Name resolution and how to find the source destination traffic

[atish]

Hello all
I am new to opnsense, just moved from a linksys. After reading the forums and docs I have installed Opnsense with Geoip filteration and IPS enabled.

I have newbie questions.

1- in the logfile I get IP addresses, even though I check the lookup source name flag. few are resolved but not all. how do I get the names resolved for all the IP addresses.

2. I want to find which internal computers are talking to where , source and destination , how do I get this info

Thanks

[gpb]

Welcome.  :)

Regarding 2, you can look at Insight under reporting...that can be useful for what it sounds like you're asking about.  Also, for real time you can look under firewall | diagnostics | pftop.  Really depends what you need/want.

Regarding 1, not sure what you're after...what names do you want resolved?  Firewall rule names?  That's a limitation in FreeBSD (as I understand it).  You can look in the Live Log and see it there.  If you're talking about IP addresses being resolved...do you mean DNS?  Local or remote addresses?

[atish]

Thanks for the tip PFTOP..

However the PF top is showing only ipaddress, not the domain name of the ip address being accessed
for names I am refering to domain names that are being accessed.

[gpb]

ntopng is probably what you're looking for then.  You'll need to install that as an add-on.

Product info:
https://www.ntop.org/products/traffic-analysis/ntop/

To install:
https://www.ntop.org/guides/ntopng/third_party_integrations/opnsense.html

Discussion:
https://forum.opnsense.org/index.php?topic=20812.0#msg105371

Edit: added additional link to install and some relevant discussion.