[wellylug] Traffic monitoring on home network

Sat Aug 8 18:37:25 NZST 2009

Hi

I have a WRT54G running dd-wrt (one of the builds with netflow support), 
sending netflow packets to a linux box that runs nfcapd.  That seems to 
do the trick.  nfcapd has some nice command line tools for querying the 
database that let you e.g. see how much traffic a host has done over a 
given period and which IPs it has connected to, which is useful if 
someone wants to know how they could have possibly used 10GB in one day.

I've also got about half of a prepay internet billing system written 
that lets you load credits on to accounts and automatically disconnects 
people (via firewall rules) when they've used their up their bandwidth 
allowance.  But that will need a PC or sheevaplug, unless someone else 
wants to port it to openwrt :-)

donald

Andrew Tarr wrote:
> Hi there, 
>
> I live in a big ol' house with lots (well, 6) people, some of whom I scarcely know.  We've just got a 20 GB broadband plan, and I'm wondering about how this is going to work out - what's to stop someone from downloading several movies in the first week, then everyone getting bitchy when everything reduces to something like dialup speeds, which is almost unusable if everyone's trying to use it? 
>
> So I'd like to at least monitor the traffic. It would be wonderful if I could also throttle traffic for people going over their share.  I've had a bit of a look at the router's control webpage thing, and it doesn't look like it's capable of much of this sort of thing.  It's a recent DLink wireless router of some kind (I think I bought it last year) I can't tell you exactly at the moment as I'm not at home.  There is a separate ADSL modem.  
>
> I suppose throttling access will require setting up some sort of router, so firstly I'm interested in hearing about suitable hardware.  This needn't be linux-based, if there's an off-the-shelf appliance of some kind I can buy, that would be great - I suppose this makes my post slightly off-topic, but I'm hoping I'll be forgiven.  I don't really want to spend very much on it, though, $300 would be an upper limit.  I was thinking perhaps something like this would come in handy: 
>
> http://docwiki.gumstix.org/Netstix
>
> unfortunately they don't seem to be produced any longer. And even if they were still around, they only have one ethernet port. 
>
> Secondly, I'm also wondering whether I can monitor traffic from my own linux PC.  I'm imagining this won't necessarily be possible - won't the router act as a switch, and only be sending my computer packets its interested in? And if it is possible, then what will be the impact on network performance?  And what software do I use? I don't need anything too fancy, just an ongoing sum of useage per MAC address or something like that. 
>  
> I've also had a fairly unfruitful search on the intertron, and on the wellylug mailing lists.  There's lots of stuff around, of course, but nothing that really seems to address my requirements, so I'm hoping that you guys can point me in the right direction. 
>
> -Andrew. 
>   