Real-time traffic monitoring router / firewall device

Question

I'm looking for a router & firewall device that will provide built-in bandwidth monitoring; meaning, I go to the web control panel for the device and I can see a real-time breakdown of how much traffic each IP is using (and even better, identify the MAC of each machine so I can exclude them from the network if necessary). I know there's third party solutions that can analyze syslogs in real time, but really what I want is a simple, plug-and-play device that offers this kind of real-time analysis out of the box.

score 6 · Accepted Answer · answered May 31 '09 at 16:39

I'm going to advocate Pfsense again. PFsense can by default graph outgoing / ingoing bandwidth. If you add the Bandwithd plugin, you can graph the traffic coming out of each node of your network on a per-IP basis. It even displays the type of traffic.

It's really simple to setup and works very well. You can put in transparently on your network by putting it in network bridge.

score 2 · Answer 2 · answered May 31 '09 at 21:28

if you have netflow capable devices use it. although it originated at cisco many hardware vendors support it. if it´s too taxing on your hardware use sampled netflow.

but most of all get a netflow agregator like http://nfsen.sourceforge.net/ for accumulating and visualizing the data.

Nick Kavadias · Answer 3 · 2009-05-31T15:43:52.507

1

I believe smoothwall offers built-in graphing via MRTG. Not sure if it will do reporting via internal IP's out of the box. I think there are some other forks of this project that do similar things, but i can't remember the names.

ntop is probably more flexible for your needs. You should be able to run this on any linux distro that you can purpose as a firewall with iptables.

edited May 31 '09 at 15:43

answered May 31 '09 at 15:38

Nick Kavadias

10,796
7
37
47

score 1 · Answer 4 · answered May 31 '09 at 21:35

1

I second PFSense, as a very satisfied user.

Also, hosts3d (formerly homestead) if you're running *NIX / *BSD. It is IMHO the most underrated network utility that currently exists.

answered May 31 '09 at 21:35

Gazzonyx

258
1
7

score 0 · Answer 5 · answered May 31 '09 at 15:32

MAC filtering is not very difficult to get around.

You can just force all traffic to go through a proxy, for example squid, and force authentication.

Block direct access to the internet, so the only way to get out is via the proxy.

Then let squid do the accounting for you.

score 0 · Answer 6 · answered Jul 23 '10 at 17:14

0

Untangle is a great way to go.

Plug and play
FOSS
Great features, including reporting.

http://www.untangle.com/Open-Source-Package

answered Jul 23 '10 at 17:14

JakeRobinson

2,904
18
26

score 0 · Answer 7 · answered Jun 01 '09 at 02:19

0

iftop is a useful *nix utility for watching traffic. Depending on what firewall/router infrastructure you have, it might fit the bill.

answered Jun 01 '09 at 02:19

Rog

235
1
8

Real-time traffic monitoring router / firewall device

7 Answers7