How to monitor traffic

  • Is there a package that aloud's me to see what web sites each computer on my network  is or as been?
    Sorry for my English
    Sorry if I posted in the wrong place

  • For real-time viewing you can use Status->Traffic Graph. From 2.1.1-RELEASE it works to select an interface and "Filter: All" and "Display: FQDN". Then it will try to show the IP addresses of both ends of the traffic and try to do reverse lookups to show you a name that goes with the IP address. That often gives you a good idea of what the big user/s are doing at the time. Although these days with a lot of cloud and web-hosting providers, the reverse lookup name is not always a big giveaway as to what the site is.

  • thank you,
    I'm trying to see what websites my kids are on when I'm not around, is that possible in PfSense?

  • If you run squid, and light squid, you can use the light squid report to tell you who went where based on IP address

  • Yes.  The Suricata package will decode and log all HTTP traffic.  You can see the source/destination address and the exact URL that is being requested.  Everything is timestamped.  However, it is a 'raw' log and will require some manipulating to pull it into a more readable format.

    Another alternative is Netflow.  Export the data to a Netflow collector and you can see the conversations, but not the actual URL's being requested.

    Another less informative alternative is to use OpenDNS.  You can generate reports on what domains are being requested, but not from which machine and the report is only on a full-day basis.

    EDIT:  The squid solution posted above would be a very good way to accomplish what you want.

Log in to reply