Netgate m1n1wall

Author Topic: Monitoring Only ?  (Read 1115 times)

0 Members and 1 Guest are viewing this topic.

Offline swanseahost

  • Newbie
  • *
  • Posts: 7
    • View Profile
Monitoring Only ?
« on: June 27, 2011, 06:22:57 pm »
Hi there,

Is is possible to use PFSense purely for monitoing ? I don't need the firewall functions.  My ISP is saying that the high latency on my line is my equipment which I am sure it is not.  Would this work:

MODEM - WAN PFSENSE - LAN PFSENSE - ROUTER

I can the caputure all the traffic in graphs and latency/packet loss etc ???

Thanks

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6326
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Monitoring Only ?
« Reply #1 on: June 27, 2011, 06:45:27 pm »
wouldn't do much to help that from a graphing perspective, though you could use that to get packet captures of traffic and analyze that to determine where the issue resides. Could just as easily accomplish that with a network tap or span port and a box running Wireshark or tcpdump if that's an option.

Offline Metu69salemi

  • Hero Member
  • *****
  • Posts: 1564
    • View Profile
Re: Monitoring Only ?
« Reply #2 on: June 27, 2011, 11:14:15 pm »
I also prefer simple switch with monitor port and dedicated wireshark machine

Offline swanseahost

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Monitoring Only ?
« Reply #3 on: June 28, 2011, 06:38:25 am »
Could you point me in the right direction ? I don't know much about this topic and my ISP is saying it is my computers.  Thanks

Offline swanseahost

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Monitoring Only ?
« Reply #4 on: June 28, 2011, 08:20:26 am »
Could I use PFsense as just a monitoring device ? I can install bandwithd or darkstat through packages ?

Thanks

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6326
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Monitoring Only ?
« Reply #5 on: June 30, 2011, 03:14:51 am »
The packages along those lines aren't for finding the cause of network connectivity issues. They can under some circumstances help show there is a problem, but they do nothing to tell where that problem is. Network issues along those lines can't be automatically analyzed by anything. The best option is getting something in place that allows you to capture traffic, and doing so both at the host initiating the traffic, and via a tap or span port outside of the last piece of equipment on your network that you're responsible for (your router/firewall). If your router or firewall has the ability to do packet captures of traffic as it's seen on the wire the way pfSense does, then you don't require a span port or tap generally. Comparing those two points of reference will confirm or deny whether you're actually passing that traffic in or out, and exactly what latency is induced by your equipment. Also if your current router or firewall has the ability to tell you how much bandwidth is being used, that can be very helpful - the most common cause of high jitter and/or latency is exhausting your available bandwidth, especially on the upstream side where you have an asymmetric connection (much faster down than up).