I recently installed
pfsense on a pc engine APU.2C4 mini-server.
It is now my network router and it’s been working like a champ.
It is now my network router and it’s been working like a champ.
Now I want to start
customizing it some more. First up I
want to be able to monitor network traffic.
Looking around I found
ntopng https://www.ntop.org/products/traffic-analysis/ntop/ [1] as a tool I can install in pfsense and get the
data I need.
In these notes I am
going to record how to install it and use it.
Current Status
A friend of mine is
wondering how much CPU resources this tool may take up so I am going to record
what my current load is before installing it and do a look at the load after.
Currently I have a basic
install of pfsense.
Running an internet
speed test I saw it spike to 25%
I am on pfsense version
2.4.4
Installing
Before I start
installing it here are some good videos I found on YouTube going over ntopng
Log into pfsense and
select System à Package Manager
Click on Available
Packages
Enter ntop and click
search.
Click Install
Click Confirm
Watch it install
Install took less than 2
min, in my case J
Click on Installed
packages and you should now see that it is installed.
CPU usage after install
At idle the CPU usage
has not changed its still 3%. But the
memory usage went up to 11% from 6%.
I have done no settings
yet
Running a speed test
I saw a similar spike to
pre-ntopng at ~20%
Configuring
Go to Diagnotics à ntopng Settings
It’s not yet enabled.
I wonder how that will effect CPU/Memory when it is?
Enable ntopng, Enter
password and select all Interfaces
Click Save
After the page refreshes
Click Update GeoIP Data to grab fresh Geo data.
Now before I do anything else let me look at the load again
At idle still 3% and Memory Usage at 16% … so that went up a
little.
Settings
Go to Diagnostics à ntopng
Got a proxy timeout…
Maybe it is being blocked?
Issue can’t access ntopng
Let me check on the status
Status à Services
Hey it’s not even running!
Let me start the service up.
It’s running
Let me go check my CPU load
At idle it jumped up to 6% and Memory Usage went up to 19%
Open it again
Open the ntopng tool up again Diagnotics à
ntopng
Hey an improvement.
Click advanced, in chrome to bypass and open the page.
Now you need to log in to this separate tool username admin,
password is the one you set in the configurations
Wahoo something!
What can I do
First let me grab the current IP address of the box I am on
using a cygwin command.
> ipconfig | grep IPv4
|
I happen to be 192.168.0.10 at the moment
If I click on hosts I can see which Host is using the what %
of bandwidth currently.
Oh you can even see the top ports being hit currently. J
Click on Flows
From here you can probably find your computer listed click
on it in the client column
Lots of cool detail here
Conclusion
This tool give you a lot.
This is a Swiss army knife I would suggest watching the videos I listed
to get a better idea on what you can do.
References
[1] ntopng High-Speed Web-based
Traffic Analysis and Flow Collection
[2] Using the ntopng package on
pfSense 2.3.2 for Traffic Analysis &
Collection
Collection
[3] pfsense Tools for Networking
Troubleshooting & Problem Solving :
pftop, NTOPng, packet capture
[4] ntopng can't load the page
https://forum.netgate.com/topic/107156/solved-ntopng-can-t-load-the-page/14
Accessed 12/2018
https://forum.netgate.com/topic/107156/solved-ntopng-can-t-load-the-page/14
Accessed 12/2018
Excelent!! Tks for the feedback
ReplyDeleteGuru.... Awesome 👏👍☺️.... Excellent efforts and great contribution.... God bless you and be with you.... keep sharing...🏇👍
ReplyDeletehave been looking for this, found it and it solved my problem straight away. pfsense+ntopng is just so perfect
ReplyDeleteNtop in pfsense can't dump expired flow to mysql or elastic. can you help me please ?
ReplyDeleteNtop in pfsense can't dump expired flow to mysql or elastic. can you help me please ?
ReplyDelete