Posted on

NetFlow

What is Netflow?

NetFlow in OPNsense is a powerful network monitoring tool that provides detailed insights into your network traffic. It acts like a traffic cop, analyzing and recording information about each data packet that flows through your firewall. This information can then be used to:

  • Identify the source and destination of traffic: This can help you to troubleshoot network problems, identify potential security threats, and optimize your network performance.
  • Monitor bandwidth usage: You can see which applications and devices are using the most bandwidth, which can help you to identify bottlenecks and make informed decisions about your bandwidth allocation.
  • Track suspicious activity: NetFlow can help you to detect and investigate potential security threats, such as malware infections or denial-of-service attacks.

Here’s a breakdown of how NetFlow works in OPNsense:

Data collection: OPNsense captures information about each data packet, including the source and destination IP addresses, the port numbers, the protocol used, and the amount of data transferred.1

Exporting data: This information is then exported to a NetFlow collector, such as OPNsense’s built-in “Insight” analyzer or a third-party tool.

Data analysis: The NetFlow collector analyzes the data and provides you with a variety of reports and visualizations that you can use to understand your network traffic.

Set up Netflow in OPNsense to analyses traffic:

On the opnsense admin portal > navigate to > Reporting > Netflow:

Configure the following

Ingress (Traffic to or coming from the firewall) + Egress (Traffic passing through the firewall) will be captured

Go Back to reporting > Insight

Generate traffic with Packet Sender to stress test current setup:

Download link: https://github.com/dannagle/PacketSender

Navigate to Tools > intense traffic generator and see how much traffic can fit the pipe.

Test it to analyses packet flow or for LAGG configuration.

*Be careful on generating excessive traffic as this can disconnect you from OPNsense

Source:

OPNsense Netflow documentation: https://docs.opnsense.org/manual/netflow.html

OPNsense Insight documentation: https://docs.opnsense.org/manual/how-tos/insight.html

NetFlow Wikipedia article: https://en.wikipedia.org/wiki/NetFlow

Leave a comment