I’m looking for a way to record all bandwidth on a local network. Just to quickly explain the setup I have:
I have a normal D-Link router (IP 10.0.1.1) which makes the DSL connection to the ISP and is also my DHCP server. From the router I have a few computers connected to it.
I have also setup a SuSE box with two NIC’s - local NIC with IP 10.0.0.1 and gateway NIC with IP 10.0.1.2. I need all traffic to route through the SuSE box so I can monitor / log / record or graph so I can determine the amount of bandwidth each computer is using and which websites have been visited. The SuSE box will also send out all DCHP requests.
I’m looking for a way to record all bandwidth on a local network. Just
to quickly explain the setup I have:
I have a normal D-Link router (IP 10.0.1.1) which makes the DSL
connection to the ISP and is also my DHCP server. From the router I have
a few computers connected to it.
I have also setup a SuSE box with two NIC’s - local NIC with IP 10.0.0.1
and gateway NIC with IP 10.0.1.2. I need all traffic to route through
the SuSE box so I can monitor / log / record or graph so I can determine
the amount of bandwidth each computer is using and which websites have
been visited. The SuSE box will also send out all DCHP requests.
I had a look at CACTI but it wasn’t exactly what I was looking for. Also
came across Firewall Analyzer (‘ManageEngine: Enterprise IT Management |
Network Management Software’ (http://www.manageengine.com)) but it seems
to be a trial version.
Any suggestions would be highly appreciated!
Hi
Does the router have snmp capabilities? That would negate the need for
an additional box?
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 12.3 (x86_64) GNOME 3.8.4 Kernel 3.7.10-1.16-desktop
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…
No, unfortunately not. The router is a very basic DSL router. Doesn’t even have wireless.
Apart from the local NIC (10.0.0.1) I need to add a wireless card to the box as well.
No, unfortunately not. The router is a very basic DSL router. Doesn’t
even have wireless.
Apart from the local NIC (10.0.0.1) I need to add a wireless card to the
box as well.
Well if your going to add wireless maybe getting a new router with
wireless may be an option? You should be able to set your existing
router into bridge mode and use the new router to login to your DSL etc.
The other option is to use the system your building to do the same
thing. Bridge your existing router and use the primary interface on the
computer to do the login via pppoe (say eth0). In some cases this may be
better as you can then monitor the outbound port (eth0) for traffic.
So you would need to run something like squid as a proxy (and setup all
the computers to use the proxy) this will give you the ability to
control/monitor the web traffic (as in websites etc).
How accurate to you want the traffic from each workstations to be? For
me I’m a fan of snmp as it offers lots of information from a
workstation, software installed, hardware information, ethernet stats
etc… this needs setting up on each workstation…
Have a headache yet???
You going to have to get a wireless bridge/router that can be setup as a
hotspot and and addition network card to connect it… or a wireless
card that can be configured as such…
Is it important to see what each workstation is doing traffic wise?
Maybe the first step is setting up a squid proxy first, then
consider a wireless router?
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 12.3 (x86_64) GNOME 3.8.4 Kernel 3.7.10-1.16-desktop
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…
So you would need to run something like squid as a proxy (and setup all
the computers to use the proxy) this will give you the ability to
control/monitor the web traffic (as in websites etc).
Do all the users have to be set up to run through the proxy? I’d rather have each users traffic routed automatically through the proxy to save bandwidth…if it’s possible?
How accurate to you want the traffic from each workstations to be? For
me I’m a fan of snmp as it offers lots of information from a
workstation, software installed, hardware information, ethernet stats
etc… this needs setting up on each workstation…
I want the traffic to be as exact as possible. I will look into squid and snmp.
I used to run IPcop as my firewall, so I think the next step would also be to access the box via http.
Have a headache yet???
No, no headache yet.
You going to have to get a wireless bridge/router that can be setup as a
hotspot and and addition network card to connect it… or a wireless
card that can be configured as such…
I thought about installing a wireless card and set it up in ad-hoc mode (as an access point).
I’d rather have it as follow:
Current DSL –> Bridged
eth0 –> pppoe connection, squid, monitor
eth1 –> dhcp1, LAN users
eth2 –> dhcp2, wireless, wireless users
Would it be possible?
> DSL(bridged)<—>eth0(pppoe/squid/dhcp/monitor)<–>eth1<–>router/wireless<–>clients
I’d rather have it as follow:
Current DSL –> Bridged
eth0 –> pppoe connection, squid, monitor
eth1 –> dhcp1, LAN users
eth2 –> dhcp2, wireless, wireless users
Would it be possible?
Hi
I would perhaps look at a dedicated wireless bridge that can run in
ad-hoc mode, it may be easier than a card in the system? I have a
WET54G that can do this…
If you want a card, I suggest a google on ad-hoc ones, or a post in the
wireless subforum.
Do you have control of all the clients? I ask this because even running
something like Nagios and NRPE requires software on the client. Even
snmp requires client configuration.
I’m guessing squid should be able to do something based on mac address
for traffic flow and bandwith usage…needs investigation.
But it’s all do able for sure, just need to start setting it up and
working through the issues.
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 12.3 (x86_64) GNOME 3.8.4 Kernel 3.7.10-1.16-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
SNMP and various network monitoring isn’t likely necessary if you are able to setup a critical node (all traffic flows through the device). Those other solutions which require installation on individual network Hosts are required only if you can’t setup a critical node or if you want to monitor/capture something else besides raw network traffic.
So, for starters and the simple nuts and bolts…
Just log all the traffic in and out of your box.
Once you have these enormously large logfiles(and make sure they aren’t rotated out of existence) you’ll need to decide how you want to parse and display the desired information, and that is both a subject of bleeding edge technologies and your preferences. Probably the most common app used for displaying router traffic is MRTG(Multi-Routing Traffic Grapher).
If you’re not concerned about historical information, my favorite tool for real-time display of traffic (Destination, Host, bandwidth consumption, more) is etherApe.
Thanks for all the response! I really appreciate it. I’m working through all the suggestions and will post some questions soon.
I met with a guy at a convention earlier this week and he explained his setup to me. He said he is using a specific all-in-one application (which I cannot remember :() to manage his internal network. He said he will e-mail all the info but I haven’t heard from him since and don’t have his contact details.
His setup is as follow:
7x local computers connected to a Linux-box (with no configuration on the local computers). The Linux-box has an application which:
Captures all network activity, web sites being visited, amount of times each site has been visited by which computer, amount of time spent on site, etc.
Restrict the traffic flow speed as well the amount of data being downloaded per IP address, mac-address or hostname.
He can also turn off computers via the network, switch them back on again, schedule specific updates, etc.
If any of you know what he was talking about, please let me know. If I hear anything from him, I will post his comments to help future queries.