• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Per-User Traffic Bandwidth Monitor

Scheduled Pinned Locked Moved General pfSense Questions
12 Posts 5 Posters 19.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jjj
    last edited by Feb 10, 2010, 5:09 PM Feb 10, 2010, 4:54 PM

    I am looking to monitor user traffic so we can find out who is consuming all of our bandwidth in real time. When our connection is slow, I would like to be able to bring up a graph that immediately shows me "X-user is using Y% of bandwidth" and then be able to see exactly what they're doing.

    I've installed DarkStat but it can only monitor one interface at a time and it can't draw a line between a user and what the user is doing online…only how much data they're pulling in. That doesn't help because the user could be downloading from our DMZ or the internet, and we can't tell. I can tell that Pandora is being used heavily, but I can't tell who the user listening to it is.

    We have a realtime URL monitor (Untangle), but it doesn't graph bandwidth and a request made to Pandora could've been made hours ago which won't be viewable till tomorrow in a daily report.

    We don't want to simply filter out Pandora or whatever, we just want to find heavy users and tell them to chill out.

    Any suggestions?

    edit: pfTop is nice and seems to be capturing what I need (would like URLs)....but anything a little more user-friendly or at least a way to export it?

    1 Reply Last reply Reply Quote 0
    • F
      focalguy
      last edited by Feb 10, 2010, 7:09 PM

      The Rate package is supposed to be nice but I could never get it to show accurate results.

      Darkstat works for me. If you see that there are connections to pandora or whatever you can click on the IP address and it will tell you traffic narrowed down by port. You can then go to your state table and filter by the ip and port such as x.x.x.x:8654 and then you will see which user has an open state to that external IP on the port that is using all the traffic.

      Not the quickest or most convenient but it has worked well enough for me.

      1 Reply Last reply Reply Quote 0
      • B
        bear24rw
        last edited by Feb 10, 2010, 10:52 PM

        Check out the 'rate' package it does exactly what youre looking for

        1 Reply Last reply Reply Quote 0
        • K
          kapara
          last edited by Feb 11, 2010, 3:25 AM

          install pfflowd package.  Download and install manageengine netflow monitor.  This can monitor 1 or 2 interfaces for free.  Call presales support for assistance with initial config.  This will give you a breakdown of per ip and per protocol traffic.  I doubt any of the other packages can beat this.  Manageengine needs to be installed on any old pc.  Tech is based on neflow…....  If you want to monitor more interfaces then buy a license......

          excellent tool for analisys and free and also gives historical

          good luck

          Skype ID:  Marinhd

          1 Reply Last reply Reply Quote 0
          • J
            jjj
            last edited by Feb 12, 2010, 10:08 PM

            RATE puts me int the same boat as before…it only monitors a single interface at a time and doesn't draw the line between source and destination traffic. It also shows me that the firewall's interfaces themselves are what are consuming all the bandwidth.

            pfflowd sounds nice, but the two free interfaces aren't enough and we're already using it to monitor our routers.

            1 Reply Last reply Reply Quote 0
            • J
              jimp Rebel Alliance Developer Netgate
              last edited by Feb 13, 2010, 5:56 PM

              You can also try the 'iftop' package from a shell prompt:

              # pkg_add -r iftop
              # rehash
              # iftop -i <lan nic=""></lan>
              

              It might get you a little closer to what you want.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • J
                jjj
                last edited by Feb 15, 2010, 3:22 PM

                Yes, it does look look nice.

                What would be the uninstall command (Besides using it as an appliance, I am pretty much handicap when it comes to Linux)?

                1 Reply Last reply Reply Quote 0
                • J
                  jimp Rebel Alliance Developer Netgate
                  last edited by Feb 15, 2010, 4:05 PM

                  If you want to get rid of it, do:

                  pkg_delete iftop-\*
                  

                  If you want to be more precise, you can look at the output of:

                  pkg_info
                  

                  and find the line for iftop, something like this:

                  iftop-0.17          Display bandwidth usage on an interface by host
                  

                  Then you can do:

                  pkg_delete iftop-0.17
                  

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • J
                    jjj
                    last edited by Feb 15, 2010, 4:49 PM

                    Great, thanks for the thorough instructions!

                    1 Reply Last reply Reply Quote 0
                    • J
                      jjj
                      last edited by Feb 15, 2010, 5:26 PM

                      I get the following:

                      pkg_add -r iftop

                      Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/iftop.tbz: File unavailable (e.g., file not found, no access)
                      pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/iftop.tbz' by URL

                      I checked the FTP and the packages-7.0-release doesn't exist, the only "release" folder is packages-8.0-release.

                      There's actually no 7.0 anything folder, only packages-7-stable.

                      ???

                      1 Reply Last reply Reply Quote 0
                      • J
                        jimp Rebel Alliance Developer Netgate
                        last edited by Feb 15, 2010, 5:33 PM

                        What version of pfSense are you running? pfSense 1.2.3 should be 7.2-RELEASE

                        Either way, you can do this instead:

                        pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-stable/Latest/iftop.tbz

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • J
                          jjj
                          last edited by Feb 15, 2010, 5:42 PM

                          1.2.2….. We need to upgrade.

                          1 Reply Last reply Reply Quote 0
                          12 out of 12
                          • First post
                            12/12
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                            This community forum collects and processes your personal information.
                            consent.not_received