What host in my lan generated that traffic?

  • Looking at the Traffic Totals graph I see that something generated 1,2GiB of outgoing traffic between 3:00 and 5:00.
    Is there a way to find out what host generated that traffic?
    I had a look at this https://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage wiki page, but I can't figure out how to do it. Maybe there is a way to see hosts sorted by traffic usage?

  • At first how many children you have in the household?
    What other devices and/or services or programs running on them?
    NAS, WLAN APs, smartphones, tablet PCs RaspBerry PIs, switches or routers or smart TVs or windows or Linux machines,….....

    You will be able to install Squid and SARG and then you create for each user and each of his devices an account with MAC and static IP
    and then this squid proxy will log all users and you will be able to watch that logs with SARG the next day and find what you are searching
    for. Without providing more information's like above asked to you we will not able to help you out any more I think.

  • Yesterday was Windows Update day… possible computers downloading updates overnight?

    As far as things to keep track... you could install bandwidthd (make sure to check the option to only track the LAN hosts, as otherwise you'll get info about every internet server they communicate with too), though be aware that bandwidthd's info resets itself if pfSense is rebooted. If you have a lot of storage on your pfSense box, you could also install ntopng, though that's a much more advanced system, and has a tendency to create large amounts of data.

    There are probably other solutions too.

    That's a lot of upload bandwidth for Windows Update, even if you have Win10 set to share updates.  My money's on a torrent client.

    Squid + Sarg/Lightsquid will only tell you web traffic so it's not a comprehensive total.

  • Have you looked at the ntopng package? I find it quite comprehensive in telling me who did what etc.