Aside: I'm fighting a headache today, so my "research" is going pretty slow.
I did look at the Ubiquiti EdgeRouter, at least a little bit, but there is apparently a GPL problem. So, I've also found the TP-Link Gigabit VPN Router (TL-R600VPN) (e.g.: https://www.amazon.com/dp/B007B60SCG/ref=psdc_300189_t1_B00YFJT29C ) Any thoughts / comments on that device? )from anybody) On Friday, February 03, 2017 11:53:33 AM Bob Weber wrote: > You might look at the Ubiquiti EdgeRouter X Advanced Gigabit Ethernet > Routers ER-X 256MB Storage 5 Gigabit RJ45 ports abut $50 on Amazon. It > actually runs a small Debian like OS. It is configured by a web interface > and a command line interface through ssh or embedded in the web interface. > It has counters and displays graphs of the current throughput of each > port. The basic router configuration (configured by wizards to get you > started) has one port to connect to the internet (your dsl modem) and > NATed to the other 4 ports set up like a switch. It has a DHCP server to > assign internal IP addresses on your LAN if you want. Mirroring is also > possible through the command line interface. Port rate limiting is also > possible. While I use a Debian box for my main router/firewall I have > been experimenting with a ER-X for a while as a backup in case the Debian > box goes down. > > I also have a TP-Link 5-Port Gigabit Ethernet Web Managed Easy Smart Switch > (TL-SG105E v2.0) about $28 on Amazon. It has a Web configuration interface > (make sure you get the V2.0) and can be easily set up to mirror ports. > This is not a router so it won't protect your internal LAN like the ER-X > would. > > Now to actually monitor the traffic from a mirrored port connected to your > desktop Debian you can use wireshark. It can display traffic in real time > showing source and destination address/names and protocols. It can filter > by IP so you could just see the traffic your son generates. You can graph > the data also. Wireshark has many ways to see the data it collects. My > favorite is "conversations" which shows source and destinations and > packets/bytes transferred. For instance you might see your son's internal > IP going to youtube and the data he uses just to watch a video. > > Another program I use to just watch data amounts being used is vnstat. It > can show data usage by hour, day or month. Just install vnstat on each > Debian machine and have the results of "vnstat -i eth0 -d" emailed to you > every day by a crontab entry. Here is an example of what is on my > outgoing port on my route box. > > vnstat -i eth1 -d > > eth1 / daily > > day rx | tx | total | avg. rate > ------------------------+-------------+-------------+--------------- > 01/05/2017 4.82 GiB | 274.30 MiB | 5.09 GiB | 493.72 kbit/s > 01/06/2017 5.16 GiB | 250.13 MiB | 5.40 GiB | 524.53 kbit/s > 01/07/2017 4.13 GiB | 271.32 MiB | 4.39 GiB | 426.58 kbit/s > 01/08/2017 4.61 GiB | 267.46 MiB | 4.87 GiB | 472.95 kbit/s > 01/09/2017 3.35 GiB | 624.10 MiB | 3.96 GiB | 384.68 kbit/s > 01/10/2017 4.72 GiB | 263.63 MiB | 4.98 GiB | 483.42 kbit/s > 01/11/2017 5.02 GiB | 303.67 MiB | 5.32 GiB | 516.44 kbit/s > 01/12/2017 2.87 GiB | 194.76 MiB | 3.06 GiB | 297.22 kbit/s > 01/13/2017 4.44 GiB | 270.56 MiB | 4.70 GiB | 456.34 kbit/s > 01/14/2017 4.36 GiB | 244.49 MiB | 4.60 GiB | 446.73 kbit/s > 01/15/2017 4.04 GiB | 354.37 MiB | 4.39 GiB | 426.23 kbit/s > 01/16/2017 4.60 GiB | 360.85 MiB | 4.95 GiB | 480.43 kbit/s > 01/17/2017 4.07 GiB | 269.75 MiB | 4.34 GiB | 420.89 kbit/s > 01/18/2017 3.90 GiB | 272.31 MiB | 4.17 GiB | 404.66 kbit/s > 01/19/2017 4.70 GiB | 321.41 MiB | 5.01 GiB | 486.59 kbit/s > 01/20/2017 4.65 GiB | 294.00 MiB | 4.94 GiB | 479.26 kbit/s > 01/21/2017 7.12 GiB | 343.20 MiB | 7.45 GiB | 723.52 kbit/s > 01/22/2017 7.23 GiB | 379.96 MiB | 7.60 GiB | 737.88 kbit/s > 01/23/2017 5.54 GiB | 290.97 MiB | 5.82 GiB | 565.08 kbit/s > 01/24/2017 4.85 GiB | 355.95 MiB | 5.20 GiB | 505.09 kbit/s > 01/25/2017 3.48 GiB | 259.62 MiB | 3.73 GiB | 362.58 kbit/s > 01/26/2017 10.14 GiB | 469.21 MiB | 10.60 GiB | 1.03 Mbit/s > 01/27/2017 4.94 GiB | 324.84 MiB | 5.26 GiB | 510.76 kbit/s > 01/28/2017 5.75 GiB | 332.64 MiB | 6.08 GiB | 589.86 kbit/s > 01/29/2017 4.16 GiB | 291.04 MiB | 4.44 GiB | 431.41 kbit/s > 01/30/2017 5.93 GiB | 331.44 MiB | 6.25 GiB | 606.99 kbit/s > 01/31/2017 3.36 GiB | 247.76 MiB | 3.61 GiB | 350.02 kbit/s > 02/01/2017 3.22 GiB | 248.35 MiB | 3.47 GiB | 336.53 kbit/s > 02/02/2017 3.87 GiB | 257.72 MiB | 4.12 GiB | 399.78 kbit/s > 02/03/2017 1.21 GiB | 128.89 MiB | 1.34 GiB | 265.66 kbit/s > ------------------------+-------------+-------------+--------------- > estimated 2.48 GiB | 262 MiB | 2.74 GiB | > > > I watch several hours of Netflix a day so this is pretty high usage. > > Hope this helps. > > *...Bob* > > On 02/02/2017 10:42 PM, rhkra...@gmail.com wrote: > > Thanks for the replies (from Dan and Frank)! > > > > I'm going to do some thinking--at first I just wanted to find out how we > > were using so much bandwidth, but, once I do, I might want to try > > blocking some of it if that won't disable pages that I want to look at. > > > > I'll look for pfSense or OPNSense--apper doesn't list them for Wheezy, > > but I'm sure I can find them. > > > > I don' think I want to try to use a Debian box as a smart router, I'd > > rather find a packaged solution. (I've done things like that > > before--I've learned too much about NAT and such over the last 30 years > > or so. ;-) > > > > Just for posterity, here's an example of a <$30 smart gigabit switch on > > eBay:TP-Link 5-Port Gigabit Ethernet Web Managed Easy Smart Switch > > (TL-SG105E v2.0) > > > > NEW NETGEAR ProSAFE GS105Ev2 5-Port Gigabit Web Managed (Plus) Switch > > > > http://www.ebay.com/itm/NEW-NETGEAR-ProSAFE-GS105Ev2-5-Port-Gigabit-Web- > > Managed-Plus-Switch-/381923274422 > > > > On Thursday, February 02, 2017 11:58:28 AM Dan Ritter wrote: > >> On Thu, Feb 02, 2017 at 11:19:59AM -0500, rhkra...@gmail.com wrote: > >>> Aside: I am actually gobsmacked (I don't think I've ever been > >>> gobsmacked before ;-)--in a week of monitoring, we (my son and I, but > >>> with my son gone 8 to 12 hours a day) are downloading 1.5 to 4 GB *per > >>> day* (and uploading 100 to 300 MB *per day*). > >>> > >>> Anyway, I want to try to figure out where all this data is going to and > >>> coming from, at least in terms of the devices we have on our LAN (I'll > >>> discuss those below), so I'm thinking that a(n inexpensive) managed > >>> (Ethernet) switch or two (discussed below) might help me do that. > >> > >> I think you actually want a smart router. A Debian box with two > >> or more network interfaces can be such a thing. > >> > >>> One thing I want to do is implement QOS--we have two ObiHai VOIP > >>> devices (which we use pretty rarely, but still want to keep--they > >>> might be used for 4 calls / 10 to 30 minutes a week). Sometimes the > >>> conversation gets pretty choppy, probably depending on what my son is > >>> doing at the time (I mean, like watching a video or something), so I'm > >>> hoping that QOS would improve that (assuming the packets from the > >>> ObiHai device can be recognized--I would think they can based on their > >>> (private / on the LAN) IP addresses. > >> > >> A router can do that better than a switch can. > >> > >>> Like I mentioned above, the other thing I want to do is start > >>> monitoring (at least on an occasional / diagnostic basis) the > >>> bandwidth used by each device. > >> > >> Depending on exactly what you want, either a switch or a router > >> can help here. > >> > >>> Layout of the network (for background): > >>> > >>> The Earthlink DSL modem (Westell) is followed by an Ethernet > >>> (unmanaged} switch. > >> > >> You would want to put your router in between these. If you can > >> arrange a third network interface on the router, you could > >> connect the WiFi hotspot to the router, as well. > >> > >>> I see managed 5-port gigabit switches on eBay starting at a little > >>> under $30, and I'd like to stay close to that as a budget (i.e., ~$60 > >>> for 2). Of course, if a more featureful switch can monitor the data > >>> flows to each device from that (central) location, I could spend that > >>> ~$60 for the more featureful switch). (But there is some value to me > >>> to have two managed switches such that one would serve as a spare for > >>> the central one even if being used at other locations for monitoring.) > >>> > >>> Advice / comments / recommendations? > >> > >> That seems an unlikely price point, even for used equipment on > >> ebay. And managed switches usually have a minimum of 12 ports, > >> not 5. (12, 16, 24, 32 and 48 are all common) > >> > >> I would recommend putting in a Debian box between the DSL modem > >> and the ethernet switch. You will need to learn a little about > >> routing and IP masquerading / NAT, and you will want to set up > >> firewalling with iptables. > >> > >> You can look at traffic in realtime with iftop, which will show > >> you graphs of the top users by IP address or domain name and > >> where they are connecting. > >> > >> You can set individual traffic counters per IP address or per > >> service or both with iptables. > >> > >> What you won't get is flow information between local devices, > >> but as I understand it you are more concerned about traffic > >> in/out to the Internet at large. > >> > >> If you set fq_codel as the queue discipline on the interfaces > >> to the router, you will probably solve most of your traffic > >> interference problems without mucking with QoS. > >> > >> -dsr-
