Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to capture point in time bandwidth usage by (external) IP

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      awsiemieniec
      last edited by

      2.3.2-RELEASE-p1 (amd64)

      Im trying to view bandwidth usage at a point in time - so far consistently getting high spikes from 2:30a to about 3:00a.  What I'm coming up against is it seems I need to actively watch at the time in question as opposed to viewing some kind of report that shows what happened at a time and date in the past.  I stayed up late one night waiting for the spike to come only to be let down that it didn't occur at the normal time but rather 1.5 hours later.

      I have this pfSense in a colo and the colo charges me each time I have utilization over my allocated bandwidth floor.  I've enabled traffic sharpers but learned that won't help me because by the time the traffic hits my pfSense it has already gone through my colo's gateway/router at full speed.  My shaper just slows it down once it hits my WAN connection.

      Any ideas what I can run on the pfSense side to capture IPs of incoming traffic that are coming in "too fast"?

      thanks.

      1 Reply Last reply Reply Quote 0
      • J
        javcasta
        last edited by

        Hi.

        Maybe with ntopng?

        How can I monitor bandwidth usage

        https://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage#NTOPNG

        NTOPNG

        If even more detail is required, the ntopng package, which can also be found under System > Packages, can help. It can break down detail by IP, protocol, and so on. Once installed, it appears under Diagnostics > ntopng. It will even track where connections were made by local PCs, and how much bandwidth was used on individual connections.

        Regards.

        Javier Castañón
        Técnico de comunicaciones, soporte y sistemas.

        Mi web: https://javcasta.com/

        Soporte scripting/pfSense https://javcasta.com/soporte/

        1 Reply Last reply Reply Quote 0
        • A
          awsiemieniec
          last edited by

          thanks… trying it out now. We'll see if I can get the info I need.  Much appreciated.

          1 Reply Last reply Reply Quote 0
          • A
            awsiemieniec
            last edited by

            I've been running ntopng for 12 hours.  I think the only way I'm going to capture the data i need is to stay awake till 2:30/3:30ish and see it live.  Maybe I'm not using the program correctly but I can't find a way to see point-in-time.  I'll keep trying…

            1 Reply Last reply Reply Quote 0
            • A
              awsiemieniec
              last edited by

              Ohhh Eureka!~  Found the part in ntopng where I can see point in time reporting for bandwidth usage.

              There may be an easier way to navigate to there, but I did the following:
              1.) At the bottom, middle of your screen you'll see live I/O (small) graphs.
              2.) I clicked on the "Incoming" interface stat (arrow down)
              3.) click on the time graph on the top nav bar for that interface
              4.) On the Timeseries timeframe click on the blue scale to select the window you want to see stats for.
              5.) Hover your mouse on the spike to show details on the right side of your screen.

              :)

              thanks!~

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.