How to manage my network



I have a main router-modem-wifi(D-Link 2730 U), from which we use internet on ground floor floor, there is one more wifi on ground floor (D-Link Dir 505) which extends the range of my modem. My modem's name is Home, Dir 505's name is Home_Hotspot. Then i have 1 wifi in basement which is connected to my main wifi (Home) by Ethernet Cable. Then i have 1 wifi on first floor and 1 on second floor. The wifi on 2nd floor is getting its internet from the wifi on first floor(via ethernet cable) which in turn gets its internet from the Home (main) modem. I personally use wifi only on the ground floor. What i want is to see which mac address go to which websites and download what. I want each and every detail.(As my connection is of limited data - 175 GB)

For this i tried to set up a home server, it is just a normal pc with 2 ethernet nic and 1 wifi nic. I tried different OSes for the server, and currently using pfSense. What it helps me with is just limit their speed(which was my second requirement), so i can set the speed on 1st + 2nd floor = 1 mbps and basement = 1 mbps. As 1st and 2nd floor wifi get ethernet connection from 1 ethernet cable and the basement wifi gets internet from 1 cable.

I tried to achieve this by putting apps on pfSense machine like DansGuardian, squid, BandWidth etc but all were unsuccessful and i could not do anything from them except stop my internet

So how do i check which mac address visits which site and downloads what and how much? (I am a bit flexible - i can change my OS on server if there is need)


[Ask for any doubts]

Daksh Shah

Posted 2014-02-21T09:56:11.020

Reputation: 597

Shouldn't the question be "find out what IP visits what"? As a MAC could be assigned a different IP depending on your DHCP and network setup. I'd have thought any logging on the server would be able to do this though. Then something like nmap or wireshark could be used. – cjb110 – 2014-02-26T08:31:02.860

@cjb110 I cannot fix their IP addresses so i would need their mac address instead, cause i want to identify them with that. If i keep IP without making it static it is no use and i cannot make it static. Second thing: i need to know how exactly to do that... i installed pfSense but the apps in that give me a variety of different problems. If you could point to some clear guide even thats ok – Daksh Shah – 2014-02-26T10:18:00.610

@DakshShah You should probably pick a winner, otherwise the rep is going nowhere (not even to you) – Canadian Luke – 2014-03-05T16:56:40.737



Try using lightsquid. It will keep track of URLs visited by user in great detail. I do not believe it logs the MAC address of the devices however (only IP and host name). As far as I know the only way around this is to use a network mapping software to keep track of what IP your MAC addresses are attached to as well as lightsquid, or manually login to your router and see what IP is assigned to what MAC address and keep DHCP lease renew at a longer time, perhaps 1 month. Then every month you can log what IP is assigned to what MAC address and then at the end of the month use lightsquid to see the usage. Then after the DHCP leases are renewed, once again take note of what IP is assigned to what MAC address...rinse, repeat.


Posted 2014-02-21T09:56:11.020

Reputation: 378

Hey i had tried lightsquid once but it did not work, do you mind chatting with me for some time to help me configure it properly? – Daksh Shah – 2014-02-27T02:48:32.030

follow this guide: If that doesn't help, let me know and I can help

– cbalos – 2014-02-27T04:21:35.047


It is probably not best practice to try and link a mac address to a website you are visiting as mac addresses are only used in your network. It would make sense to link Mac address -> IP address of client, and then match based on the IP address.

In a network where you can trust there is no nefarious activity, you can create the link between MAC address and IP address by statically assigning the IP address based on the MAC address (most decent DHCP servers [ie running on your Server ] should be able to do this.

Using ISC DHCP I added lines like the following for each client in dhcpd.conf

host pcname { hardware ethernet 00:0f:1f:B0:75:01; fixed-address; }

If this is not an option, you have a major issue to solve. You might try running a captive portal to link IP addresses to mac addresses when someone logs in, or get serious and insist all devices connect over VPN to ensure they are authenticated. (Otherwise someone can just fake a mac address or statically assign themselves an IP address belonging to someone else).

Once you have the IP Address you could put in a transparent proxy and capture the log files and analyse these. In my case, I don't worry where people go (nor do I assume all their traffic is HTTP - https is quite common and people use things like SIP and ftp as well). I simply use iptables to do byte counting on each IP address and I can tell the in and out bytes.

Can you describe your usage case better so we can give a more robust answer ?


Posted 2014-02-21T09:56:11.020

Reputation: 49 152

Hey i can do this but i just need to know how to do that and should i use pfsense OS or should i change... which one do you use. and the second thing ok well counting bytes can be a solution too, i would change that later if i can. But right now i tried to install apps for proxy but it does not log at all and just causes my internet to go down. What more info you want? – Daksh Shah – 2014-02-28T04:58:35.403

I can't comment on pfsense - never used it. I rolled my own solution using my Linux distro of choice (Ubuntu). It might be a good idea if you could advise what you are trying to achieve (ie are your users trusted and you just need to monitor them, are you worried about intruders ? (How) do you want to manage users/abuse ? Are you wanting to on-bill, rate limit or disconnect ? How many end-user devices are involved ? – davidgo – 2014-02-28T19:46:25.657

I just noticed you are using the DLINK 2730U for WIFI. You won't be able to (easily) control the usage of that device as its on the wrong side of the Server. If you want a full solution, you should seriously consider putting it behind the server, or removing client Internet access from it and deploying another AP. – davidgo – 2014-02-28T19:52:11.360

And how to fix that? – Daksh Shah – 2014-03-01T03:49:42.837

As indicated, you should convert your 2730U into a dumb modem and get another WIFI device which you situate behind the server, or alternatively move the 2730U behind the server then get another dumb modem. Also, I've had another thought, are your Netgear WIFI devices configured as access points or routers ? If they are routers you will want to reconfigure them as access points to get rid of NAT issues and expose the clients IP addresses to the server. – davidgo – 2014-03-01T20:12:06.590


Although this question is quite open ended, I'll attempt to answer.

First off, the server should be the first thing everything connects to, including the Internet. If you're using it just as a firewall, then it should be hooked directly up to your ISP's modem. Let it get its address, then you can work on the other parts. If you are also doing file sharing out of it, then leave the physical layout as is, but disable the wireless on your router, and the extra LAN ports; otherwise, clients can plug directly in, or connect via Wifi, and skip your server completely.

Take the Wi-Fi out of the server. There's not need for it, and routers are easier to deal with anyways. Hook the second NIC of the Server up to the switch. From there, run your lines for your Wireless Access Points. On your server, pfSense can (and probably is) going to be your DNS server and DHCP server. You will need to go into each of the other Wireless Access Points, and disable DHCP on them. For the ones that are routers, I would recommend assigning it an IP address in the range that your firewall is giving out addresses, then plug the cable into the LAN port to move it into Bridge Mode.

All the computers should be able to talk to each other, and you can use your pfSense Firewall to check the logs, and see what each machine is accessing. Do note, though, that trying to map the MAC address to the website is extremely difficult, and would require custom scripting to take care of. Take everyone's suggestion, and assign static reservations in DHCP, or assign static IP addresses to all known devices. No if's, and's or but's about it.

Canadian Luke

Posted 2014-02-21T09:56:11.020

Reputation: 22 162