Is it possible to show traffic (byte) accouning per local source ip
-
Is it possible to do traffic (byte) accouning per local source ip
In the latest days i have seen several hours of 90% utilization on a 100Mbit interface.
It's not an issue , but i would like to see what local ip(s) that are downloading that much.
As in a per source ip - Byte count in/out , for last week or last month
Is there any package, or trick that can make that ?
I have NtopNG installed , and maybe i just dont know if that's the tool to use.
Optimally i'd love to have a webpage showing that , but i'd settle for what i can get.
TIA
/Bingo -
Bandwidthd can show you that.
https://docs.netgate.com/pfsense/en/latest/monitoring/monitoring-bandwidth-usage.html#bandwidthdSteve
-
Yeah bandwidthd will do exactly what your asking
That top guy is my TV, so streaming stuff be it netflix, amazon prime or most of that is prob off my local plex server.
-
Thank you Gents
Will have a look at bandwidthd
/Bingo
-
Can bwd only listen on one interface ?
Would one Select WAN as interface.
And tick several Subnet(s) for Statistics CollectionIs that a security risk (attack vector) , using wan ?
Would that show "Local ip to Inet" accounting ?
/Bingo
-
No it can only look at one and it needs to be internal to see the source IPs.
You need to use ntopng to log multiple interfaces. It should be able to show you that.
https://docs.netgate.com/pfsense/en/latest/monitoring/monitoring-bandwidth-usage.html#monitoring-on-multiple-interfaces
Steve
-
If your looking to just troubleshoot who is using what NOW for example you could use the darkstat package as well..
You could leave it running, but it doesn't reset per day, etc. But very easy way to find your top talkers for sure. Or what specific IPs have moved since you fired up darkstat
-
Thanx Steve
I already have NtopNG running , but the ip accounting is not as easy as with bwd.
I have started bwd on "Lan" but sees nothing , does promiscuious have to be enabled ?
I already have that enabled via NtopNG (i think).
I can live with just one interface on bwd, if i can get it to log/account data.
-
@johnpoz
I'll have a look at darkstat too.And you are correct it is "Top talkers" i'd like to see.
And something like Cisco: ip accounting -
Another one to track down top talkers is the iftop package, command line..
-
I get no statistics on bwd.
How long time before stats are generated ?
Do i need promiscious ?/Bingo
-
No you don't need promiscuous, but it will take a few minutes.. If your wanting to look now!! Your better off with darkstat or iftop..
-
Dooh ....
I needed to remove the frame
-
I think it only updates like every 5 minutes or so though anyway.
You should see a timestamp in the top left on when it was last updated.
If you want pretty much realtime reporting then darkstat or iftop would be better tools. The other thing better with iftop is will show you the IP pair, ie where your client is sending or pulling data from.. Unlike bandwidthd that just reports on single IP.
Darkstat will give you the ports that were used, etc. But doesn't easy list the actual IP pairs that were doing the talking..
-
Just tried darkstat , nice program.
But it seems to log all ip addy's , incl Inet.Do you guys limit it in #of hosts , or just enable it when needed ?
/Bingo
-
I only turn it on if looking for something.
-
@johnpoz said in Is it possible to show traffic (byte) accouning per local source ip:
I only turn it on if looking for something.
Makes sense.
DS has already revealed one of my ISP's cache servers (Local TV streaming channel) , i can see ~equal ATV4 in/out bytes to that ip
Thanx for that tip
-
iftop seems nice too
Realtime top talkers src/dstThank you for guiding me here Steve/JP
I'll let bwd run , and keep the other two in the "toolbox"
/Bingo
-
Hmm .... Seems like bwd's byte count is reset ?
My ATV4 was on 500MB , now it's on 76MB
Would iftop or DS interfere with bwd , causing a bytecount reset ?
-
I wouldn't think so.. What timezone are you in - is it just past midnight there, maybe you cycled days on bwd.