Go Back   Wireless and Wifi Forums > News > Newsgroups > alt.internet.wireless
Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

 
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 05-22-2008, 05:32 AM
BigAl.NZ@gmail.com
Guest
 
Posts: n/a
Default DD-WRT & rflow collector

Hi All,

My friend has a bunch of students living with them and the students
are using all her bandwidth in a week, they are then throttled by the
ISP back to dialup - ouch.

Anyway she has a router with DD-WRT on it, and I was looking at
putting some traffic monitoring software in place to see who the
offender is.

I have googled it and seen some info on rflow collector, but am still
trying to get my head around how it all fits together.

If I understand what I have read so far correctly then:

1. Mysql stores the data in a table
2. rflow collector writes the data to the database

But does rflow collector also display the data or is another program
required?

This is on a Windows XP Machine.

I have tried Open Xtra MRTG and NTOP on my PC, but it only seems to
monitor whats happening on my NIC not the router?

Please any help or suggestions appreciated.

Ta

-Al



Reply With Quote
  #2 (permalink)  
Old 05-22-2008, 06:01 AM
LR
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

BigAl.NZ@gmail.com wrote:
> Hi All,
>
> My friend has a bunch of students living with them and the students
> are using all her bandwidth in a week, they are then throttled by the
> ISP back to dialup - ouch.
>
> Anyway she has a router with DD-WRT on it, and I was looking at
> putting some traffic monitoring software in place to see who the
> offender is.
>
> I have googled it and seen some info on rflow collector, but am still
> trying to get my head around how it all fits together.
>
> If I understand what I have read so far correctly then:
>
> 1. Mysql stores the data in a table
> 2. rflow collector writes the data to the database
>
> But does rflow collector also display the data or is another program
> required?
>
> This is on a Windows XP Machine.
>
> I have tried Open Xtra MRTG and NTOP on my PC, but it only seems to
> monitor whats happening on my NIC not the router?
>
> Please any help or suggestions appreciated.
>
> Ta
>
> -Al
>
>

Did you check the DD-WRT Tutorial?
<http://www.dd-wrt.com/wiki/index.php/Using_RFlow_Collector_and_MySQL_To_Gather_Traffic_ Information>

Reply With Quote
  #3 (permalink)  
Old 05-22-2008, 06:44 AM
BigAl.NZ@gmail.com
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

On May 22, 6:01 pm, LR <l...@privacy.net> wrote:
> BigAl...@gmail.com wrote:
> > Hi All,

>
> > My friend has a bunch of students living with them and the students
> > are using all her bandwidth in a week, they are then throttled by the
> > ISP back to dialup - ouch.

>
> > Anyway she has a router with DD-WRT on it, and I was looking at
> > putting some traffic monitoring software in place to see who the
> > offender is.

>
> > I have googled it and seen some info on rflow collector, but am still
> > trying to get my head around how it all fits together.

>
> > If I understand what I have read so far correctly then:

>
> > 1. Mysql stores the data in a table
> > 2. rflow collector writes the data to the database

>
> > But does rflow collector also display the data or is another program
> > required?

>
> > This is on a Windows XP Machine.

>
> > I have tried Open Xtra MRTG and NTOP on my PC, but it only seems to
> > monitor whats happening on my NIC not the router?

>
> > Please any help or suggestions appreciated.

>
> > Ta

>
> > -Al

>
> Did you check the DD-WRT Tutorial?
> <http://www.dd-wrt.com/wiki/index.php/Using_RFlow_Collector_and_MySQL_...>


Yes, and it says you can use a query browser to view the
network....sounds like I almost need to be a DB programmer to do
this....I just want to view traffic amounts back to clients!!!!!

Isnt there a easier way?

Reply With Quote
  #4 (permalink)  
Old 05-22-2008, 02:23 PM
Bill Kearney
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

>> Did you check the DD-WRT Tutorial?
>> <http://www.dd-wrt.com/wiki/index.php/Using_RFlow_Collector_and_MySQL_...>

>
> Yes, and it says you can use a query browser to view the
> network....sounds like I almost need to be a DB programmer to do
> this....I just want to view traffic amounts back to clients!!!!!
>
> Isnt there a easier way?


Good, fast, cheap... pick two. That's the rule. What you're after is
doable and the software for it is all free. The expense is your time to set
it all up. C'est la vie.


Reply With Quote
  #5 (permalink)  
Old 05-22-2008, 05:05 PM
Jeff Liebermann
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

On Wed, 21 May 2008 23:44:34 -0700 (PDT), BigAl.NZ@gmail.com wrote:

>> Did you check the DD-WRT Tutorial?
>> <http://www.dd-wrt.com/wiki/index.php/Using_RFlow_Collector_and_MySQL_...>

>
>Yes, and it says you can use a query browser to view the
>network....sounds like I almost need to be a DB programmer to do
>this....I just want to view traffic amounts back to clients!!!!!
>
>Isnt there a easier way?


Easier? Sure, just pound the students into submission. Violence
always works. It might also be easier to use QoS and apply quotas.
Another easier way is to apply time slicing. Give each student 1 hour
of internet time in rotation and bill them by the connect time. The
easiest way (for me, in my limited experience) is to publicly post
their individual traffic statistics. That will generate all manner of
embarassing questions and tends to discourage overuse and abuse.

Now, if you wanted a "better" way, instead of an "easier" way, there's
always SNMP, which is part of the DD-WRT distribution. Like RFLOW,
the problem is that you'll need a dedicated PC, running continuously,
to do the logging. There's not enough horsepower or flash space in
the WRT54G to store all the collected data.

For SNMP monitoring, I suggest RRDTool running on your favorite Linux
distribution:
<http://oss.oetiker.ch/rrdtool/>
with a Cacti front end:
<http://www.cacti.net/>
If that's too much, you can get a start with PRTG:
<http://www.paessler.com/prtg>
which does both SNMP and Netflow. You can sorta monitor by MAC
address, so that you don't have to deal with seperating out the
traffic by user. However, the free version of PRTG only does 3 OID's,
so you'll need to spend the $100 for the commercial version. Send the
bill to the students, which may in itself solve the problem. If not,
there are plenty of other tools.

RFlow uses a version of Cisco IOS Netflow. There are apparently
plenty of monitoring and logging tools available. For example:
<http://nst.sourceforge.net/nst/docs/user/ch09s02.html> (nice image)

You might also take a look at Wallwatcher:
<http://sonic.net/wallwatcher/>
It can't seperate out the traffic by client IP, so it won't do what
you want, but it's a useful tool for collecting overall traffic data
and sniffing, without the complexities of SNMP and Netflow.

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Reply With Quote
  #6 (permalink)  
Old 05-22-2008, 06:28 PM
seaweedsl
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

On May 22, 12:32 am, BigAl...@gmail.com wrote:
> Hi All,
>
> My friend has a bunch of students living with them and the students
> are using all her bandwidth in a week, they are then throttled by the
> ISP back to dialup - ouch.
>
> Anyway she has a router with DD-WRT on it, and I was looking at
> putting some traffic monitoring software in place to see who the
> offender is.
>
> I have googled it and seen some info on rflow collector, but am still
> trying to get my head around how it all fits together.
>
> If I understand what I have read so far correctly then:
>
> 1. Mysql stores the data in a table
> 2. rflow collector writes the data to the database
>
> But does rflow collector also display the data or is another program
> required?
>
> This is on a Windows XP Machine.
>
> I have tried Open Xtra MRTG and NTOP on my PC, but it only seems to
> monitor whats happening on my NIC not the router?
>
> Please any help or suggestions appreciated.
>
> Ta
>
> -Al


I use Rflow, and though it's minimal, it does help me get an idea of
what's going on and I haven't found anything else so direct and simple
excepting NTOP which is even less supported and trickier. There is
almost no documentation on Rflow and very little adjustment,but it
works. I certainly wish somebody would give it some attention, I'd
pay for it.

But it works and YOU DON'T NEED MySQL to use it. It will show each
user currently connected to the router and how much they are
downloading and uploading. If you keep it running all the time, you
can see running totals for all users. It's a bit hard to sort out
the obscure labeling, but you can figure out which data columm serves
you.

So, if you don't want to get into the SNMP programs, which I
personally couldn't sort out in a week of study, then try Rflow. It's
very easy to install and you can make up a text list of MAC addys
linked to user names that it will load when it starts.

The tricky part is that you need to have it running on some pc all the
time. Also, the numbers are tied to each MAC-IP assignment, so if
somebody goes offline and then comes on with a new IP, then you lose
their old data. Best to assign IPs for longer term tracking.
Certainly using it with MySQL is the way to go, but again, I don't
want to spend a week learning it either.

Two other comments:

1) I also put DU meter on the individual problem machines so that the
users know what they are doing too. It's specific to the local machine
and helps them self-police. DU meter costs money but there are free
local bandwidth meters too.

2) V24 of DD-WRT has bandwidth monitoring of it's own. I kinda doubt
it will serve you much, but you may want to upgrade dd-wrt (carefully-
get the right file ) if you don't have v24 and check that out too.

So, try out Rflow. If you run into trouble, ask here. The DD-WRT
forum won't help much on this for some reason, but do a search for it
there, many questions (with a few answers) about it are mine !

Steve

Reply With Quote
  #7 (permalink)  
Old 05-23-2008, 11:38 AM
BigAl.NZ@gmail.com
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

Cheers Jeff,

yes the PRTG was easy.

There is also MRTG which is completely free - tried that one?

I have four clients that i need to monitor, so damn, one more than
PRTG wil give me.

-Al


Reply With Quote
  #8 (permalink)  
Old 05-23-2008, 11:41 AM
BigAl.NZ@gmail.com
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

I would love to try it but as you say there is very little
documentation.

Could you post some instructions here? I have a spare PC it could run
on....

Cheers

-Al


seaweedsl wrote:
> On May 22, 12:32 am, BigAl...@gmail.com wrote:
> > Hi All,
> >
> > My friend has a bunch of students living with them and the students
> > are using all her bandwidth in a week, they are then throttled by the
> > ISP back to dialup - ouch.
> >
> > Anyway she has a router with DD-WRT on it, and I was looking at
> > putting some traffic monitoring software in place to see who the
> > offender is.
> >
> > I have googled it and seen some info on rflow collector, but am still
> > trying to get my head around how it all fits together.
> >
> > If I understand what I have read so far correctly then:
> >
> > 1. Mysql stores the data in a table
> > 2. rflow collector writes the data to the database
> >
> > But does rflow collector also display the data or is another program
> > required?
> >
> > This is on a Windows XP Machine.
> >
> > I have tried Open Xtra MRTG and NTOP on my PC, but it only seems to
> > monitor whats happening on my NIC not the router?
> >
> > Please any help or suggestions appreciated.
> >
> > Ta
> >
> > -Al

>
> I use Rflow, and though it's minimal, it does help me get an idea of
> what's going on and I haven't found anything else so direct and simple
> excepting NTOP which is even less supported and trickier. There is
> almost no documentation on Rflow and very little adjustment,but it
> works. I certainly wish somebody would give it some attention, I'd
> pay for it.
>
> But it works and YOU DON'T NEED MySQL to use it. It will show each
> user currently connected to the router and how much they are
> downloading and uploading. If you keep it running all the time, you
> can see running totals for all users. It's a bit hard to sort out
> the obscure labeling, but you can figure out which data columm serves
> you.
>
> So, if you don't want to get into the SNMP programs, which I
> personally couldn't sort out in a week of study, then try Rflow. It's
> very easy to install and you can make up a text list of MAC addys
> linked to user names that it will load when it starts.
>
> The tricky part is that you need to have it running on some pc all the
> time. Also, the numbers are tied to each MAC-IP assignment, so if
> somebody goes offline and then comes on with a new IP, then you lose
> their old data. Best to assign IPs for longer term tracking.
> Certainly using it with MySQL is the way to go, but again, I don't
> want to spend a week learning it either.
>
> Two other comments:
>
> 1) I also put DU meter on the individual problem machines so that the
> users know what they are doing too. It's specific to the local machine
> and helps them self-police. DU meter costs money but there are free
> local bandwidth meters too.
>
> 2) V24 of DD-WRT has bandwidth monitoring of it's own. I kinda doubt
> it will serve you much, but you may want to upgrade dd-wrt (carefully-
> get the right file ) if you don't have v24 and check that out too.
>
> So, try out Rflow. If you run into trouble, ask here. The DD-WRT
> forum won't help much on this for some reason, but do a search for it
> there, many questions (with a few answers) about it are mine !
>
> Steve


Reply With Quote
  #9 (permalink)  
Old 05-23-2008, 03:09 PM
Jeff Liebermann
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

On Fri, 23 May 2008 04:38:48 -0700 (PDT), BigAl.NZ@gmail.com wrote:

>yes the PRTG was easy.
>There is also MRTG which is completely free - tried that one?


Yes. I wrote the unofficial instructions for using it under Windoze
95, 98, and ME:
<http://www.LearnByDestroying.com/mrtg/docs/w95mrtg.htm>
Tobias hates Win95, 98, and ME, so I got stuck with the task.

MRTG is easy to setup simple things, but it has some limitations.
1. It uses Perl scripts, which tend to be slow on slow machines.
2. It only graphs 2 OID's per graph, which is rather limiting when
you're trying to graph traffic for more than two users, or two
services.
3. Monitoring large number of devices rapidly becomes an
administrative nightmare.
4. One mistake in mrtg.cfg and things really screwup. Diagnostic
output is rather marginal.

>I have four clients that i need to monitor, so damn, one more than
>PRTG wil give me.


More than 4. You'll also need total traffic in and out to make sure
you haven't missed anyone, such as visiting laptops.

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Reply With Quote
  #10 (permalink)  
Old 05-23-2008, 08:48 PM
BigAl.NZ@gmail.com
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

On May 24, 3:09*am, Jeff Liebermann <je...@cruzio.com> wrote:
> On Fri, 23 May 2008 04:38:48 -0700 (PDT), BigAl...@gmail.com wrote:
> >yes the PRTG was easy.
> >There is also MRTG which is completely free - tried that one?

>
> Yes. *I wrote the unofficial instructions for using it under Windoze
> 95, 98, and ME:
> <http://www.LearnByDestroying.com/mrtg/docs/w95mrtg.htm>
> Tobias hates Win95, 98, and ME, so I got stuck with the task.
>
> MRTG is easy to setup simple things, but it has some limitations. *
> 1. *It uses Perl scripts, which tend to be slow on slow machines.
> 2. *It only graphs 2 OID's per graph, which is rather limiting when
> you're trying to graph traffic for more than two users, or two
> services.
> 3. *Monitoring large number of devices rapidly becomes an
> administrative nightmare.
> 4. *One mistake in mrtg.cfg and things really screwup. *Diagnostic
> output is rather marginal.
>
> >I have four clients that i need to monitor, so damn, one more than
> >PRTG wil give me.

>
> More than 4. *You'll also need total traffic in and out to make sure
> you haven't missed anyone, such as visiting laptops.
>
> --
> Jeff Liebermann * * je...@cruzio.com
> 150 Felker St #D * *http://www.LearnByDestroying.com
> Santa Cruz CA 95060http://802.11junk.com
> Skype: JeffLiebermann * * AE6KS * *831-336-2558


Whats a OID?

Reply With Quote
  #11 (permalink)  
Old 05-23-2008, 10:45 PM
Jeff Liebermann
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

On Fri, 23 May 2008 13:48:58 -0700 (PDT), BigAl.NZ@gmail.com wrote:

>Whats a OID?


Object Identifier. In SNMP, it looks like 1.3.6.1.2.etc:
<http://www.alvestrand.no/objectid/1.3.6.1.2.1.html>
<http://www.alvestrand.no/objectid/>
It identifies the various counters, and their possible values, that
SNMP transmits.

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 jeffl@comix.santa-cruz.ca.us
# http://802.11junk.com jeffl@cruzio.com
# http://www.LearnByDestroying.com AE6KS

Reply With Quote
  #12 (permalink)  
Old 05-23-2008, 10:48 PM
Jeff Liebermann
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

On Fri, 23 May 2008 13:48:58 -0700 (PDT), BigAl.NZ@gmail.com wrote:

>Whats a OID?


Also, see:
<http://www.ireasoning.com/mibbrowser.shtml>
for a free, but rather limited, MIB browser.

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 jeffl@comix.santa-cruz.ca.us
# http://802.11junk.com jeffl@cruzio.com
# http://www.LearnByDestroying.com AE6KS

Reply With Quote
  #13 (permalink)  
Old 05-25-2008, 10:54 AM
BigAl.NZ@gmail.com
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

On May 24, 10:48*am, Jeff Liebermann <je...@cruzio.com> wrote:
> On Fri, 23 May 2008 13:48:58 -0700 (PDT), BigAl...@gmail.com wrote:
> >Whats a OID?

>
> Also, see:
> <http://www.ireasoning.com/mibbrowser.shtml>
> for a free, but rather limited, MIB browser.
>
> --
> # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
> # 831-336-2558 * * * * * *je...@comix.santa-cruz.ca.us
> #http://802.11junk.com* * * * * * * je...@cruzio.com
> #http://www.LearnByDestroying.com* * * * * * * AE6KS


Ok, I have been playing around with PRTG, and let me check I got this
right:

It seems that by default PRTG lets you monitor all the wired ports,
and all the wireless ports, but it doesnt actually break that traffic
down into whats come from various client IP's?

To do that it appears you need to setup a netflow sensor with a packet
filter rule?

And I cant workout why when I setup a netflow sensor with a packet
filter rule it says at the top of the graph "netflow data delayed by 5
min"?

-Al

Reply With Quote
  #14 (permalink)  
Old 05-25-2008, 05:27 PM
Jeff Liebermann
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

On Sun, 25 May 2008 03:54:08 -0700 (PDT), BigAl.NZ@gmail.com wrote:

>Ok, I have been playing around with PRTG, and let me check I got this
>right:
>
>It seems that by default PRTG lets you monitor all the wired ports,
>and all the wireless ports, but it doesnt actually break that traffic
>down into whats come from various client IP's?


Yep. By default, total traffic only.

>To do that it appears you need to setup a netflow sensor with a packet
>filter rule?


Nope. You only need to find the proper OID (object identifier). You
can do it two ways. By IP address or by MAC address. Get yourself a
MIB browser and dump the entire MIB tree from your router. I like to
use an old one called GetIF:
<http://www.wtcs.org/snmp4tpc/getif.htm >
Some usage detail:
<http://groups.google.com/group/alt.internet.wireless/msg/3940c22469037822>

The free one from IReasoning is better, but you can't load enough MIB
files to make it really useful.
<http://www.ireasoning.com/mibbrowser.shtml>

More MIB browsers:
<http://www.snmplink.org/snmpsoftware/forenduser/#6>
<http://www.snmplink.org/snmpsoftware/forenduser/>

If all else fails, use the DOS version SNMPUTIL.EXE from:
<http://www.wtcs.org/snmp4tpc/testing.htm>
Run:
SNMPUTIL walk 192.168.1.1 public .1.3.6.1
which should dump everything but with only numeric OID's, not text
versions. Sift through the mess until you find the OID's for your
favorite IP or MAC address. Well, you can make it easier with:
SNMPUTIL walk 192.168.1.1 public .1.3.6.1 | find "192.168.1.11"
where 192.168.1.11 is replaced by the IP or MAC address of a computah.
The extra numbers at the end of the OID are pointers to a table, where
the data is located. When you find an OID worth monitoring, type it
into the PRTG config file. Repeat for all computers on the LAN. Also
graph the total traffic so that you can tell if anyone has snuck in a
new device. The SNMP table will update dynamically, but not the
PRTG/MRTG config files.

| C:\> snmputil walk 192.168.1.1 public .1.3.6.1 | find /I "netaddress"
|
| Variable = at.atTable.atEntry.atNetAddress.268906152.1.63.249 .85.1
| Variable = at.atTable.atEntry.atNetAddress.2147443560.1.192.1 68.1.11
| Variable = ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMedi aNetAddress.268752072.63.249.85.1
| Variable = ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMedi aNetAddress.2147443560.192.168.1.11

192.168.1.11 is the IP of my desktop. 63.249.85.1 is the ISP gateway
IP. The rubbish preceding the IP's are the pointers.

I'll bet you thought that SNMP was simple?

>And I cant workout why when I setup a netflow sensor with a packet
>filter rule it says at the top of the graph "netflow data delayed by 5
>min"?


Dunno. I'm too lazy to try it today. Not enough sleep.

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Reply With Quote
  #15 (permalink)  
Old 05-25-2008, 05:48 PM
seaweedsl
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

If you ever get SNMP sorted out, let us know. Obviously Jeff
understands it and some other people as well whom I've never
encountered.

Personally, as a non-programmer, it looks every bit as easy as
learning Chinese.

I'm grateful for Rflow and DD-WRT It does the job for free with
minimal installation and no additional software, research or
programming.

Steve

Reply With Quote
  #16 (permalink)  
Old 05-25-2008, 09:53 PM
Jeff Liebermann
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

On Sun, 25 May 2008 10:48:05 -0700 (PDT), seaweedsl
<seaweedsteve@gmail.com> wrote:

>If you ever get SNMP sorted out, let us know. Obviously Jeff
>understands it and some other people as well whom I've never
>encountered.


Wrong. I've used SNMP, dabbled with various SNMP based devices, done
battle with monitoring software, and even got paid for the exercise.
However, that doesn't mean I really understand it. There are plenty
of mysteries that I still don't understand, despite explanations and
reading. For example, when does one use a leading decimal point in
front of the OID?

>Personally, as a non-programmer, it looks every bit as easy as
>learning Chinese.


Actually, using it fairly easy, especially with a suitable front end
program to insulate you from the complexities. A MIB browser is a
good start.

>I'm grateful for Rflow and DD-WRT It does the job for free with
>minimal installation and no additional software, research or
>programming.


Netflow (also known as Rflow) is probably the right answer for
monitoring traffic by IP or MAC address.

Got $1800 handy?
<http://www.solarwinds.com/products/orion/nta/index.aspx>
Might be fun to try it. It says it's for Cisco but I think it will
work with DD-WRT Rflow.

Looks like they also have a wireless monitor for only $2500:
<http://www.solarwinds.com/products/orion/wireless/index.aspx>

This one looks interesting:
<http://www.plixer.com/products/free-netflow.php>
Only $5,000.

Probably a bit much for students. So, there are free Netflow tools:
<http://www.networkuptime.com/tools/netflow/>
Like anything good, they're mostly Unix or Linux based. However,
there are a few with Windoze versions.

So much free software.... so little time.


--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Reply With Quote
  #17 (permalink)  
Old 05-26-2008, 07:17 PM
seaweedsl
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

I knew I should have kept my mouth shut. Now Jeff's got me exploring
Netflow alternatives again. Still, I think that Rflow has an
advantage over the others in that it uses MACupd ( I think it's
called) which seems to allow one to monitor....uh,.....actually, I'm
not clear what does what.

But it' a feature that must be doing something! And the others don't
seem to have it. So there!

I think that my/our problem with monitoring software that uses
Netflow, SNMP and/or whatever is that until now, administrators with
serious budgets and serious tech skills were the target user. Now, as
networking has become ubiquitous, every Tom, Dick and seaweedsl wants /
needs monitoring software that we can learn in one hour, not 30.

I wonder when somebody will put out a cleaned-up, fleshed-out, well-
explained data-managing version of Rflow. Make it shareware without
data logging and $20-25 with and you will have an income. So what
if it needs DD-WRT to run, that's common enough now and supports many
routers.

Thanks for the links though, Jeff. At the least, Ntop appears to have
been updated and I might try it again. I never could get it working
before. Or maybe I'll learn MySQL .... when I have time and brain
cells to spend on it.

Reply With Quote
  #18 (permalink)  
Old 05-26-2008, 07:27 PM
seaweedsl
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

On May 26, 1:17 pm, seaweedsl <seaweedst...@gmail.com> wrote:

>....Rflow has an
> advantage over the others in that it uses MACupd ( I think it's
> called)


Obviously Rflow uses Rflow/Netflow primarily. MACupd is an
additional feature. I think it's what matches the MAC address to user
names.


Steve

Reply With Quote
  #19 (permalink)  
Old 05-26-2008, 08:23 PM
Jeff Liebermann
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

On Mon, 26 May 2008 12:17:17 -0700 (PDT), seaweedsl
<seaweedsteve@gmail.com> wrote:

>I knew I should have kept my mouth shut.


Sorry. When I don't have an instant answer handy, I usually try to
get the person asking to do all the work.

DD-WRT v24 final release arrived last week. I've installed it on
several non-critical machines. It's working just fine, and even fixed
a mysterious wireless key renewal and disconnect problem I was having
with WPA2-TKIP (not really offically supported as WPA2 is suppose to
use AES encryption).

>Now Jeff's got me exploring
>Netflow alternatives again. Still, I think that Rflow has an
>advantage over the others in that it uses MACupd ( I think it's
>called) which seems to allow one to monitor....uh,.....actually, I'm
>not clear what does what.


While you're at it, here's another mystery. Go to "Services" tab and
scroll down to the very bottom of the list. There's something called
"WAN Traffic Counter - ttraff daemon". I enabled it and tried to
decode it's purpose, but failed. The source code is interesting:
<http://svn.dd-wrt.com:8000/dd-wrt/browser/src/router/rc/ttraff.c?rev=9009>
and says "used for collecting and storing WAN traffic info to nvram".
Ok, so where do I find it and how do I use the collected data?

>But it' a feature that must be doing something! And the others don't
>seem to have it. So there!


Go to the source:
<http://svn.dd-wrt.com:8000/dd-wrt/browser/opt/macupd/macupd.c>
macupd v2 | send all known Clients (and WDS) from this machine by UDP

>I think that my/our problem with monitoring software that uses
>Netflow, SNMP and/or whatever is that until now, administrators with
>serious budgets and serious tech skills were the target user. Now, as
>networking has become ubiquitous, every Tom, Dick and seaweedsl wants /
>needs monitoring software that we can learn in one hour, not 30.


Well, I hate to admit a small failure, but I was sympathetic (and
bored) yesterday. So, I downloaded the latest MRTG and decided to
scribble a web page detailing what it takes to monitor a DD-WRT based
router.

The first thing I discovered is that the MRTG Windoze install and
setup instructions have a few major errors. The next thing I
discovered is that I had no easy way to generate a dynamic list of MAC
addresses so that new graphs could be created on the fly. I think I
can do that with MACupd or more crudely with arp -a or a simple Perl
script. Within about an hour, I discovered that I had a major project
on my hands and gave up for now. I hate programming...

>I wonder when somebody will put out a cleaned-up, fleshed-out, well-
>explained data-managing version of Rflow. Make it shareware without
>data logging and $20-25 with and you will have an income. So what
>if it needs DD-WRT to run, that's common enough now and supports many
>routers.
>
>Thanks for the links though, Jeff. At the least, Ntop appears to have
>been updated and I might try it again. I never could get it working
>before. Or maybe I'll learn MySQL .... when I have time and brain
>cells to spend on it.


I tried the Windoze (demo) version of NTOP recently. It was even more
complicated to setup than before. I did manage to configure Netflow
(2055) but couldn't get NTOP to display any data. It was also
irritating to find that I had to configure an ethernet interface for
data sniffing, even though I wasn't using it.

More, when I have time. Today is Memorial Day in the USA. I'm
celebrating the holiday by dragging myself to the office and working
on two nightmares. I think I blew up a customers laptop and may have
to buy her a replacement. I also have a really ancient Xenix server
with a blown IBM monochrome display. When I plug in a VGA, it
overlaps the memory mapped for the Digiboard serial card and panics.
So, I have to fix the monitor. I hate computers...



--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Reply With Quote
  #20 (permalink)  
Old 05-27-2008, 07:09 AM
msg
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

Jeff Liebermann wrote:

<snip>
I also have a really ancient Xenix server
> with a blown IBM monochrome display. When I plug in a VGA, it
> overlaps the memory mapped for the Digiboard serial card and panics.
> So, I have to fix the monitor. I hate computers...


Is it running on AT-class hardware or Microchannel? Can you
cpio the entire system (sans user data where necessary) to
preserve it? Is it MS-Xenix or the IBM variant?

Michael

Reply With Quote
  #21 (permalink)  
Old 05-27-2008, 08:10 AM
Jeff Liebermann
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

On Tue, 27 May 2008 02:09:59 -0500, msg <msg@_cybertheque.org_> wrote:

>Jeff Liebermann wrote:
>
><snip>
>I also have a really ancient Xenix server
>> with a blown IBM monochrome display. When I plug in a VGA, it
>> overlaps the memory mapped for the Digiboard serial card and panics.
>> So, I have to fix the monitor. I hate computers...


>Is it running on AT-class hardware or Microchannel? Can you
>cpio the entire system (sans user data where necessary) to
>preserve it? Is it MS-Xenix or the IBM variant?
>Michael


It's not fixed yet, but I've got a handle on it. However, you're
right. I should get a backup before I do something dumb.

It's SCO Xenix 2.3.3 (not the latest which was 2.3.4). It's running
on a 386-20 with an IIT Co-processor, 8MBytes of RAM, and a 270MByte
(not gigabyte) hard disk. The Archive 2150 cartridge tape drive died
long ago (when the rubber roller turned to sticky goo). I've got
TCP/IP running on a WD8003 ethernet card. I have two filesytems.
/root for the OS and /u for the accounting system. I can cpio the
whole mess fairly easily, but I sometimes get local streams buffer
overflows. So, I just ftp the key files. I do have a full cpio
backup, but it's fairly old. Incidentally, SCO ceased development on
Xenix in about 1995.

Never, in my wildest nightmares, did I ever dream I would be trying to
find a monochrome monitor. Sigh.

Incidentally, I "sold" (for the cost of shipping), all my MCA boards
about 3 months ago. Two boxes with perhaps a total of 50 boards. Good
riddance. That leaves the EISA and VL Bus cards.



--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Reply With Quote
  #22 (permalink)  
Old 05-27-2008, 03:21 PM
msg
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

Jeff Liebermann wrote:

> On Tue, 27 May 2008 02:09:59 -0500, msg <msg@_cybertheque.org_> wrote:
>
>
>>Jeff Liebermann wrote:
>>
>><snip>
>>I also have a really ancient Xenix server
>>
>>>with a blown IBM monochrome display. When I plug in a VGA, it
>>>overlaps the memory mapped for the Digiboard serial card and panics.
>>>So, I have to fix the monitor. I hate computers...

>
>
>>Is it running on AT-class hardware or Microchannel? Can you
>>cpio the entire system (sans user data where necessary) to
>>preserve it? Is it MS-Xenix or the IBM variant?
>>Michael

>
>
> It's not fixed yet, but I've got a handle on it. However, you're
> right. I should get a backup before I do something dumb.
>
> It's SCO Xenix 2.3.3 (not the latest which was 2.3.4).


Ah, not so old then; I consider anything from SCO "new".

>
> Never, in my wildest nightmares, did I ever dream I would be trying to
> find a monochrome monitor. Sigh.


Hmmm, don't we all have mono monitors stored in strange places? Too
bad I am 1800 miles away... Anyway, long ago before mono monitors
appeared surplus, I modified a Ball NTSC video monitor to accept
external h&v sync and tweaked the horiz. osc. and it worked pretty well.
>
> Incidentally, I "sold" (for the cost of shipping), all my MCA boards
> about 3 months ago. Two boxes with perhaps a total of 50 boards. Good
> riddance. That leaves the EISA and VL Bus cards.


Still depend on some high-performing EISA boards here...

Michael

Reply With Quote
  #23 (permalink)  
Old 05-27-2008, 04:12 PM
seaweedsl
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

On May 26, 2:23 pm, Jeff Liebermann <je...@cruzio.com> wrote:
> DD-WRT v24 final release arrived last week. I've installed it on
> several non-critical machines. It's working just fine,...


Great news. I guess it's time to update ours.

> While you're at it, here's another mystery. Go to "Services" tab and
> scroll down to the very bottom of the list. There's something called
> "WAN Traffic Counter - ttraff daemon". I enabled it and tried to
> decode it's purpose, but failed. The source code is interesting:
> <http://svn.dd-wrt.com:8000/dd-wrt/browser/src/router/rc/ttraff.c?rev=...>
> and says "used for collecting and storing WAN traffic info to nvram".
> Ok, so where do I find it and how do I use the collected data?


I'm not even guessing. I can see some numbers moving for each user
connected. For now, that's my info:
Who's online, and how their numbers compare to others.

> Well, I hate to admit a small failure, but I was sympathetic (and
> bored) yesterday. So, I downloaded the latest MRTG and decided to
> scribble a web page detailing what it takes to monitor a DD-WRT based
> router.


Fantastic ! This could really help.
>
> The first thing I discovered is that the MRTG Windoze install and
> setup instructions have a few major errors. The next thing I
> discovered is that I had no easy way to generate a dynamic list of MAC
> addresses so that new graphs could be created on the fly. I think I
> can do that with MACupd or more crudely with arp -a or a simple Perl
> script. Within about an hour, I discovered that I had a major project
> on my hands and gave up for now. I hate programming...
>


OK, so at least that verifies I'm not a total idiot - it is hard.

> I tried the Windoze (demo) version of NTOP recently. It was even more
> complicated to setup than before. I did manage to configure Netflow
> (2055) but couldn't get NTOP to display any data. It was also
> irritating to find that I had to configure an ethernet interface for
> data sniffing, even though I wasn't using it.


That was my experience. Also, it clashes with Rflow and messes it up
as well.


Thanks Jeff. This affirms the value of Rflow. Not only is it the
only one that works readily, but also, if more people use it, maybe
somebody will take the initiative and improve it.

Steve

Reply With Quote
  #24 (permalink)  
Old 05-27-2008, 07:10 PM
Jeff Liebermann
Guest
 
Posts: n/a
Default Re: DD-WRT & rflow collector

On Tue, 27 May 2008 09:12:53 -0700 (PDT), seaweedsl
<seaweedsteve@gmail.com> wrote:

>Fantastic ! This could really help.


I'll work on it when I catch up on my backlog. That should be
sometime between a week and perhaps a few years from now.

>OK, so at least that verifies I'm not a total idiot - it is hard.


SNMP is simple, not easy.
Besides, if it were easy, it would be no fun.

>That was my experience. Also, it clashes with Rflow and messes it up
>as well.


Nope. At one point, I had Wall Watcher, RFlow, and MRTG pounding on
my DD-WRT based router. I also was using an SNMP MIB browser to pound
on the router at the same time. I sometimes had a contention problem
with two SNMP programs running at the same time, but no crashes.

>Thanks Jeff. This affirms the value of Rflow. Not only is it the
>only one that works readily, but also, if more people use it, maybe
>somebody will take the initiative and improve it.


I think Netflow/Rflow is closer to the goal of monitoring per user
connections. However, I know more about MRTG and SNMP, so I'm tempted
to work with it instead. I'll probably toss a coin.

Incidentally, change your SNMP write "private" password to something
obscure. It's possible to do all kinds of ugly things if I can write
to your router. Leave the SNMP read password at "public" for now.



--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Reply With Quote
Reply


« What's the basic security issue with an unsecured home router? | Re: Wireless MAC address filtering »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
logging traffic from router running DD-WRT George alt.internet.wireless 3 10-23-2007 05:30 AM


All times are GMT. The time now is 01:45 PM.



Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45