Rick Sewill wrote:
On Tue, 2007-01-23 at 10:19 -0500, Bob Goodwin wrote:
My ISP Wildblue limits me to 5 gig's upload and 17 down over a thirty
day period. For the last nine months this has not been a problem,
however last month they made a system change and said they were
measuring usage more accurately. Now we are running perilously close to
the limits for the last thirty days and I'm not certain why.
We have four computers [FC6, Mac, and W2k] running on the wireless LAN
which appears as eth0 to my computer. The system is comprised of the
satellite receiver/modem, a Netgear wireless router, and some Linksys
wireless bridges and/or adapters. Can someone tell me how I can track
usage and determine how much each user is consuming?
I do not have a good answer to this question, but I have suggestions.
Each device should, hopefully, keep interface statistics.
It might be possible to gather those statistics, periodically, using
snmp, if the device allows snmp.
Another possibility depends on your configuration. Does all the traffic
between you and the ISP Wildblue go through a router or bridge you
control? It is a long-shot, depending on what devices you have and what
features they support, but, if the router or bridge you control, that is
the point of connection with Wildblue, supports VLANs, you might be able
to configure that device to have a VLAN for each of the devices on your
LAN, and then gather statistics based on VLANs.
Another possibility is to use a program, such as iptraf, for monitoring
LAN traffic. "yum install iptraf"
Please be certain to force promiscuous mode in any LAN traffic monitor
so you see all traffic that gets to the interface, and not just traffic
that is unicast to/from the PC, or traffic that is multicast or
broadcast, where you are running the LAN traffic monitor.
Also, please be careful if you have any switches or bridges in your LAN
because a switch or bridge will "learn" which port on the switch or
bridge is the way to reach a unicast MAC address and will only send the
unicast packet out that port. Your PC, running the LAN traffic monitor
might never see the packet on any of its interfaces.
It is best you run a LAN traffic monitor as close as possible to the
point of connection between your ISP and your local LAN.
I would also be suspicious if your ISP is a Cable company. Your local
neighbors and you share the Cable to the Cable company. A few years ago
I had reason to put ethereal (wireshark) between my NAT/firewall box and
the Cable Modem box, I saw lots of traffic. Besides multicast and
broadcasts from my neighbors, the Cable company was sending a flood (I
hate to say it, but I thought it was a flood) of ARP requests for ranges
of IP addresses. I would hope the Cable company is not counting such a
flood of ARP packets against your limits because the Cable company would
be the one to generate the flood. It might be a good idea to look for
this condition, just in case.
I installed iptraf a few days ago along with iptop, and etherape, none
of which seemed to provide information I could work with. Now as you
suggest I've set iptraf to promiscuous and to show the MAC hardware
addresses which are unaffected by a couple of Windows computers running
dhcp. The resulting display looks better than what I've seen ... I'll
let it accumulate data for a while.
This FC6 computer connects to a Linksys switch and then to a Linksys
wireless ethernet bridge as a matter of convenience in that I have
several FC6 computers that I can run through that route. I'm not sure
what effect that may have on the data I collect but it looks like iptraf
is seeing the other computers on the wireless LAN. This is a satellite
connection, but I suppose technically it's similar to cable as far as
the network goes.
I installed mrtg as was suggested earlier but the documentation may have
as well been written in Greek. I finally created some of the
directories it was protesting it needed but still don't have that
working. It seems everything becomes a "science project."
My problem is the data returned from the ISP is in the form of a bar
chart with no numbers and averaged over thirty day so I can't see short
term changes and I'm not certain if anything I've done has helped. I
have enabled security on the wireless lan although we are in the country
on eleven acres with the nearest neighbors hundreds of yards away!
I've really been scratching my head on this for a couple of weeks now.
Thanks for your help.
Thanks.
Bob Goodwin Zuni, Virginia
