I have a number of clients (2 OpenBSD systems, 3 Windows 10 systems, an Android phone or two, and a VoIP phone) all connected to the internet through an OpenBSD firewall (currently 7.1/amd64, will be 7.2 soon). I'm trying to track down which client(s) is/are responsible for a 5-fold increase in my overall data usage last month (and, I suspect, a similar ongoing data usage).
So, I'd like to modify the firewall to somehow record the per-IP-address number of bytes passed by the firewall (I can then match up the IP addresses with the dhcpd logs to find the offending client(s)). This StackExchange question-and-answer https://serverfault.com/questions/303931/getting-per-ip-traffic-stats-from-pf gives a possible solution > export netflow data for all your traffic, grab it with Flow-Tools, > and feed it to something like JKFlow to parse (and graph/report on). but that was as of 2011. Is this still the most straightforward way to get per-IP traffic stats? If so, can anyone point me to any reasonably up-to-date "big picture" tutorials/documentation? The closest I've come so far is this discussion https://www.pantz.org/software/flowtools/configflowtoolspfflow.html but it's from 2006. Thanks, -- -- "Jonathan Thornburg [remove -color to reply]" <dr.j.thornb...@gmail-pink.com> currently on the west coast of Canada "Now back when I worked in banking, if someone went to Barclays, pretended to be me, borrowed UKP10,000 and legged it, that was `impersonation', and it was the bank's money that had been stolen, not my identity. How did things change?" -- Ross Anderson
