Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Monitoring traffic in a school

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      phill79
      last edited by

      Hi,
      I'm not sure where to start with this, basically I want to intercept all traffic before it gets to the router but the pfsense needs to be transparent and not visible to either the Cisco switch or Cisco router that are in place. We need to monitor internet usage by IP and what websites devices are accessing, be that iPads's or PC's. Can anyone recommend a way to achieve this using pfsense?
      Thanks

      1 Reply Last reply Reply Quote 0
      • T
        tucansam
        last edited by

        Not to hijack your thread, but I too would like to be able to see, in realtime, where my users (my kids) are going.  The traffic graph shows bw used by client, but how can i tell what servers my clients are communicating with?

        1 Reply Last reply Reply Quote 0
        • K
          Keljian
          last edited by

          Squid, set as a transparent proxy will be invisible and can be used to monitor by IP address

          However, it will not monitor encrypted traffic: meaning that you will not see google searches or Facebook content

          You will also not be able to stop vpn using squid.

          You could segment the network and block this type of encrypted traffic though

          1 Reply Last reply Reply Quote 0
          • P
            phill79
            last edited by

            Is there anyway just to intercept the traffic, log it then send it on it's way without making it the proxy?

            eg:
            Instead of…..
            PC --- SWITCH ---- GATEWAY --- INTERNET

            it is....
            PC --- SWITCH ---- PFSENSE --- GATEWAY --- INTERNET

            With no modifications to the clients?

            1 Reply Last reply Reply Quote 0
            • K
              Keljian
              last edited by

              A transparent proxy is invisible for all intents and purposes to the client

              You could log all traffic, but when it is encrypted you will just see a garbled mess

              You will not be able to see encrypted traffic without modifying the clients

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.