I’ve been getting repeated emails from my ISP about “exceeding my bandwidth cap” and they feel very incorrect.
My current router is a Cisco RV260, and it doesn’t have a great way of tracking traffic. (There’s a port traffic screen that does give tx/rx bytes, but no way to see any date ranges).
Is there anything out there that can give an accurate account of Internet traffic? It would be nice if I could see destination domain/IPs, just for kicks and giggles, but an overall traffic count is all I really need.
Thanks!
The RV260 supports SNMP. You can use that with a network monitoring tool of your choice to get ifInOctets/ifOutOctets data. The rate of change on those numbers is then the amount of traffic sent/received.
Ah. Good to know! I’m starting to dive down this rabbit hole, and we’ll see where it takes me. Thanks :)
Are you asking for new router suggestions? Or you meant bandwidth monitoring for just one device on your network?
That sort of info is best recorded at the router level. pfSense has packages you can install that record bandwidth usage & are useful for that. Not sure about OPNsense but I think (?) that would have something similar.
I’m intending to upgrade to a pfSense router and some other switch in the future. This is just supposed to be a temporary-ish investigation into the potential fuckery coming from my ISP.
I used to use pfSense. It’s great.
I recently moved to opnSense… And I think it’s better.
Both are good, both are BSD, both have similar settings (tutorials are mostly interchangeable)… But opnSense just does it better, updates more frequently, nicer UI etc.If you are talking to yours ISP, it’s worth getting a bridge modem, and settings details for your own router.
This modem will turn “isp” into ethernet, then your opnSense/pfSense can make the actual connection. This means it gets the public IP directly.I’m already using my own modem, none of that locked-down rental nonsense from my isp.
What hardware do you use for pf/opnSense? All of the recommended stuff I’ve seen is almost prohibitively expensive for my home networking budget.
My home network has one of those fanless 4 port doodaas from Amazon/eBay if you search for pfSense.
Never had an issue with it, I’m on 300/100mbit broadband tho.For another project for 10gbps networking, I used a refubed single-socketed dell r630. Probably massively overkill. Also, never saw traffic anywhere near 10gbps… So can’t really comment on that.
Yeah, those little micro units are what I had seen recommended. $300-400 is definitely pushing it for me. Especially when I would also want a bigger switch to accompany it.
Guess I need to stop eating avocado toast.
Edit: how is the stability/uptime for those little machines? Historically, I’ve always had problems with my routers needing to be rebooted at least once a month after they’ve been in service for 18-24 months. Even my current “business class” cisco router is crapping out on me every month.
My home box ran for a few years with no issues, until I started having DNS issues. I’m fairly certain that was unbound and the blocklists I had selected, tho.
I set up a Cron job to update the block lists every night, and give unbound service a restart.
It’s been solid since then, and my DNS issues have disappeared.Now, I am checking for updates and installing those every few months. So it gets a restart when that happens.
You could get a refurbished SFF computer that has a low profile PCIe slot, and put an Intel 4 port network card in it.
Would probably cost $150 tops. And its a solid entry! Certainly, that’s what I used before I bought one of the fanless network appliance type things.I have my old Athlon fx lying around. Needs a case, psu, and the nic… Hmmmm
I prefer to run hardware supported by OpenWRT or DDWRT. These have monitoring and firewall options under access control.
If you are not the type to flash your own hardware, pcWRT might be an option. It is small business consisting of a dude in Texas that created a simplified front end for OpenWRT. You just have to trust him, which I haven’t had a problem with, and is probably better than trusting whatever underpaid person has access to similar interfaces for whatever commercial vendor you choose. He has a well secured SSH used to send out occasional updates for the device automatically. His setup does not give you access to the underlying OpenWRT system behind his front end, but with a USB to serial converter and a port on the board you can access OpenWRT in a terminal. I have it setup to log any activity and never had any issues. I’m no expert, but I did install Gentoo once.
https://shop.pcwrt.com/collections/all
No affiliation/not an affiliate link. Beware that some people pushing his stuff are doing an affiliation deal. Also, while his stuff is nice and relatively simple, it has more value in the past when OpenWRT was much harder to setup on your own. OpenWRT is open source but the pcWRT frontend is not.
I feel like it’s just me, but all of my devices with Open/DDWRT crap out after a couple years. Even well-reviewed prosumer-grade gear ends up becoming wildly unreliable in an unacceptably short amount of time. I had to double-check, and my order history puts me at a new router every 2-3 years. This “business class” RV260 will be hitting 2 years in the fall, and I’m already experiencing wonky behavior where it needs to be rebooted regularly. Maybe it’s just an unspoken truth that anything below true “enterprise tier” kit requires a weekly reboot. I should just put it on an outlet to cycle the power every Sunday at 2am or something…
That said, I do love DDWRT!
Hey, I thought of mentioning, but got sidetracked and forgot. Most of the dozen or so consumer grade routers I have hacked around with seem to have less than optimal placement of DC stepdown converters located around the processor and radio circuit blocks. I mean, they appear to be optimised for radio as the primary design constraint, not for what is best for the DC converter operation. They tend to place electrolytic capacitors in close proximity to circuit blocks that get quite warm. I can’t say how often capacitors are creating problems, but it would not surprise me if this is the cause of many issues for many people after a year or two. I can say that I had problems with a cable company provided modem a few years ago. It had an obvious leaky cap and several that were around 25% out of spec, along with a couple identical parts that were around 5% out as I would expect with my typical shelf stock. Replacing all of them fixed the modem.
This is actually a great theory. I’ve fixed several monitors and TVs that were just bad capacitors. It’s a logical conclusion with these, too.
deleted by creator
Cisco came up with Netflow for detailed traffic monitoring years ago but who knows if your device supports it. You’ll need a server on your home network that will collect the summaries from your router.
ntopng is a common open source version of this concept, with an appropriate sensor. It can tell you exactly how many bits have been sent from what device to what upstream host. It’ll also tell you the traffic type (HTTPS, QUIC, BitTorrent, etc.), what country the IP is in, and so forth.
Note that for long-term data storage, you may need a hard drive of considerable size. The size of the data export depends on how many unique sessions your network is setting up, but if you’re getting bandwidth warnings from your ISP I would think you’ll make quite a few.
There’s a good chance your router doesn’t support the right protocols to set this up. In that case, you can periodically collect statistics and information over SNMP. It won’t be nearly as detailed, but it should allow you to graph network usage over time.
This is the guide for setting up flow exports for Cisco hardware: https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/netflow/Cisco_NetFlow_Configuration.pdf
Here is the ntopng guide: https://www.ntop.org/guides/ntopng/what_is_ntopng.html
There are alternatives for ntopng, be sure to look around for what suits you best.