On 30/03/11 15:10, Lamar Owen wrote:
On Wednesday, March 30, 2011 02:40:16 pm Bob Goodwin wrote:
> Netflow says their application is not intended for home use?
> It's not clear to me if that has to be installed in a
> computer/router or if it's something I can install here in this
> computer or if it might already be installed in some routers out
> of the box?
Sorry for overwhelming with info; here's the simpler version.
Netflow data export is a way the router can keep track of 'flows' of data (think
of a flow as a connection; it isn't really, but it's still a good analogy) and
export data on those flows passing through it to a 'collector.' DD-WRT apparently
has some support for netflow data export (NDE for short) in this manner. One of the links
I sent was a page that listed a few things about that, and possibly more links to how to
set that up in DD-WRT.
Once you have NDE set up to export (but before you actually turn the export on) you need
to set up the collector; this is the ntop package that is included in Fedora. It is a
web-based application; there are other flow collectors, but the key thing is that the box
running the collector needs to have its firewall opened for the export from the router,
and the router needs to know to export the flow data to that IP address.
Once you have ntop collecting the flows, you can get all kinds of statistics on the top
talkers, total bandwidth, connections used, IP addresses contacted, just to start.
The setup isn't the easiest in the world; but, then again you have DD-WRT set up, so
you've apparently got at least part of the skillset needed. Just tackle it with
patience, and you can make that work.
A hub and doing the collection with a sniffer and ntop will also work, but hubs have
their own problems, and unless you'd just rather do it that way, having the router do
NDE is the simplest way of getting the information you want.
I'm doing this, using CentOS and ntop, with several Cisco routers of various types (a
couple of 12000 series, a 7609, a 7206, a 7507, and a 7401) and it works pretty well. On
CentOS 4 ntop isn't exceptionally stable; not a whole lot better on CentOS 5, but I
would expect that the latest and greatest running on F14 might be the ticket.
But my setup isn't the typical home setup, either, so your mileage may vary.
What would be the 'cat's meow' would be ntop or similar integrated into the
DD-WRT or other similar router interface, then it's all 'appliance based' and
easy.
Well I'm still overwhelmed but I installed ntop and it turns out
that dd-wrt has a function called Rflow, and another MACupd
which I also enabled, and I am getting some pretty impressive
displays.
It looks like it will do what I want if I can just master it's
operation. I will have fun with this! It is serious business
though, I've got to get usage under control or they throttle
user speed and threaten worse!
I'll be back with questions once I know what to ask.
Thanks all for the excellent help and advice.
Bob