Bandwidth Monitoring with BandwidthD


Configuring BandwithD in pfSense 2.1.5.

BandwidthD tracks usage of TCP/IP subnets and builds HTML files with graphs to display utilization. Charts are built for individual IP addresses, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each IP address’s utilization can be logged at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in CDF format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color-coded.

BandwidthD can produce output in two ways. The first is as a standalone application that produces static HTML and PNG output every 200 seconds. The second is as a sensor that transmits its data to a backend database which is then reported on by dynamic php pages. The visual output of both is similar, but the database-driven system allows for searching, filtering, multiple sensors and custom reports. The BandwidthD plugin for pfSense can present the output in both ways.

BandwithD Configuration and Installation

To install BandwidthD in pfSense, navigate to System->Packages, and scroll down to BandwidthD. Press the “plus” button on the right side, and on the next page, press “Confirm” to confirm installation. The package should complete installation within a few minutes.

Once installation is complete, there should be a new item on the “Services” menu called “Bandwidthd”. Once you navigate there, you will see two tabs: “BandwidthD”, which allows you to configure the settings and “Access BandwidthD”, which allows you to view data. The “BandwidthD” tab has several settings. The “Enable bandwidthd” check box simply enables BandwidthD. The “Interface” drop down box allows you to select the interface to which BandwidthD will bind. “Subnet” allows you to specify the subnet (or subnets) on which BandwidthD will report. The subnet for the interface selected in “Interface” is automatically put in the config, so you do not have to specify it here. Subnets are specified in dotted decimal notation, with a slash and the number of bits of the subnet after the subnet (e.g. The next setting is “Skip Intervals”, which sets the number of intervals to skip between graphing. The default is 0. Each interval is 200 seconds (3 minutes 20 seconds). The next setting, the “Graph cutoff”, is how many kilobytes (KB) must be transferred by an IP before it is graphed (default is 1024).


Viewing bandwidth usage in the BandwidthD web GUI.

The “Promiscuous” check box will put the interface in promiscuous mode to see traffic that may not be routing through the host machine. This will only work on a hub, where all packets are sent to all ports; if the interface is connected to a switch, then the interface will only see the traffic on its port. The “output_cdf” check box allows you to log data to cdf files, while “recover_cdf” reads back the cdf files on startup if enabled.

The “output PostgreSQL” check box allows you to log the data to a PostgreSQL database. If you enable this option, you need to specify a hostname, database name, username and password in the next four edit boxes. In the “sensor_id” field you can enter an arbitrary sensor name. In “Filter” you can specify a Libpcap-format filter string to control what bandwidthd sees. The “Draw graphs” check box draws graphs to graph the traffic if enabled. You can disable this if you want CDF or database output. Finally, “Meta Refresh” sets the interval in seconds at which the browser graph display refreshes. The default is 150; specifying 0 disables it.

Clicking on the “Access BandwidthD” tab will open up a separate browser tab showing a table summarizing the types of traffic on the specified interface (FTP, HTTP, P2P, TCP, UDP, and ICMP), as well as graphs for each of the IP addresses on the interface.

External Links:

The official BandwidthD home page


Configuring BandwithD in pfSense 2.1.5.

Data Link Layer Advertising with ladvd


ladvd sends LLDP (Link Layer Discovery Protocol) advertisements on all available interfaces. This makes connected hosts visible on managed switches. By default, it will run as a privilege-separated daemon. In addition to LLDP, ladvd also supports the … [Continue reading]

ModSecurity: Part Two


In the previous article, we covered installation of ModSecurity and began configuration. In this article, we continue our look at configuration. We had covered the first five settings on the "Proxy Server Settings" tab. The next setting, the "Use … [Continue reading]

ModSecurity: Part One


ModSecurity is a open source toolkit for real-time web application monitoring, logging, and access control. It supplies an array of request filtering and other security features to the Apache HTTP Server, IIS, and NGINX. Its capabilities, among other … [Continue reading]

September 2014 Amazon Affiliate Purchases

Here are some of the products readers purchased through my Amazon affiliate links during the month of September 2014: EnGenius Technologies Long-Range Wireless-N Indoor AP/Bridge (ECB300) Mikrotik RB951-2N Wireless Router 802.11b/g/n NZXT … [Continue reading]

Greylisting Advantages and Disadvantages

In the previous two articles, we covered installation and configuration of spamd, a useful spam-referral daemon. In this article, we will examine some of the advantages and disadvantages of greylisting. The Greylisting Process Before we begin, it … [Continue reading]

spamd: Part Two


In our first article covering spamd, we covered installation and configured maximum blacklisted connections, maximum concurrent connections, greylisting and expiration times. In this article, we will continue configuring basic settings, and then … [Continue reading]

spamd: Part One


spamd is a ISC-licensed lightweight spam-deferral daemon which is part of the OpenBSD project. It works directly with SMTP connections and supports such features as greylisting and minimizing false positives. It should be fully functional on any … [Continue reading]

Suricata Intrusion Detection: Part Five


In the previous articles on Suricata, we covered basic installation and configuration of this intrusion detection system, including deciding which rules to download and use, and setting up an interface, in this article, we take a look at log … [Continue reading]

Suricata Intrusion Detection: Part Four


In the previous articles on Suricata, we covered installation, configuring global settings and pass lists, and began looking at setting up an interface. In this article, we will continue setting up our first Suricata interface. In this example, we … [Continue reading]

© 2013 David Zientara. All rights reserved. Privacy Policy