On Thu, 2007-11-15 at 13:22 -0500, Bob Goodwin wrote: > Tim wrote: > > On Sun, 2007-11-11 at 14:59 -0500, Bob Goodwin wrote: > > > >> I have a system diagram you can view at: > >> > >> http://users.wildblue.net/bobgoodwin/sys071031.png > >> > > > > Well, looking at your network, you could use MRTG with the 192.168.1.1 > > device to measure the traffic going through your LAN (and for anything > > outside that managed to connect to it through your wireless networking). > > All your LAN traffic (including intruders) goes through it before making > > out to your microwave internet connection. > > > > I think you'd only need to try and directly measure the wildblue > > receiver if it was capable of wireless connections directly with someone > > else. Is it wired to the dish, or does it use a wireless link between > > the receiver box and the dish? > > > > You could probably, also, use MRTG on the other wireless LAN > > switches/bridges, to see which ones are the busy ones. Though that'd > > mean a plethora of different graphs. If you wanted to trace out where > > the traffic was coming from, I think you'd want to log your 192.168.1.1 > > device quite thoroughly, when run a logging analysis tool on it, rather > > than just a MRTG graph. > > > > > Yes, I agree, I really don't want graphical information. I was just > curious to see mrtg work, unfortunately I haven't had any success with > it and my problems with usage are demanding immediate attention! > > "tcpdump" looks like it should produce the kind if information I need > and it certainly cranks out a long list in short order but I haven't > been able to find anything of significance [to me] in it? Although it's > being fed from the ethernet hub connected at the modem before the router > most of what I see is dns inquiries from box10 [192.168.1.10] connected > to it? Try a filter on tcpdump like: tcpdump ip and not net 192.168.1.0 mask 255.255.255.0 That will cause the system to dump any packets NOT destined for your network. > Linksys identifies the hub as "EFAH05W - EtherFast® 10/100 5-port > Auto-Sensing Hub." I'm not sure what it "auto-senses?" but I hope it is > passing everything it sees at its input. It autosenses between 10Mbps and 100Mbps links. > > I also tried "iptraf" which collected data for a couple of days but > showed something on the order of 20 mB received while Wildblue claimed I > used a lot more. See my notes below: > > 11/12/2007 17:05:25 949 8626 > > 11/13/2007 03:17:39 1001 9072 +446 mB in 8 hours and 12 > minutes! > > > Almost half a gigaByte download increase overnight, plus 52 > mB uploaded! > > The curious thing is that this does not agree with my > measurements of data transferred at the ethernet connection > at the Wildblue receiver over the last 58.43 hours? I show > show 18.3 mB incoming and 2.1 mB outgoing. Am I only seeing > traffic addressed to my computer? I need to verify that > part of my test setup. > > This morning my activity has continued to go up despite our best efforts > to control it. > > 11/15/2007 12:20:13 1231 10177 > > Any suggestions as to how best to use tcpdump or iptraf would be > appreciated. I'm not even certain that my attempt to measure activity > has not caused an increase? I guess I'm really in over my head ... > > Bob Goodwin > ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens@xxxxxxxxxxxx - - CDN Systems, Internap, Inc. http://www.internap.com - - - - We have enough youth, how about a fountain of SMART? - ----------------------------------------------------------------------
