DD-WRT & rflow collector

Hi All,

My friend has a bunch of students living with them and the students
are using all her bandwidth in a week, they are then throttled by the
ISP back to dialup - ouch.

Anyway she has a router with DD-WRT on it, and I was looking at
putting some traffic monitoring software in place to see who the
offender is.

I have googled it and seen some info on rflow collector, but am still
trying to get my head around how it all fits together.

If I understand what I have read so far correctly then:

1. Mysql stores the data in a table
2. rflow collector writes the data to the database

But does rflow collector also display the data or is another program
required?

This is on a Windows XP Machine.

I have tried Open Xtra MRTG and NTOP on my PC, but it only seems to
monitor whats happening on my NIC not the router?

Please any help or suggestions appreciated.

Ta

-Al

(E-Mail Removed) wrote:
> Hi All,
>
> My friend has a bunch of students living with them and the students
> are using all her bandwidth in a week, they are then throttled by the
> ISP back to dialup - ouch.
>
> Anyway she has a router with DD-WRT on it, and I was looking at
> putting some traffic monitoring software in place to see who the
> offender is.
>
> I have googled it and seen some info on rflow collector, but am still
> trying to get my head around how it all fits together.
>
> If I understand what I have read so far correctly then:
>
> 1. Mysql stores the data in a table
> 2. rflow collector writes the data to the database
>
> But does rflow collector also display the data or is another program
> required?
>
> This is on a Windows XP Machine.
>
> I have tried Open Xtra MRTG and NTOP on my PC, but it only seems to
> monitor whats happening on my NIC not the router?
>
> Please any help or suggestions appreciated.
>
> Ta
>
> -Al
>
>
Did you check the DD-WRT Tutorial?
<http://www.dd-wrt.com/wiki/index.php/Using_RFlow_Collector_and_MySQL_To_Gather_Traffic_ Information>

On May 22, 6:01 pm, LR <l...@privacy.net> wrote:
> BigAl...@gmail.com wrote:
> > Hi All,
>
> > My friend has a bunch of students living with them and the students
> > are using all her bandwidth in a week, they are then throttled by the
> > ISP back to dialup - ouch.
>
> > Anyway she has a router with DD-WRT on it, and I was looking at
> > putting some traffic monitoring software in place to see who the
> > offender is.
>
> > I have googled it and seen some info on rflow collector, but am still
> > trying to get my head around how it all fits together.
>
> > If I understand what I have read so far correctly then:
>
> > 1. Mysql stores the data in a table
> > 2. rflow collector writes the data to the database
>
> > But does rflow collector also display the data or is another program
> > required?
>
> > This is on a Windows XP Machine.
>
> > I have tried Open Xtra MRTG and NTOP on my PC, but it only seems to
> > monitor whats happening on my NIC not the router?
>
> > Please any help or suggestions appreciated.
>
> > Ta
>
> > -Al
>
> Did you check the DD-WRT Tutorial?
> <http://www.dd-wrt.com/wiki/index.php/Using_RFlow_Collector_and_MySQL_...>

Yes, and it says you can use a query browser to view the
network....sounds like I almost need to be a DB programmer to do
this....I just want to view traffic amounts back to clients!!!!!

Isnt there a easier way?

>> Did you check the DD-WRT Tutorial?
>> <http://www.dd-wrt.com/wiki/index.php/Using_RFlow_Collector_and_MySQL_...>
>
> Yes, and it says you can use a query browser to view the
> network....sounds like I almost need to be a DB programmer to do
> this....I just want to view traffic amounts back to clients!!!!!
>
> Isnt there a easier way?

Good, fast, cheap... pick two. That's the rule. What you're after is
doable and the software for it is all free. The expense is your time to set
it all up. C'est la vie.

On Wed, 21 May 2008 23:44:34 -0700 (PDT), (E-Mail Removed) wrote:

>> Did you check the DD-WRT Tutorial?
>> <http://www.dd-wrt.com/wiki/index.php/Using_RFlow_Collector_and_MySQL_...>
>
>Yes, and it says you can use a query browser to view the
>network....sounds like I almost need to be a DB programmer to do
>this....I just want to view traffic amounts back to clients!!!!!
>
>Isnt there a easier way?

Easier? Sure, just pound the students into submission. Violence
always works. It might also be easier to use QoS and apply quotas.
Another easier way is to apply time slicing. Give each student 1 hour
of internet time in rotation and bill them by the connect time. The
easiest way (for me, in my limited experience) is to publicly post
their individual traffic statistics. That will generate all manner of
embarassing questions and tends to discourage overuse and abuse.

Now, if you wanted a "better" way, instead of an "easier" way, there's
always SNMP, which is part of the DD-WRT distribution. Like RFLOW,
the problem is that you'll need a dedicated PC, running continuously,
to do the logging. There's not enough horsepower or flash space in
the WRT54G to store all the collected data.

For SNMP monitoring, I suggest RRDTool running on your favorite Linux
distribution:
<http://oss.oetiker.ch/rrdtool/>
with a Cacti front end:
<http://www.cacti.net/>
If that's too much, you can get a start with PRTG:
<http://www.paessler.com/prtg>
which does both SNMP and Netflow. You can sorta monitor by MAC
address, so that you don't have to deal with seperating out the
traffic by user. However, the free version of PRTG only does 3 OID's,
so you'll need to spend the $100 for the commercial version. Send the
bill to the students, which may in itself solve the problem. If not,
there are plenty of other tools.

RFlow uses a version of Cisco IOS Netflow. There are apparently
plenty of monitoring and logging tools available. For example:
<http://nst.sourceforge.net/nst/docs/user/ch09s02.html> (nice image)

You might also take a look at Wallwatcher:
<http://sonic.net/wallwatcher/>
It can't seperate out the traffic by client IP, so it won't do what
you want, but it's a useful tool for collecting overall traffic data
and sniffing, without the complexities of SNMP and Netflow.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On May 22, 12:32 am, BigAl...@gmail.com wrote:
> Hi All,
>
> My friend has a bunch of students living with them and the students
> are using all her bandwidth in a week, they are then throttled by the
> ISP back to dialup - ouch.
>
> Anyway she has a router with DD-WRT on it, and I was looking at
> putting some traffic monitoring software in place to see who the
> offender is.
>
> I have googled it and seen some info on rflow collector, but am still
> trying to get my head around how it all fits together.
>
> If I understand what I have read so far correctly then:
>
> 1. Mysql stores the data in a table
> 2. rflow collector writes the data to the database
>
> But does rflow collector also display the data or is another program
> required?
>
> This is on a Windows XP Machine.
>
> I have tried Open Xtra MRTG and NTOP on my PC, but it only seems to
> monitor whats happening on my NIC not the router?
>
> Please any help or suggestions appreciated.
>
> Ta
>
> -Al

I use Rflow, and though it's minimal, it does help me get an idea of
what's going on and I haven't found anything else so direct and simple
excepting NTOP which is even less supported and trickier. There is
almost no documentation on Rflow and very little adjustment,but it
works. I certainly wish somebody would give it some attention, I'd
pay for it.

But it works and YOU DON'T NEED MySQL to use it. It will show each
user currently connected to the router and how much they are
downloading and uploading. If you keep it running all the time, you
can see running totals for all users. It's a bit hard to sort out
the obscure labeling, but you can figure out which data columm serves
you.

So, if you don't want to get into the SNMP programs, which I
personally couldn't sort out in a week of study, then try Rflow. It's
very easy to install and you can make up a text list of MAC addys
linked to user names that it will load when it starts.

The tricky part is that you need to have it running on some pc all the
time. Also, the numbers are tied to each MAC-IP assignment, so if
somebody goes offline and then comes on with a new IP, then you lose
their old data. Best to assign IPs for longer term tracking.
Certainly using it with MySQL is the way to go, but again, I don't
want to spend a week learning it either.

Two other comments:

1) I also put DU meter on the individual problem machines so that the
users know what they are doing too. It's specific to the local machine
and helps them self-police. DU meter costs money but there are free
local bandwidth meters too.

2) V24 of DD-WRT has bandwidth monitoring of it's own. I kinda doubt
it will serve you much, but you may want to upgrade dd-wrt (carefully-
get the right file ) if you don't have v24 and check that out too.

So, try out Rflow. If you run into trouble, ask here. The DD-WRT
forum won't help much on this for some reason, but do a search for it
there, many questions (with a few answers) about it are mine !

Steve

Cheers Jeff,

yes the PRTG was easy.

There is also MRTG which is completely free - tried that one?

I have four clients that i need to monitor, so damn, one more than
PRTG wil give me.

-Al

I would love to try it but as you say there is very little
documentation.

Could you post some instructions here? I have a spare PC it could run
on....

Cheers

-Al


seaweedsl wrote:
> On May 22, 12:32 am, BigAl...@gmail.com wrote:
> > Hi All,
> >
> > My friend has a bunch of students living with them and the students
> > are using all her bandwidth in a week, they are then throttled by the
> > ISP back to dialup - ouch.
> >
> > Anyway she has a router with DD-WRT on it, and I was looking at
> > putting some traffic monitoring software in place to see who the
> > offender is.
> >
> > I have googled it and seen some info on rflow collector, but am still
> > trying to get my head around how it all fits together.
> >
> > If I understand what I have read so far correctly then:
> >
> > 1. Mysql stores the data in a table
> > 2. rflow collector writes the data to the database
> >
> > But does rflow collector also display the data or is another program
> > required?
> >
> > This is on a Windows XP Machine.
> >
> > I have tried Open Xtra MRTG and NTOP on my PC, but it only seems to
> > monitor whats happening on my NIC not the router?
> >
> > Please any help or suggestions appreciated.
> >
> > Ta
> >
> > -Al
>
> I use Rflow, and though it's minimal, it does help me get an idea of
> what's going on and I haven't found anything else so direct and simple
> excepting NTOP which is even less supported and trickier. There is
> almost no documentation on Rflow and very little adjustment,but it
> works. I certainly wish somebody would give it some attention, I'd
> pay for it.
>
> But it works and YOU DON'T NEED MySQL to use it. It will show each
> user currently connected to the router and how much they are
> downloading and uploading. If you keep it running all the time, you
> can see running totals for all users. It's a bit hard to sort out
> the obscure labeling, but you can figure out which data columm serves
> you.
>
> So, if you don't want to get into the SNMP programs, which I
> personally couldn't sort out in a week of study, then try Rflow. It's
> very easy to install and you can make up a text list of MAC addys
> linked to user names that it will load when it starts.
>
> The tricky part is that you need to have it running on some pc all the
> time. Also, the numbers are tied to each MAC-IP assignment, so if
> somebody goes offline and then comes on with a new IP, then you lose
> their old data. Best to assign IPs for longer term tracking.
> Certainly using it with MySQL is the way to go, but again, I don't
> want to spend a week learning it either.
>
> Two other comments:
>
> 1) I also put DU meter on the individual problem machines so that the
> users know what they are doing too. It's specific to the local machine
> and helps them self-police. DU meter costs money but there are free
> local bandwidth meters too.
>
> 2) V24 of DD-WRT has bandwidth monitoring of it's own. I kinda doubt
> it will serve you much, but you may want to upgrade dd-wrt (carefully-
> get the right file ) if you don't have v24 and check that out too.
>
> So, try out Rflow. If you run into trouble, ask here. The DD-WRT
> forum won't help much on this for some reason, but do a search for it
> there, many questions (with a few answers) about it are mine !
>
> Steve

On Fri, 23 May 2008 04:38:48 -0700 (PDT), (E-Mail Removed) wrote:

>yes the PRTG was easy.
>There is also MRTG which is completely free - tried that one?

Yes. I wrote the unofficial instructions for using it under Windoze
95, 98, and ME:
<http://www.LearnByDestroying.com/mrtg/docs/w95mrtg.htm>
Tobias hates Win95, 98, and ME, so I got stuck with the task.

MRTG is easy to setup simple things, but it has some limitations.
1. It uses Perl scripts, which tend to be slow on slow machines.
2. It only graphs 2 OID's per graph, which is rather limiting when
you're trying to graph traffic for more than two users, or two
services.
3. Monitoring large number of devices rapidly becomes an
administrative nightmare.
4. One mistake in mrtg.cfg and things really screwup. Diagnostic
output is rather marginal.

>I have four clients that i need to monitor, so damn, one more than
>PRTG wil give me.

More than 4. You'll also need total traffic in and out to make sure
you haven't missed anyone, such as visiting laptops.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On May 24, 3:09*am, Jeff Liebermann <je...@cruzio.com> wrote:
> On Fri, 23 May 2008 04:38:48 -0700 (PDT), BigAl...@gmail.com wrote:
> >yes the PRTG was easy.
> >There is also MRTG which is completely free - tried that one?
>
> Yes. *I wrote the unofficial instructions for using it under Windoze
> 95, 98, and ME:
> <http://www.LearnByDestroying.com/mrtg/docs/w95mrtg.htm>
> Tobias hates Win95, 98, and ME, so I got stuck with the task.
>
> MRTG is easy to setup simple things, but it has some limitations. *
> 1. *It uses Perl scripts, which tend to be slow on slow machines.
> 2. *It only graphs 2 OID's per graph, which is rather limiting when
> you're trying to graph traffic for more than two users, or two
> services.
> 3. *Monitoring large number of devices rapidly becomes an
> administrative nightmare.
> 4. *One mistake in mrtg.cfg and things really screwup. *Diagnostic
> output is rather marginal.
>
> >I have four clients that i need to monitor, so damn, one more than
> >PRTG wil give me.
>
> More than 4. *You'll also need total traffic in and out to make sure
> you haven't missed anyone, such as visiting laptops.
>
> --
> Jeff Liebermann * * je...@cruzio.com
> 150 Felker St #D * *http://www.LearnByDestroying.com
> Santa Cruz CA 95060http://802.11junk.com
> Skype: JeffLiebermann * * AE6KS * *831-336-2558

Whats a OID?