OPNsense Forum
English Forums => Zenarmor (Sensei) => Topic started by: actionhenkt on July 03, 2021, 07:37:52 pm
-
Hi,
Is it possible to use sensei to check / report on which IP is uploading or downloading ? I dont have alot of devices on my network, still one of my devices has been uploading data constantly, its about 20 to 25gb a day.. Last friday when i was at work, and did not do anything on my own home network, still I saw 40gb of data going out in the status screen of sensei..
How can i find out which device it is ?
Thanks!
-
Not sure about Sensei, but I use ntopng for stuff like that.
-
Hi @actionhenkt,
Yes. You can drill-down to per-ip reports. It's upload+download combined. Are you interested in inbound/outbound only?
-
Hi,
I tried ntop, but not sure if that stores historical data.. Ntop seems to show what is happening now, did not see anything strange so I need a wider overview of a whole day per IP.
Im looking for an overview of per IP stats of ammount of upload and download, maybe top 10 ? Is that possible ?
-
Hi @actionhenkt,
Yes, of course. Go to Sensei -> Reports. You'll see "Add filter' on the upper bar. Click on it. On the coming menu, where you can select from a wide range of criteria, choose "Source IP" and put the IP address, click "Add" and click the refresh button located on the right hand side (next to the pdf export icon). From the Reports Settings, you can define a reporting interval (Last 1 hour, 1 day, week, month).
This video illustrates the drill-down feature:
https://www.youtube.com/watch?v=sRvI7oAz2ac
Reports documentation:
https://www.sunnyvalley.io/docs/opnsense/reporting-analytics/reports-overview#using-the-drill-down-filter
-
I tried ntop, but not sure if that stores historical data.. Ntop seems to show what is happening now, did not see anything strange so I need a wider overview of a whole day per IP.
Interface, click Charts, choose Timeframe, click in the chart to zoom in the peak you want to check out (may need to click 2-3 times to zoom in enough), while floating above the chart, top talkers will be displayed on the right side.
One way I know of...
If I understood his question correctly: he doesn't know which IP and wants to find out who. In Sensei you have to enter the Source IP.
I would be interested into a larger list, like top talkers of the timeframe x. Something like ntopng, but with more clients. Apparently according to ntop, this is possible, but I am quite unsure if it's maybe a limitation of the free version.
https://www.ntop.org/guides/ntopng/web_gui/historical.html
I am sure you are also aware that you can see it in the Insight of the OPNsense too, albeit not time-separated, but only see which client is downloading the most from date-date and port/IP.
-
Hi,
In Sensei, you can see the top IPs and drill down however you want. So can be found that the top traffic user and what is using easily via Top Local Hosts report.
-
I know I can see totals in Sensei (Table of Local Assets). Also did analysis with Table of Remote Hosts, drilled down with Top Local Hosts.
However, "Top Local Hosts" is sorted not by size of download but number of sessions, which is quite different than size of download.
But, is there a way to see historical data, as in when which client downloaded what, and how much too? Like a graph through time, download speed?
To me, Sensei makes much more sense when it comes to connection-categorization.
If I want network-level stuff, as in speed, flows, realtime analysis of connections, I currently prefer ntopng. Not that it can't do L7 though.
-
Thanks, I was able to figure it out