Hi, I recently got a wireless broadband service installed and my data allowance is small (and expensive too!). I noticed that something on my network is using about 3Mb/hour and I need to find that and switch it off. I have a Debian box and a Windows XP box on the network connected like this: SIU---router~~wireless link~~access point---switch--PCs where SIU is the wireless service interface unit, equivalent to a DSL modem. I am assuming that the traffic I need to monitor is coming from one of my PCs and not the router so I want to install a traffic monitoring program on the Debian box. There seem to be lots of them available so can anyone suggest one that would be suitable for this application? Ideally it would have minimal configuration requirements. TIA Glenn BTW The router is a Linksys WRT54Gv5 and I tried the Linux based DD-WRT firmware which has many more features than the native firmware but the router's wireless interface wouldn't work properly with it. -- Glenn Ramsey <glenn(a)componic.co.nz> 07 8627077 http://www.componic.co.nz
I have a Debian box and a Windows XP box on the network connected like this:
SIU---router~~wireless link~~access point---switch--PCs
where SIU is the wireless service interface unit, equivalent to a DSL modem.
I am assuming that the traffic I need to monitor is coming from one of my PCs and not the router so I want to install a traffic monitoring program on the Debian box.
There seem to be lots of them available so can anyone suggest one that would be suitable for this application? Ideally it would have minimal configuration requirements.
Because you have a switched network, your debian box will not be able to see traffic corresponding to the other machines on your local network. You can run the software on the debian box, but you'll need to get it to collect information from the router directly, normally via SNMP. I haven't tried to do this with a linksys WRT, so I'm not sure what information, if any, is presented via SNMP. You may find you have to install openwrt instead and use SNMP on that, or something that creates netflow records. If SNMP is good enough, you can use cacti to graph traffic and so on. it's a web-based application that polls SNMP (and other) hosts for traffic and so on. In fact, you could install the SNMP services on your windows and linux machines, and use cacti to poll all of them directly for their traffic statistics.
Daniel Lawson wrote:
There seem to be lots of them available so can anyone suggest one that would be suitable for this application? Ideally it would have minimal configuration requirements.
Because you have a switched network, your debian box will not be able to see traffic corresponding to the other machines on your local network.
Hadn't thought of that, means I probably need to rearrange things and temporarily use my Debian box in place of the router. Having said that, I found that ntop was available by apt-get, which has almost no configuration needed except to set the net device and admin password. It seems to do what I wanted and is reporting traffic that Windows is generating, however considering the above it shouldn't be seeing that traffic. Maybe my switch is really a hub in switches clothing (cheap Belkin 5 port)? Thanks for the advice. Glenn -- Glenn Ramsey <glenn(a)componic.co.nz> 07 8627077 http://www.componic.co.nz
It seems to do what I wanted and is reporting traffic that Windows is generating, however considering the above it shouldn't be seeing that traffic. Maybe my switch is really a hub in switches clothing (cheap Belkin 5 port)?
I always forget about ntop. You will see some traffic that the windows box is generating - any broadcast traffic, and any traffic that is coming from the windows box to the debian box - but you shouldn't be able to see any traffic that is direct from the windows box to the internet. Any switch you buy nowadays is actually a switch. Hubs haven't been made for many years.
Daniel Lawson wrote:
I always forget about ntop.
You will see some traffic that the windows box is generating - any broadcast traffic, and any traffic that is coming from the windows box to the debian box - but you shouldn't be able to see any traffic that is direct from the windows box to the internet.
Any switch you buy nowadays is actually a switch. Hubs haven't been made for many years.
Yes, that's what it was. Also I think the offending traffic generator is the router. I had UPnP enabled (so I could use MSN voice with my work collegues) and it broadcasts on port 1900, which I can also see on the internal network. I wish I could use one of the third party more featureful Linux based firmwares on it but it only has 2M of flash and, as far as I can tell, only the DD-WRT micro release will install on it and that doesn't work properly with it. Glenn -- Glenn Ramsey <glenn(a)componic.co.nz> 07 8627077 http://www.componic.co.nz
On 2/23/07, Glenn Ramsey <glenn(a)componic.co.nz> wrote:
Hi, ...
BTW The router is a Linksys WRT54Gv5 and I tried the Linux based DD-WRT firmware which has many more features than the native firmware but the router's wireless interface wouldn't work properly with it.
Have you tried out the OpenWRT project? openwrt.org. works great on those little blue boxes... SD.
Sukrit D wrote:
On 2/23/07, *Glenn Ramsey* <glenn(a)componic.co.nz <mailto:glenn(a)componic.co.nz>> wrote:
Hi, ...
BTW The router is a Linksys WRT54Gv5 and I tried the Linux based DD-WRT firmware which has many more features than the native firmware but the router's wireless interface wouldn't work properly with it.
Have you tried out the OpenWRT project? openwrt.org <http://openwrt.org>. works great on those little blue boxes...
SD.
Just looking at it now, it seems my version is supported by OpenWRT. I might give that a try. Thanks Glenn -- Glenn Ramsey <glenn(a)componic.co.nz> 07 8627077 http://www.componic.co.nz
have about 200 of those magical boxes running quite happily with openwrt. trust it with my life. SD. On 2/23/07, Glenn Ramsey <glenn(a)componic.co.nz> wrote:
On 2/23/07, *Glenn Ramsey* <glenn(a)componic.co.nz <mailto:glenn(a)componic.co.nz>> wrote:
Hi, ...
BTW The router is a Linksys WRT54Gv5 and I tried the Linux based DD-WRT firmware which has many more features than the native firmware but
Sukrit D wrote: the
router's wireless interface wouldn't work properly with it.
Have you tried out the OpenWRT project? openwrt.org <http://openwrt.org>. works great on those little blue boxes...
SD.
Just looking at it now, it seems my version is supported by OpenWRT. I might give that a try.
Thanks Glenn
-- Glenn Ramsey <glenn(a)componic.co.nz> 07 8627077 http://www.componic.co.nz
_______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
participants (3)
-
Daniel Lawson -
Glenn Ramsey -
Sukrit D