I have a home LAN and limited internet access. If I exceed the usage specified in my subscription my data rates are slowed.
There are a dozen devices that can connect to the internet and five or six people using them. yesterday someone left something running and by the time I realized the problem we had used more than a gigabyte which doesn't sound like much if you have unlimited usage but we only get 17 gigs per month.
I shut down the other computers but never identified which one had been causing the problem.
Can someone suggest a way of measuring usage per device, identifying them by address, MAC, or uuid? I really need to know which one is the offender to control the problem.
Bob
Am 24.06.2011 13:38, schrieb Bob Goodwin:
yesterday someone left something running and by the time I realized the problem we had used more than a gigabyte which doesn't sound like much if you have unlimited usage but we only get 17 gigs per month
this is the wrong package especially for mor than one user
I shut down the other computers but never identified which one had been causing the problem.
[harry@srv-rhsoft:~]$ ifconfig eth0 eth0 Link encap:Ethernet Hardware Adresse 00:50:8D:B5:CC:DE inet Adresse:192.168.1.2 Bcast:192.168.1.255 Maske:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3478872 errors:0 dropped:0 overruns:0 frame:0 TX packets:3449708 errors:0 dropped:0 overruns:0 carrier:0 Kollisionen:0 Sendewarteschlangenlänge:1000 RX bytes:1448170730 (1.3 GiB) TX bytes:807800503 (770.3 MiB) Interrupt:23 Basisadresse:0x8000
Can someone suggest a way of measuring usage per device, identifying them by address, MAC, or uuid? I really need to know which one is the offender to control the problem
i do not understand your "definition" of device and guess you mean program since you spoke about shutdown comouters, on the other hand you are speaking about AMC and addresses
Bob Goodwin writes:
I have a home LAN and limited internet access. If I exceed the usage specified in my subscription my data rates are slowed. There are a dozen devices that can connect to the internet and five or six people using them. yesterday someone left something running and by the time I realized the problem we had used more than a gigabyte which doesn't sound like much if you have unlimited usage but we only get 17 gigs per month. I shut down the other computers but never identified which one had been causing the problem. Can someone suggest a way of measuring usage per device, identifying them by address, MAC, or uuid? I really need to know which one is the offender to control the problem.
Running "ifconfig" shows the number of packets sent and received by each network interface. That's a rough metric, and, of course, as soon as the network interface goes down, the counters get cleared. But if all your machines are directly connected and have their own public IPs, that's the only metric you have, unless they're connected through a router and the router has an admin interface that keeps track of traffic by IP address.
If you have a single machine with a public IP, and all the other devices are NATed through, I believe that iptables can keep track of IP traffic, time to RTFM.
On 06/24/2011 07:38 PM, Bob Goodwin wrote:
I have a home LAN and limited internet access. If I exceed the usage specified in my subscription my data rates are slowed. There are a dozen devices that can connect to the internet and five or six people using them. yesterday someone left something running and by the time I realized the problem we had used more than a gigabyte which doesn't sound like much if you have unlimited usage but we only get 17 gigs per month. I shut down the other computers but never identified which one had been causing the problem. Can someone suggest a way of measuring usage per device, identifying them by address, MAC, or uuid? I really need to know which one is the offender to control the problem.
It is quite impossible to properly think about answering your question without knowing the topology of your LAN. Basically, is not possible to measure traffic from individual systems unless all traffic passes through a "choke point".
Even if, for example, all of your systems connect via Ethernet cables to a router, which then connects to the your ISP, the monitoring would most probably need to be done on the router itself since most of these devices employ switch technology.
On 24/06/11 08:12, Ed Greshko wrote:
On 06/24/2011 07:38 PM, Bob Goodwin wrote:
Can someone suggest a way of measuring usage per device, identifying them by address, MAC, or uuid? I really need to know which one is the offender to control the problem.
It is quite impossible to properly think about answering your question without knowing the topology of your LAN. Basically, is not possible to measure traffic from individual systems unless all traffic passes through a "choke point".
Even if, for example, all of your systems connect via Ethernet cables to a router, which then connects to the your ISP, the monitoring would most probably need to be done on the router itself since most of these devices employ switch technology.
The "choke point" is a Linksys E3000 wireless router running DD-WRT connected to the "modem." DD-WRT apparently has a log function but it appears to be temporary in that the data appears and disappears quickly in some way that I have never understood. Unlike this list the dd-wrt forum is difficult to deal with and has provided little useful information.
But yes, I understand the router is the point at which everything converges. I suppose I could insert a hub between the router and the "modem." By devices I mean iPhones, iPads, iLaptops, Mac and PC desktops, and my own Linux computers, a mixture of wired and wireless
I have Ntop running on an F-14 computer, the i686 version is not yet available for F-15 unless it got fixed overnight. However I haven't been able to get the kind of information I need out of that either, perhaps due to my own ignorance. It's a pretty complex program and does display a lot of information though.
Bob
Bob Goodwin bobgoodwin@wildblue.net wrote:
The "choke point" is a Linksys E3000 wireless router running DD-WRT connected to the "modem." DD-WRT apparently has a log function but it appears to be temporary in that the data appears and disappears quickly in some way that I have never understood. Unlike this list the dd-wrt forum is difficult to deal with and has provided little useful information. But yes, I understand the router is the point at which everything converges. I suppose I could insert a hub between the router and the "modem." By devices I mean iPhones, iPads, iLaptops, Mac and PC desktops, and my own Linux computers, a mixture of wired and wireless
Yes, that is what you need. An old fashion hub. If you can find one of those these days. You may have to resort to building an Ethernet Tap.
I have Ntop running on an F-14 computer, the i686 version is not yet available for F-15 unless it got fixed overnight. However I haven't been able to get the kind of information I need out of that either, perhaps due to my own ignorance. It's a pretty complex program and does display a lot of information though.
And ntop won't do much good until you fix the data collection issue.
On 06/24/2011 07:39 AM, Bob Goodwin wrote:
The "choke point" is a Linksys E3000 wireless router running DD-WRT connected to the "modem." DD-WRT apparently has a log function but it appears to be temporary in that the data appears and disappears quickly in some way that I have never understood. Unlike this list the dd-wrt forum is difficult to deal with and has provided little useful information. But yes, I understand the router is the point at which everything converges. I suppose I could insert a hub between the router and the "modem." By devices I mean iPhones, iPads, iLaptops, Mac and PC desktops, and my own Linux computers, a mixture of wired and wireless I have Ntop running on an F-14 computer, the i686 version is not yet available for F-15 unless it got fixed overnight. However I haven't been able to get the kind of information I need out of that either, perhaps due to my own ignorance. It's a pretty complex program and does display a lot of information though.
You could try running ntop, iftop, or something like it on the hub itself. I do not know if dd-wrt packages are available for either of those programs.
- Michel
On 24/06/11 10:06, Michael Ekstrand wrote:
You could try running ntop, iftop, or something like it on the hub itself. I do not know if dd-wrt packages are available for either of those programs.
- Michel
I can try that If I can't get ntop to work with the router I suppose. It's inconvenient to do since it means running a cable from this second floor room, down the stairs, through the kitchen and into the den where the modem is located.
Ntop is not yet available for this F-15. That may take a while too.
I've posted some questions about DD-WRT logging on their forum and will wait a while and see if I get any meaningful information from there. I haven't had much success in the past but I never give up hope.
Thanks for the suggestion.
Bob
On 24/06/11 07:57, Reindl Harald wrote:
Am 24.06.2011 13:38, schrieb Bob Goodwin:
yesterday someone left something running and by the time I realized the problem we had used more than a gigabyte which doesn't sound like much if you have unlimited usage but we only get 17 gigs per month
this is the wrong package especially for mor than one user
This is the best package available from our ISP [Wildblue]. The basic package starts at 5 gb/30 days! It is a satellite system and they limit each user's usage. We live in a rural area where the alternative is dial-up which is too slow. Actually the 17 gb is sufficient even with all the users we have as long as they don't rune streaming data, video, audio, whatever. I restrict a number of sites in the router. This has been working for us for about five years.
I shut down the other computers but never identified which one had been causing the problem.
[harry@srv-rhsoft:~]$ ifconfig eth0 eth0 Link encap:Ethernet Hardware Adresse 00:50:8D:B5:CC:DE inet Adresse:192.168.1.2 Bcast:192.168.1.255 Maske:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3478872 errors:0 dropped:0 overruns:0 frame:0 TX packets:3449708 errors:0 dropped:0 overruns:0 carrier:0 Kollisionen:0 Sendewarteschlangenlänge:1000 RX bytes:1448170730 (1.3 GiB) TX bytes:807800503 (770.3 MiB) Interrupt:23 Basisadresse:0x8000
Can someone suggest a way of measuring usage per device, identifying them by address, MAC, or uuid? I really need to know which one is the offender to control the problem
i do not understand your "definition" of device and guess you mean program since you spoke about shutdown comouters, on the other hand you are speaking about AMC and addresses
Device = computer.
Sorry if I was not clear.
Bob
On Fri, 2011-06-24 at 07:38 -0400, Bob Goodwin wrote:
I have a home LAN and limited internet access. If I exceed the usage specified in my subscription my data rates are slowed.
There are a dozen devices that can connect to the internet and five or six people using them. yesterday someone left something running and by the time I realized the problem we had used more than a gigabyte which doesn't sound like much if you have unlimited usage but we only get 17 gigs per month. I shut down the other computers but never identified which one had been causing the problem. Can someone suggest a way of measuring usage per device, identifying them by address, MAC, or uuid? I really need to know which one is the offender to control the problem.
Depending on your router, you *might* be able to query it using SNMP (Simple Network Management protocol), which is used to collect all kinds of statistics. I'm afraid I can't help you with the details, but start by checking if your router supports it.
poc
On 24/06/11 13:08, Patrick O'Callaghan wrote:
On Fri, 2011-06-24 at 07:38 -0400, Bob Goodwin wrote:
I have a home LAN and limited internet access. If I exceed the usage specified in my subscription my data rates are slowed.
There are a dozen devices that can connect to the internet and five or six people using them. yesterday someone left something running and by the time I realized the problem we had used more than a gigabyte which doesn't sound like much if you have unlimited usage but we only get 17 gigs per month. I shut down the other computers but never identified which one had been causing the problem. Can someone suggest a way of measuring usage per device, identifying them by address, MAC, or uuid? I really need to know which one is the offender to control the problem.
Depending on your router, you *might* be able to query it using SNMP (Simple Network Management protocol), which is used to collect all kinds of statistics. I'm afraid I can't help you with the details, but start by checking if your router supports it.
poc
That may be part of my problem with logging. SNMP was disabled.
SNMP SNMP Enable Disable Location Contact Name RO Community RW Community
I wonder what it wants entered in "Location?" The router address, 192.168.1.1 ? I will try leaving it "Unknown" and see if it changes the NTOP data on the F-14 computer. DD-WRT also has a log display that has not been working, perhaps because SNP was not enabled. I've enabled it now. There are a lot of items to configure and not much helpful documentation.
I may be grasping at straws here but it might help.
Thanks,
Bob .
.
On 06/24/2011 10:42 AM, Bob Goodwin wrote:
On 24/06/11 13:08, Patrick O'Callaghan wrote:
On Fri, 2011-06-24 at 07:38 -0400, Bob Goodwin wrote:
I have a home LAN and limited internet access. If I exceed the usage specified in my subscription my data rates are slowed.
There are a dozen devices that can connect to the internet and five or six people using them. yesterday someone left something running and by the time I realized the problem we had used more than a gigabyte which doesn't sound like much if you have unlimited usage but we only get 17 gigs per month. I shut down the other computers but never identified which one had been causing the problem. Can someone suggest a way of measuring usage per device, identifying them by address, MAC, or uuid? I really need to know which one is the offender to control the problem.
Depending on your router, you *might* be able to query it using SNMP (Simple Network Management protocol), which is used to collect all kinds of statistics. I'm afraid I can't help you with the details, but start by checking if your router supports it.
poc
That may be part of my problem with logging. SNMP was disabled. SNMP SNMP Enable Disable Location Contact Name RO Community RW Community I wonder what it wants entered in "Location?" The router address, 192.168.1.1 ? I will try leaving it "Unknown" and see if it changes the NTOP data on the F-14 computer.
"Location" is used to put in some user-defined text to help you identify where the device is physically, e.g. "Wiring closet 3" or some such.
DD-WRT also has a log display that has not been working, perhaps because SNP was not enabled. I've enabled it now. There are a lot of items to configure and not much helpful documentation.
Generally logging hasn't anything to do with SNMP. They're two different functions. If it's not logging, it may not be enabled in the router's configuration. It may be logging to an external system (like via syslog) so you might want to check that. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, C2 Hosting ricks@nerd.com - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - "Men occasionally stumble over the truth, but most of them pick" - - themselves up and hurry off as if nothing had happened." - - -- Winston Churchill - ----------------------------------------------------------------------
hello bob,
On 06/24/2011 12:39 PM, Bob Goodwin wrote:
<>
But yes, I understand the router is the point at which everything converges. I suppose I could insert a hub between the router and the "modem."
you need to go back for another coffee. ;)
because you want to "meter" users/devices, you need to 'meter' within router.
anything between router and sat modem will be nat'ed. so, 'nat' will need to be logged with a time stamp or metrics.
therefore, you might want to pop a post to dd-wrt for info to log and dump data to a server. [unless someone on this list is dd-wrt proficient.]
On 24/06/11 15:40, g wrote:
hello bob,
On 06/24/2011 12:39 PM, Bob Goodwin wrote:
<>
But yes, I understand the router is the point at which everything converges. I suppose I could insert a hub between the router and the "modem."
you need to go back for another coffee. ;)
because you want to "meter" users/devices, you need to 'meter' within router.
anything between router and sat modem will be nat'ed. so, 'nat' will need to be logged with a time stamp or metrics.
There is a dd-wrt log function that I think I have configured. It simply displays zilch. I remember that once with a different router also running dd-wrt it displayed data sporadically. I am coming to suspect it may be a compatibility problem with the Linksys E3000 which they should know about by now, however I've received no response to my query ...
therefore, you might want to pop a post to dd-wrt for info to log and dump data to a server. [unless someone on this list is dd-wrt proficient.]
Done that, hoping for a response. Past experience indicates chances of finding a solution are better here.
Presently I am reducing privileges via the router configuration. I don't think the kids iPhones need interconnection to our LAN. No doubt there will be complaints!
On 24/06/11 13:58, Rick Stevens wrote:
On 06/24/2011 10:42 AM, Bob Goodwin wrote:
On 24/06/11 13:08, Patrick O'Callaghan wrote:
On Fri, 2011-06-24 at 07:38 -0400, Bob Goodwin wrote:
I have a home LAN and limited internet access. If I exceed the usage specified in my subscription my data rates are slowed.
Depending on your router, you *might* be able to query it using SNMP (Simple Network Management protocol), which is used to collect all kinds of statistics. I'm afraid I can't help you with the details, but start by checking if your router supports it.
poc
That may be part of my problem with logging. SNMP was disabled. SNMP SNMP Enable Disable Location Contact Name RO Community RW Community I wonder what it wants entered in "Location?" The router address, 192.168.1.1 ? I will try leaving it "Unknown" and see if it changes the NTOP data on the F-14 computer.
"Location" is used to put in some user-defined text to help you identify where the device is physically, e.g. "Wiring closet 3" or some such.
Good, I needed to know that. There are a few help files but none that area.
DD-WRT also has a log display that has not been working, perhaps because SNMP was not enabled. I've enabled it now. There are a lot of items to configure and not much helpful documentation.
Generally logging hasn't anything to do with SNMP. They're two different functions. If it's not logging, it may not be enabled in the router's configuration. It may be logging to an external system (like via syslog) so you might want to check that.
I enabled SNMP and it made no observable difference as you say. I'm beginning to think it's a problem with the router. It takes a while for my ancient mental processes to catch up but I recall it logging something with a Netgear router although not to my satisfaction, never anything out of the log with this Linksys E3000. Hopefully something will cone from my query of the DD-WRT forum. If not I may consider putting back the original software it came with, I never tried that ... And I still have the Netgear router with dd-wrt installed.
Thanks,
Bob