FAQ
There's a whole herd of ways to count and track the amount of data that goes
through a given network port. However, I'm looking for a user-friendly (and
pretty, if possible) monitor or counter program with the following features:

1. Grand total amount of data in and out since last counter reset.
2. Resettable counters both manual (reset it when you want to) or timed (reset
this thing monthly or weekly, etc.)
3. Breakdown of external and internal traffic volume, by gateway if possible.

Basically, I'm looking for a report with fields or a graph similar to this

Total data transferred since the last reset:
Total data sent:
Total data received:
Total data sent through external gateway 192.168.0.1:
Total data received through external gateway 192.168.0.1:

And so on if the computer has sent data through other gateways if there are
several on a network.

I've found all kinds of counters but none that seem to break out internal
traffic from the external traffic by gateway. Perhaps I'm not looking for the
right thing?

--
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER!

Search Discussions

  • Les Mikesell at Feb 24, 2012 at 6:23 pm

    On Fri, Feb 24, 2012 at 4:40 PM, Frank Cox wrote:
    There's a whole herd of ways to count and track the amount of data that goes
    through a given network port. ?However, I'm looking for a user-friendly (and
    pretty, if possible) monitor or counter program with the following features:

    1. Grand total amount of data in and out since last counter reset.
    2. Resettable counters both manual (reset it when you want to) or timed (reset
    this thing monthly or weekly, etc.)
    3. Breakdown of external and internal traffic volume, by gateway if possible.

    Basically, I'm looking for a report with fields or a graph similar to this

    Total data transferred since the last reset:
    Total data sent:
    Total data received:
    Total data sent through external gateway 192.168.0.1:
    Total data received through external gateway 192.168.0.1:

    And so on if the computer has sent data through other gateways if there are
    several on a network.

    I've found all kinds of counters but none that seem to ?break out internal
    traffic from the external traffic by gateway. ?Perhaps I'm not looking for the
    right thing?
    I don't think there is anything that tracks things routed through a
    gateway unless it goes out different interfaces. Do you have
    different internal/external interfaces? You should be able to pick
    up the counters from the router interfaces via snmp if you want the
    totals there.

    --
    Les Mikesell
    lesmikesell at gmail.com
  • Frank Cox at Feb 24, 2012 at 6:34 pm

    On Fri, 24 Feb 2012 17:23:31 -0600 Les Mikesell wrote:

    I don't think there is anything that tracks things routed through a
    gateway unless it goes out different interfaces. Do you have
    different internal/external interfaces? You should be able to pick
    up the counters from the router interfaces via snmp if you want the
    totals there.
    I have a small network with two cheap dlink routers on it, one attached to a
    cable modem and the other to a DSL modem. I route certain data through the
    cable modem, and everything else goes through the DSL.

    However, on the computers only have eth0 and I just use route commands on the
    individual computers to sort out what I want to go out through each modem. My
    default gateway is 192.168.0.254 and I custom route certain traffic through
    192.168.0.1.

    Ultimately, I have three kinds of traffic that I'm interested in counting from
    each computer on my network: internal traffic, from one computer to another
    (from 192.168.0.x to 192.168.0.y); external traffic through 192.168.0.254;
    external traffic through 192.168.0.254. I would like to look at a report on
    each of my computers and find out how much data each one has sent and received
    during the period in each of those categories.

    --
    MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
    www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER!
  • Les Mikesell at Feb 24, 2012 at 7:00 pm

    On Fri, Feb 24, 2012 at 5:34 PM, Frank Cox wrote:
    However, on the computers only have eth0 and I just use route commands on the
    individual computers to sort out what I want to go out through each modem. ?My
    default gateway is 192.168.0.254 and I custom route certain traffic through
    192.168.0.1.

    Ultimately, I have three kinds of traffic that I'm interested in counting from
    each computer on my network: internal traffic, from one computer to another
    (from 192.168.0.x to 192.168.0.y); external traffic through 192.168.0.254;
    external traffic through 192.168.0.254. ?I would like to look at a report on
    each of my computers and find out how much data each one has sent and received
    during the period in each of those categories.
    There is probably some way to do this with iptables, but it doesn't
    match any normal tracking. You might try ntop and see if you can find
    the MAC/MAC traffic for the computer/router pairs you want, but there
    is a lot of overhead for that.

    --
    Les Mikesell
    lesmikesell at gmail.com
  • Ljubomir Ljubojevic at Feb 26, 2012 at 3:11 pm

    On 02/25/2012 12:34 AM, Frank Cox wrote:
    On Fri, 24 Feb 2012 17:23:31 -0600
    I have a small network with two cheap dlink routers on it, one attached to a
    cable modem and the other to a DSL modem. I route certain data through the
    cable modem, and everything else goes through the DSL.

    However, on the computers only have eth0 and I just use route commands on the
    individual computers to sort out what I want to go out through each modem. My
    default gateway is 192.168.0.254 and I custom route certain traffic through
    192.168.0.1.

    Ultimately, I have three kinds of traffic that I'm interested in counting from
    each computer on my network: internal traffic, from one computer to another
    (from 192.168.0.x to 192.168.0.y); external traffic through 192.168.0.254;
    external traffic through 192.168.0.254. I would like to look at a report on
    each of my computers and find out how much data each one has sent and received
    during the period in each of those categories.
    Can this help? I think friend of mine wrote it, Nenad Opsenica, some 6-7
    years ago, I don't think he will mind:

    http://www.plcomputers.net/download/svasta/if-kbps

    Use it as "if-kbps eth0" and brake with Ctrl+C.

    --

    Ljubomir Ljubojevic
    (Love is in the Air)
    PL Computers
    Serbia, Europe

    Google is the Mother, Google is the Father, and traceroute is your
    trusty Spiderman...
    StarOS, Mikrotik and CentOS/RHEL/Linux consultant
  • Frank Cox at Feb 26, 2012 at 3:21 pm

    On Sun, 26 Feb 2012 21:11:15 +0100 Ljubomir Ljubojevic wrote:

    Can this help? I think friend of mine wrote it, Nenad Opsenica, some 6-7
    years ago, I don't think he will mind:

    http://www.plcomputers.net/download/svasta/if-kbps

    Use it as "if-kbps eth0" and brake with Ctrl+C.
    It looks like it does pretty much the same thing as several other monitoring
    tools that I've looked at. However, none of them separate local traffic from
    external traffic.

    --
    MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
    www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER!
  • Les Mikesell at Feb 26, 2012 at 3:31 pm

    On Sun, Feb 26, 2012 at 2:21 PM, Frank Cox wrote:
    Can this help? I think friend of mine wrote it, Nenad Opsenica, some 6-7
    years ago, I don't think he will mind:

    http://www.plcomputers.net/download/svasta/if-kbps

    Use it as "if-kbps eth0" and brake with Ctrl+C.
    It looks like it does pretty much the same thing as several other monitoring
    tools that I've looked at. ?However, none of them separate local traffic from
    external traffic.
    Without separate interfaces there's not much to distinguish your
    local/external concepts. Did you try ntop? It basically acts as a
    packet sniffer that can group and summarize by a lot of different
    categories but there is a lot of overhead in building the database
    with all that info.

    --
    Les Mikesell
    lesmikesell at gmail.com
  • Frank Cox at Feb 26, 2012 at 4:18 pm

    On Sun, 26 Feb 2012 14:31:29 -0600 Les Mikesell wrote:

    Without separate interfaces there's not much to distinguish your
    local/external concepts.
    As I see it, there's probably some way (that I haven't yet discovered) to
    separate the traffic by gateway. Or at least some way to distinguish local
    traffic from external traffic.
    Did you try ntop? It basically acts as a
    packet sniffer that can group and summarize by a lot of different
    categories but there is a lot of overhead in building the database
    with all that info.
    I'll look at it.

    --
    MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
    www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER!
  • Les Mikesell at Feb 26, 2012 at 4:33 pm

    On Sun, Feb 26, 2012 at 3:18 PM, Frank Cox wrote:

    Without separate interfaces there's not much to distinguish your
    local/external concepts.
    As I see it, there's probably some way (that I haven't yet discovered) to
    separate the traffic by gateway. ?Or at least some way to distinguish local
    traffic from external traffic.
    There is, but not in the places that normal metrics are gathered. You
    need to look at the route toward the target IP address for your
    breakdown. There are tools to do it in iptables, but it is not a
    common operation so you are probably on your own to set up the matches
    and read the counters. Someone doing it on a larger scale would
    probably arrange subnets to isolate the traffic by interfaces or use
    routers with netflow metrics to track usage by connection.

    --
    Les Mikesell
    lesmikesell at gmail.com



    Did you try ntop? It basically acts as a
    packet sniffer that can group and summarize by a lot of different
    categories but there is a lot of overhead in building the database
    with all that info.
    I'll look at it.

    --
    MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
    www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER!
    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos
  • Frank Cox at Feb 26, 2012 at 4:38 pm

    On Sun, 26 Feb 2012 15:33:08 -0600 Les Mikesell wrote:

    There are tools to do it in iptables, but it is not a
    common operation so you are probably on your own to set up the matches
    and read the counters.
    It's apparently not common, as you say, and I really don't understand why.
    Folks who buy their bandwith by the mb (thankfully not me) might want to count
    exactly how much traffic they send out over their satellite or whatever, while
    omitting the local traffic between their desktop and their laptop. Which is
    why it surprises me that no tool apparently exists that can do this.

    --
    MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
    www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER!
  • Les Mikesell at Feb 26, 2012 at 4:50 pm

    On Sun, Feb 26, 2012 at 3:38 PM, Frank Cox wrote:
    There are tools to do it in iptables, but it is not a
    common operation so you are probably on your own to set up the matches
    and read the counters.
    It's apparently not common, as you say, and I really don't understand why.
    Folks who buy their bandwith by the mb (thankfully not me) might want to count
    exactly how much traffic they send out over their satellite or whatever, while
    omitting the local traffic between their desktop and their laptop. ?Which is
    why it surprises me that no tool apparently exists that can do this.
    Most people would just look at the router's own bandwidth measurement
    or the one at the ISP's end if that is available. I thought what made
    your case uncommon was that you had multiple machines and multiple
    routers and wanted the measurements for each pairing even though the
    packets go over the same interfaces with no inherent separation. If
    you added interfaces and subnets for each route you wanted to measure
    separately the normal tools would work naturally.

    --
    Les Mikesell
    lesmikesell at gmail.com
  • Frank Cox at Feb 26, 2012 at 4:55 pm

    On Sun, 26 Feb 2012 15:50:32 -0600 Les Mikesell wrote:

    Most people would just look at the router's own bandwidth measurement
    or the one at the ISP's end if that is available.
    Possibly, but that wouldn't break it down by machine. And in that situation
    I'd think a per-machine breakdown would be useful because then you'd know if
    you should be yelling at the kid, the wife or the family dog when you get the
    ten thousand dollar ISP bill. Again, it just seems like the sort of thing that
    folks would want to be able to track in certain situations. But apparently
    not.
    I thought what made
    your case uncommon was that you had multiple machines and multiple
    routers and wanted the measurements for each pairing even though the
    packets go over the same interfaces with no inherent separation.
    The separation is the gateway assignment or the lack thereof (for local
    traffic). But other than that, yep, that's a correct assessment.
    If you added interfaces and subnets for each route you wanted to measure
    separately the normal tools would work naturally.
    Indeed, but that adds a whole new layer of complexity to my network that's not
    really needed for any other purpose.


    --
    MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
    www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER!
  • Les Mikesell at Feb 26, 2012 at 5:25 pm

    On Sun, Feb 26, 2012 at 3:55 PM, Frank Cox wrote:
    Most people would just look at the router's own bandwidth measurement
    or the one at the ISP's end if that is available.
    Possibly, but that wouldn't break it down by machine. ? And in that situation
    I'd think a per-machine breakdown would be useful because then you'd know if
    you should be yelling at the kid, the wife or the family dog when you get the
    ten thousand dollar ISP bill. ?Again, it just seems like the sort of thing that
    folks would want to be able to track in certain situations. ? But apparently
    not.
    Unless you do a lot of local media streaming or network backups, the
    per-machine usage should be obvious from the interface traffic. And if
    you actually want to control it, you would force everything through a
    proxy with user logins - otherwise it is sort of like measuring water
    usage by how long everyone is in the shower.
    I thought what made
    your case uncommon was that you had multiple machines and multiple
    routers and ?wanted the measurements for each pairing even though the
    packets go over the same interfaces with no inherent separation.
    The separation is the gateway assignment or the lack thereof (for local
    traffic). ?But other than that, yep, that's a correct assessment.
    ?If ?you added interfaces and subnets for each route you wanted to measure
    separately the normal tools would work naturally.
    Indeed, but that adds a whole new layer of complexity to my network that's not
    really needed for any other purpose.
    A couple of NICs and a switch aren't all that complicated - but the
    iptables counters should work. Or you could push one or the other of
    your routes though a proxy that keeps its own statistics and factor it
    back out of the relevant interface traffic.

    --
    Les Mikesell
    lesmikesell at gmail.com
  • Ljubomir Ljubojevic at Feb 26, 2012 at 6:37 pm

    On 02/26/2012 10:55 PM, Frank Cox wrote:
    On Sun, 26 Feb 2012 15:50:32 -0600
    Les Mikesell wrote:
    Most people would just look at the router's own bandwidth measurement
    or the one at the ISP's end if that is available.
    Possibly, but that wouldn't break it down by machine. And in that situation
    I'd think a per-machine breakdown would be useful because then you'd know if
    you should be yelling at the kid, the wife or the family dog when you get the
    ten thousand dollar ISP bill. Again, it just seems like the sort of thing that
    folks would want to be able to track in certain situations. But apparently
    not.
    I thought what made
    your case uncommon was that you had multiple machines and multiple
    routers and wanted the measurements for each pairing even though the
    packets go over the same interfaces with no inherent separation.
    The separation is the gateway assignment or the lack thereof (for local
    traffic). But other than that, yep, that's a correct assessment.
    If you added interfaces and subnets for each route you wanted to measure
    separately the normal tools would work naturally.
    Indeed, but that adds a whole new layer of complexity to my network that's not
    really needed for any other purpose.
    Then use "tc" for bandwidth control ( per source IP ) with pipes much
    larger then your bandwidth, so you are not limiting, but get only
    reports of the usage per source (local) IP.



    --

    Ljubomir Ljubojevic
    (Love is in the Air)
    PL Computers
    Serbia, Europe

    Google is the Mother, Google is the Father, and traceroute is your
    trusty Spiderman...
    StarOS, Mikrotik and CentOS/RHEL/Linux consultant
  • John R Pierce at Feb 26, 2012 at 3:34 pm

    On 02/26/12 12:21 PM, Frank Cox wrote:
    separate local traffic from
    external traffic.
    use some iptables rules to select the specific traffic you want to
    monitor, and view the packet and byte counts via iptables -L -vn



    --
    john r pierce N 37, W 122
    santa cruz ca mid-left coast
  • Frank Cox at Feb 26, 2012 at 4:24 pm

    On Sun, 26 Feb 2012 12:34:34 -0800 John R Pierce wrote:

    use some iptables rules to select the specific traffic you want to
    monitor, and view the packet and byte counts via iptables -L -vn
    Interesting. I'll look at that.

    --
    MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
    www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER!
  • John R Pierce at Feb 26, 2012 at 5:18 pm

    On 02/26/12 12:34 PM, John R Pierce wrote:
    use some iptables rules to select the specific traffic you want to
    monitor, and view the packet and byte counts via iptables -L -vn
    to expand on this, I'd probably write a perl or python script that ran
    the iptables -vnL command, and parses the output, and store the values
    in a file or sql database along with a timestamp. If all your iptables
    sampling rules are in the INPUT table, you can restrict the output with
    `iptables -vnL INPUT`... this script could feed the data to cacti or
    another rrdtool/mrtg style monitoring system.

    .

    --
    john r pierce N 37, W 122
    santa cruz ca mid-left coast
  • Ljubomir Ljubojevic at Feb 26, 2012 at 3:53 pm

    On 02/26/2012 09:21 PM, Frank Cox wrote:
    On Sun, 26 Feb 2012 21:11:15 +0100
    Ljubomir Ljubojevic wrote:
    Can this help? I think friend of mine wrote it, Nenad Opsenica, some 6-7
    years ago, I don't think he will mind:

    http://www.plcomputers.net/download/svasta/if-kbps

    Use it as "if-kbps eth0" and brake with Ctrl+C.
    It looks like it does pretty much the same thing as several other monitoring
    tools that I've looked at. However, none of them separate local traffic from
    external traffic.
    Check out Shorewall, it has some fancy features, including
    firewall/router with one interface, but do not know about this one.

    --

    Ljubomir Ljubojevic
    (Love is in the Air)
    PL Computers
    Serbia, Europe

    Google is the Mother, Google is the Father, and traceroute is your
    trusty Spiderman...
    StarOS, Mikrotik and CentOS/RHEL/Linux consultant
  • Luke S. Crawford at Feb 27, 2012 at 12:26 am

    On Sun, Feb 26, 2012 at 02:21:09PM -0600, Frank Cox wrote:
    It looks like it does pretty much the same thing as several other monitoring
    tools that I've looked at. However, none of them separate local traffic from
    external traffic.
    check out http://bandwidthd.sourceforge.net/ - It only supports IPv4,
    but it's pretty convenient, as you can define what 'local' and 'external'
    means by IP address.
  • Frank Cox at Feb 27, 2012 at 12:30 am

    On Mon, 27 Feb 2012 00:26:59 -0500 Luke S. Crawford wrote:

    check out http://bandwidthd.sourceforge.net/ - It only supports IPv4,
    but it's pretty convenient, as you can define what 'local' and 'external'
    means by IP address.
    Cool! That looks like it could the the real McCoy.

    Now I'm off to play with this toy....

    --
    MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
    www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER!
  • Luke S. Crawford at Feb 27, 2012 at 1:11 am

    On Sun, Feb 26, 2012 at 11:30:14PM -0600, Frank Cox wrote:
    On Mon, 27 Feb 2012 00:26:59 -0500
    Luke S. Crawford wrote:
    check out http://bandwidthd.sourceforge.net/ - It only supports IPv4,
    but it's pretty convenient, as you can define what 'local' and 'external'
    means by IP address.
    Cool! That looks like it could the the real McCoy.

    Now I'm off to play with this toy....
    It's pretty cool; I used it for billing for a while. The big problem is
    that it doesn't support IPv6, and that's pretty much essential these days,
    I mean, to your more technically savvy customers.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcentos @
categoriescentos
postedFeb 24, '12 at 5:40p
activeFeb 27, '12 at 1:11a
posts21
users5
websitecentos.org
irc#centos

People

Translate

site design / logo © 2022 Grokbase