Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Traffic monitoring  (Read 2075 times)

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Traffic monitoring
« on: January 05, 2018, 05:33:11 PM »

Is there anything very user-friendly I can get that tells me where all the bandwidth is going on my internet connection, including classifying destinations sources traffic types in a meaningful way and presenting it nicely. Will need to be first-class IPv6-literate, speak all known protocols. And needs to tell me at a glance (1) who the current hogs are, which (2) boxen are sending outbound data (3) and to where and why. And it needs to present it in an attractive fashion. I don't want to spend hours going through tcpdump / wireshark type things, looking up domain names and AS's and poet numbers then doing it all again to see which counts have really gone up, and also with the multiple random routable global public ipv6 addresses that my Apple devices spin for themselves it's even more of a pain trying to get a big picture at a glance and it all hurts my brain. I would also like a (4) what is box x doing and (5) whole LAN big-picture view too.

My ZyXel WAPs, my Firebrick and AA's kit can all get packet captures but it's all too unfriendly and not dynamic and there is no easy way of summarising it all.
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33879
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Traffic monitoring
« Reply #1 on: January 07, 2018, 03:45:17 PM »

I'm not sure if there is for the home user.

The Elecoyas/Proceras are capable of doing this for traffic management by using deep packet inspection.   But even so they got it wrong on occasion and I know it took the guys at Plusnet into a deep learning curve when it came to configurations.   The result was a Plusnet user could tell from VMBU what type of traffic they were generating ie http, ftp, streaming videos etc.     
Thats now mostly broken since they started using dedicated WMBC as traffic no longer goes through the same gateways - which is the point where the Ellacoyas were monitoring.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

phi2008

  • Reg Member
  • ***
  • Posts: 420
Re: Traffic monitoring
« Reply #2 on: January 13, 2018, 07:50:52 PM »

Think Ubiquiti Edgerouter built in layer 7 analysis -



Think their security gateway box does the same - random thread listing open source layer 7 software.

Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Traffic monitoring
« Reply #3 on: January 13, 2018, 08:25:37 PM »

Superb eh? Good job by Ubiquiti.

I wonder if there is such a thing as a solution that doesn't require that it itself lives inside the internet gateway?

The new Fingbox might be just an example, sort-of, sort-of not. It works by very naughty ARP poisoning/spoofing and redirects all traffic from the main gateway to itself. So that means you have to trust Fing not to be evil / snooping, nor have any bugs or crash, nor slow down everything due to the time it take to forward all your stuff. Extremely clever and useful but there's no way on earth that I would buy one, not unless Imused it as a securityntest tool to make sure that my basic infrastructure guard security systems spot it or better still stop it working. (They wouldn't I'm ashamed to say, not yet, relies on never allowing any evil boxen into the main LAN.)
Logged

phi2008

  • Reg Member
  • ***
  • Posts: 420
Re: Traffic monitoring
« Reply #4 on: January 13, 2018, 09:31:27 PM »

On my Mikrotik I'd probably just set up simple queues to log per IP traffic and be done with it, though I'm sure I could use fancy L7 regex to do detailed logging if I was bothered, or something like this.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Traffic monitoring
« Reply #5 on: January 13, 2018, 11:32:34 PM »

I have always been admiring Mikrotik kit, and I'd love an excuse to get hold of some.

I wonder if there is an solution to my question about monitoring without replacing the gateway. I could use a mikrotik as a wiretap certainly, between the main switch and the Firebrick. Or perhaps I could do something clever with a switch, port mirroring?
Logged

phi2008

  • Reg Member
  • ***
  • Posts: 420
Re: Traffic monitoring
« Reply #6 on: January 14, 2018, 05:43:16 PM »

Could you use the Edgerouter as an inline transparent bridge/proxy like this guy and then read off its L7 report from its GUI? Ask on the Ubiquiti forums.
Logged