OPNsense Forum

English Forums => General Discussion => Topic started by: jsrober on July 14, 2019, 03:50:30 am

Title: How do I analyze traffic?
Post by: jsrober on July 14, 2019, 03:50:30 am

Hi,

Thanks so much for OPNsense. It's wonderful to have such a powerful solution.

How do I analyze the traffic on my network?

I have IOT devices and I wonder what they are doing. Are they connecting outside my network? What ports are they using?

How do the pro's use OPNsense to figure this out?

I have OPNsense running on a very beefy dedicated PC with plenty of storage. Do I do a packet capture and then analyze the data? Is there a way to capture netflow data and then review it with some sort of purpose-built GUI?

Thanks,
John

Title: Re: How do I analyze traffic?
Post by: fabian on July 14, 2019, 08:45:16 am

You can run tcpdump (also via the UI under packet capture), then download it and open it in Wireshark. The packet capture can also be done via the shell.

Title: Re: How do I analyze traffic?
Post by: ruffy91 on July 14, 2019, 08:58:29 am

Try the ntopng plugin. It will analyze the traffic for you. You will se which protocol the devices speak with which country etc.

Title: Re: How do I analyze traffic?
Post by: bartjsmit on July 14, 2019, 10:04:59 am

Also consider putting your IoT devices on a separate VLAN to reduce the risk of compromise to the rest of your network.

Bart...