Monitoring Bandwidth Usage¶

With pfSense® software, there are several methods for monitoring bandwidth usage, with different levels of granularity.

pftop¶

If a connection is currently active, connect to the firewall console (physical access or ssh) and watch the traffic flow with pftop (Option 9).

The output can be changed to show several views (press 0-8 or v to cycle) and may be sorted in various ways. Press ? for a list of available command keys while running pftop.

iftop¶

Run iftop from the shell (console or SSH) as follows:

iftop -nNpPi em0

Change em0 to an appropriate interface to monitor.

In the above example, -nNpP tells iftop to not resolve hostnames (n) or port numbers (N), and to run in promiscuous mode (p) and also display ports in the output (P).

Press t to cycle through various views.

trafshow¶

Another option for viewing real time throughput is trafshow, which can be installed from the CLI with pkg install trafshow followed by rehash.

Once installed, run it at an SSH command prompt:

trafshow

Then select the interface.

Built-in Graphs¶

If overall per-interface usage is all that is required, there are built-in RRD graphs in pfSense software, which can be found under Status > Monitoring.

BandwidthD¶

If more detail is required, such as by client IP on the LAN interface, there is a package for bandwidthd that can be installed under System > Packages. Once installed, it appears under Services > BandwidthD.

Darkstat¶

Darkstat is also available in System > Packages. Once installed, it appears under Services > darkstat. It also offers bandwidth graphs for an interface, as well as traffic to/from specific IP addresses.

ntopng¶

If even more detail is required, the ntopng package, which can also be found under System > Packages, can help. It can break down detail by IP, protocol, and so on. Once installed, it appears under Diagnostics > ntopng. It will even track where connections were made by local PCs, and how much bandwidth was used on individual connections.

Note

Due to the resource requirements of ntopng, it is not suited for with low CPU or RAM.

Monitoring on Multiple Interfaces¶

The bandwidthd package cannot listen on multiple interfaces.

The darkstat and ntopng packages can listen on multiple interfaces.

Netflow¶

Netflow is another option for bandwidth usage analysis. Netflow is a standard means of traffic accounting supported by many routers and firewalls. Netflow collector running on a host inside the network is required to collect the data. pfSense software can export Netflow data to the collector using the softflowd package.

Traffic Totals¶

Traffic Totals is another bandwidth monitoring tool available to install as a package. See Status Traffic Totals for more information.