Monitoring Only ?

  • Hi there,

    Is is possible to use PFSense purely for monitoing ? I don't need the firewall functions.  My ISP is saying that the high latency on my line is my equipment which I am sure it is not.  Would this work:


    I can the caputure all the traffic in graphs and latency/packet loss etc ???


  • wouldn't do much to help that from a graphing perspective, though you could use that to get packet captures of traffic and analyze that to determine where the issue resides. Could just as easily accomplish that with a network tap or span port and a box running Wireshark or tcpdump if that's an option.

  • I also prefer simple switch with monitor port and dedicated wireshark machine

  • Could you point me in the right direction ? I don't know much about this topic and my ISP is saying it is my computers.  Thanks

  • Could I use PFsense as just a monitoring device ? I can install bandwithd or darkstat through packages ?


  • The packages along those lines aren't for finding the cause of network connectivity issues. They can under some circumstances help show there is a problem, but they do nothing to tell where that problem is. Network issues along those lines can't be automatically analyzed by anything. The best option is getting something in place that allows you to capture traffic, and doing so both at the host initiating the traffic, and via a tap or span port outside of the last piece of equipment on your network that you're responsible for (your router/firewall). If your router or firewall has the ability to do packet captures of traffic as it's seen on the wire the way pfSense does, then you don't require a span port or tap generally. Comparing those two points of reference will confirm or deny whether you're actually passing that traffic in or out, and exactly what latency is induced by your equipment. Also if your current router or firewall has the ability to tell you how much bandwidth is being used, that can be very helpful - the most common cause of high jitter and/or latency is exhausting your available bandwidth, especially on the upstream side where you have an asymmetric connection (much faster down than up).

Log in to reply