Tracking Usage Per Client



  • The boss wants to track user stats per client so I've found PFSense. It's really cool you guys should check it out, anyway, I can see traffic on the WAN via the Status\RRD Graphs button but we need to dial it down a little more. How can I do that?

    Thanks in advance.

    Edit: We want to see how many users are connecting to our WiFi per day and how much bandwidth each user is using.


  • LAYER 8 Global Moderator

    if you want to track your wifi users, something like unifi would be better option.  Very reasonable priced wifi APs with a software based controller.. This is going to give you way more control and info about your "wifi" network then pfsense would.

    http://www.ubnt.com/unifi/unifi-ap/




  • That's unfortunate. We're using Meraki at our branches. It's nice but it will cost too much to bring it in to our main branch. We have Cisco access points with a Cisco 4400 WLAN controller here but I didn't set it up and don't know much about it. I figured this would be easier to set up and a little more interesting to play with.


  • LAYER 8 Global Moderator

    pfsense is a great firewall and router - but it has very limited wifi stuff.  Its not a wifi controller, 4400 series is quite old for wlc from cisco.  While they do a great job in providing great wifi access the reporting to what wifi clients is doing is very limited without sending info to say cisco prime.

    Unifi while not quite up to snuff to overall wifi stuff like cisco with cleanair, etc.  You can get the AP for $70 each on their entry level products and get some really useful reporting right out of the box to what wireless clients bandwidth usage is, etc.



  • Here's the thing,  I already have the WiFi controller and my WiFi is on a different network. I want to plug this in as router/firewall to that network and collect data. I can even use this as a DHCP server to my WiFi clients …



  • can't you do that with bandwidthd i remember you can monitor by IP with bandwidthd !?


  • LAYER 8 Global Moderator

    you can try the bandwidthd package - not going to show you what AP they are on, just going to give you IP based info.  Since not tied to mac of the wifi client, if you have client use IP A, then couple days later you get client B that gets same IP A  you have invalid info.

    If you have cisco, then you should go with cisco products to do your monitoring - cisco prime for example.  Then you should be able to send your flows from you wlc to your cisco prime setup.



  • Thanks for the info!  :)



  • @johnpoz:

    you can try the bandwidthd package - not going to show you what AP they are on, just going to give you IP based info.  Since not tied to mac of the wifi client, if you have client use IP A, then couple days later you get client B that gets same IP A  you have invalid info.

    If you have cisco, then you should go with cisco products to do your monitoring - cisco prime for example.  Then you should be able to send your flows from you wlc to your cisco prime setup.

    If you are in a business setting where the connected devices are all (mostly) well known, then static-map an IP for each device. Then IP-based reports match consistently to clients.
    Of course that is not practical if you are running more public services with an ever-moving client base.



  • I'd setup a linux box with two bridged nics and put it between the internet & the wifi access point(s).

    tcpdump can do all the packet captures quite easily, you can specify how long timewise each packet capture file is, ie hourly or daily packet captures, and then from there monitor the tcpip data, pulling out what you like!

    I'd start with the ARP packet to get each unique device and then track the assigned ip accordingly. Unless someone has changed the id in the arp packet, possible but harder than spoofing a mac id, then you should get a good overview of your wifi users usage.  Some of the things you should see is if anyone has attempted to change the unique id given out in the ARP packet.

    A basic example you can adapt by running on a different linux distro.
    http://williamknowles.co.uk/?p=16

    You'll just need to make sure you have enough disc space to store everything captured and have spare capacity before analysis.


Log in to reply