle host scan thread starting [p24309] Thu Jan 29 09:45:34 2009 THREADMGMT[t683676416]: SIH: Idle host scan thread running [p24309] Thu Jan 29 09:45:34 2009 THREADMGMT[t683677440]: WEB: Server connection thread starting [p24309] Thu Jan 29 09:45:34 2009 Note: SIGPIPE handler set (ignore) Thu Jan 29 09:45:34 2009 THREADMGMT[t683677440]: WEB: Server connection thread running [p24309] Thu Jan 29 09:45:34 2009 WEB: ntop's web server is now processing requests Thu Jan 29 09:45:34 2009 THREADMGMT[t683677184]: DNSAR(3): Address resolution thread running Thu Jan 29 09:45:34 2009 THREADMGMT[t683679744]: RRD: Data collection thread starting [p24309] Thu Jan 29 09:45:34 2009 THREADMGMT[t683676672]: DNSAR(1): Address resolution thread running Thu Jan 29 09:45:34 2009 THREADMGMT[t683676928]: DNSAR(2): Address resolution thread running Thu Jan 29 09:45:34 2009 THREADMGMT[t683680000]: NPS(bfe0): pcapDispatch thread starting [p24309] Thu Jan 29 09:45:34 2009 THREADMGMT[t683680000]: NPS(bfe0): pcapDispatch thread running [p24309] Thu Jan 29 09:45:44 2009 THREADMGMT[t683680256]: RRD: Started thread for throughput data collection Thu Jan 29 09:45:44 2009 THREADMGMT[t683679744]: RRD: Data collection thread running [p24309] Thu Jan 29 09:45:44 2009 THREADMGMT[t683680256]: RRD: Throughput data collection: Thread starting [p24309] Thu Jan 29 09:45:44 2009 THREADMGMT[t683680256]: RRD: Throughput data collection: Thread running [p24309] Segmentation fault</https></deri@ntop.org>
-
It seems that the RRD Graph is crashing.
Don`t be scaried my traffic looks like this:
and everything goes well -
Where are the Übernerds when you need one, eh?