Best way to find out the top source IP addresses from the State Table?
-
Our state table size is quite large. We have a state count of over 200,000 thousand. This is normal for our traffic. My question is what is the best way to find out a top 10 or top talkers list of IP address based on the number of source states?
I have tried and cannot use "states summary" from the diagnostics tab as it crashes because of the size of the state table with the following error.
"Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 32 bytes) in /usr/local/www/diag_states_summary.php on line 60"
Is there a simple package or a simple way of getting the same information from the "states summary" report found on the diagnostics tab but only for the top source IP states (maybe top 10) and not a report for every IP address from the states table?
I hope that made sense.
Thank you for any replies or suggestions.
-Paul
-
You may find the 'pftop' console command helpful. Like the normal 'top', it's interactive by default., but it can be scripted as well. There's a man page here: http://www.eee.metu.edu.tr/~canacar/pftop/pftop.8.html, though I'm not sure the pfSense pftop is in sync with the one described there. The help text from pftop in a recent 2.2 snapshot:
pfTop Help c - toggle state Cache f - set state Filter h - Help (this page) n - set Number of lines o - next sort Order p - Pause display r - Reverse sort order s - Set update interval v - next View q - Quit 0-8 - select view directly SPC - update immediately ^L - refresh display ^G - clear command entry line cursor keys - scroll display Sorting shortcuts: A - Age B - Bytes D - Dest. port E - Expiry F - From N - None P - Packets S - Src. port T - To R - Rate K - peaK