Real time traffic monitoring with pfSense
-
Hello!
I need to monitor traffic in a real time from inside the network. Are there any way to do it?
My pfSense version is: 2.1-RELEASE (amd64) FreeBSD 8.3-RELEASE-p11Preferably if I can do it with the help of Wireshark on a Windows computer.
Thank you!
-
You should probably provide more details on what you mean under "monitor traffic"?
Monitor connections? States? Packets?
You can capture packets under Diagnostics -> Packet Capture and then open file in Wireshark if that's what you are after.
-
You should probably provide more details on what you mean under "monitor traffic"?
Monitor connections? States? Packets?
You can capture packets under Diagnostics -> Packet Capture and then open file in Wireshark if that's what you are after.
I need to capture packets. I am aware of the method you have mentioned. I would like to see packets, connection and other activities right when I need it. I also would like to filter them on the fly. The way Wireshark works.
Thank you! -
Is this for troubleshooting that will be adhoc or something you need to just store and have available at all times?
Something like this?
http://www.colasoft.com/nchronos/ -
I am not sure i understand - do you want to run live capture for extended period and just look at it scrolling in a window? You can do this in Packet Capture as well or you can try tcpdump while logged in via SSH.
If text window is not enough for you, do some reading on Wireshark remote capturing. -
Is this for troubleshooting that will be adhoc or something you need to just store and have available at all times?
Something like this?
http://www.colasoft.com/nchronos/This is for troubleshooting. I also would like to see the free version of my solution if any.
Thank you! -
I am not sure i understand - do you want to run live capture for extended period and just look at it scrolling in a window? You can do this in Packet Capture as well or you can try tcpdump while logged in via SSH.
If text window is not enough for you, do some reading on Wireshark remote capturing.Wireshark remote capturing is a good idea. Do you know how to set it up between pfSense AND (Windows 7+WireShark)? Any tutorial(s)?
Thank you! -
I do not know how to set it up, but it took me ~3 min to come up with some links, which may help you:
4.9. The "Remote Capture Interfaces" dialog box
WinPcap: Remote Capture
Don't know if it would work, but sure that technology exist :)Or, you can use the link in my previous post - it is actually a tutorial, but will need Linux as the client side.
I, personally, use tcpdump if I need to look at the live stream on pfSense. More often just capturing and then analyzing data is enough and could be more productive.
There is also another solution - use simple managed switch (Netgear GS108T is cheap), mirror the port and capture that on whatever machine you have.
Good luck!
-
Sorry for open this topic, but is about what I want to ask…
I have a pfSense with latest version 2.2.5-RELEASE (amd64)
My WAN is a PPPoE interface and my LAN is 192.168.0.x
I have a 20Mbps bandwidth with the ISP
My problem is that, sometimes, I can see that pfSense shows that I'm currently using all 20Mbps... this shows on traffic graph by WAN (which is the pppoe0)
But, when I go to LAN, I can't see which host is using it.I already tried to see which host by```
iftop iftop -m 20m -i re1re1 is LAN interface But this not show which host is using it. So, I cant see who is using and make some action to block this kind of traffic. Any advice to see ? Thanks! -
Sorry for open this topic, but is about what I want to ask…
It would have been better for you to start your own thread in the Traffic Monitoring forum…
Any advice to see ?
Lots of ways to do it. My favourite fast way is Status - Traffic Graph. Set Interface to LAN and Display to Host Name.
