How do I analyze traffic?

jsrober · July 14, 2019, 03:50:30 AM

Hi,

Thanks so much for OPNsense. It's wonderful to have such a powerful solution.

How do I analyze the traffic on my network?

I have IOT devices and I wonder what they are doing. Are they connecting outside my network? What ports are they using?

How do the pro's use OPNsense to figure this out?

I have OPNsense running on a very beefy dedicated PC with plenty of storage. Do I do a packet capture and then analyze the data? Is there a way to capture netflow data and then review it with some sort of purpose-built GUI?

Thanks,
John

fabian · July 14, 2019, 08:45:16 AM

You can run tcpdump (also via the UI under packet capture), then download it and open it in Wireshark. The packet capture can also be done via the shell.

ruffy91 · July 14, 2019, 08:58:29 AM

Try the ntopng plugin. It will analyze the traffic for you. You will se which protocol the devices speak with which country etc.

bartjsmit · July 14, 2019, 10:04:59 AM

Also consider putting your IoT devices on a separate VLAN to reduce the risk of compromise to the rest of your network.

Bart...

How do I analyze traffic?

jsrober

July 14, 2019, 03:50:30 AM

fabian

July 14, 2019, 08:45:16 AM #1

ruffy91

July 14, 2019, 08:58:29 AM #2

bartjsmit

July 14, 2019, 10:04:59 AM #3