internet traffic monitor help

badcookies

[H]ard|Gawd
Joined
Mar 17, 2010
Messages
1,589
Sooooo in unpredictable times throughout the night while im gaming (mainly FPS) my ping will spike from around 50ms to almost 2.5 seconds. The spikes resemble times when I'm gaming and say steam decides to download an update and blows up my bandwidth. (no, the above situations is not steam anymore as I've limited updates to specific times when I'm sleeping). I have 2 phones, 2 tablets, a laptop, 4 smart power sockets, a TV, an xbox, chromecast, fire stick, wifi printer, a smart watch, and my gaming rig that is usually on the network with hardly an issue. I need to know which device is hogging the pipes.

I need recommendations on a program that will allow me to monitor in real-time the up/down of each device on my network so that I can determine the culprit. I've used wireshark but its just connections and packets as far as i can tell. I don't know how to determine the real-time up/down if that is even a feature of wireshark. DD-WRT is not supported on the asus RT-N56U i have and the oem gui traffic monitor is total usage.

help?
 

bman212121

[H]ard|Gawd
Joined
Aug 18, 2011
Messages
1,815
So the only way to properly monitor this is to send all of the traffic through a device of some type. You can't see all of the data flowing through your network with wireshark from one computer because it won't see traffic that isn't being sent through that device. As far as I know there isn't a bandwidth monitor in wireshark either, it's meant more for debugging traffic than traffic totals. So this is where SOHO devices like the ASUS fall apart, because it doesn't offer an option in the GUI, and there is no way to pull that information from it.

If you have a spare pc lying around, this is where people start using distros like PFSense. It offers a built in traffic graph that allows you to see which IP is using data, and how much. It's not my favorite, but it's a quick and dirty real time chart to show bandwidth usage. You can get more detailed information from programs like darkstat or bandwidthd, but they require some work to setup and use.

pfsense_traffic_graph_average.png


Here's an older picture of it. The interface is changed slightly in the new version, but otherwise works about the same.


To actually set this up so you can see traffic from all device, you'd need to plug the WAN port of a PFSense box into your cable modem, then you need to plug the LAN port of your PFSense box into the LAN port on the ASUS. Make sure you turn off DHCP on the ASUS, so all of your wireless clients get an IP from PFSense. Then you can continue to use the wifi from your ASUS but still be able to see any traffic that is flowing from it.

There is basically no other way to get the info than swapping to a different router. You won't have the ability to see any traffic flows that go through it's WAN port, so there is no software you can use to accomplish it with your current device.
 

badcookies

[H]ard|Gawd
Joined
Mar 17, 2010
Messages
1,589
hmm i didn't realize it would be that complicated but it does make sense... i have a raspberry pi 3+...i wonder if i could use that + usb ethernet port to make a PFsense box. do you think it's something worth the trouble (assuming the distro works on pi)? or should i just find a new router? im open to upgrading from this n router to a more future-proof AC router.
 

bman212121

[H]ard|Gawd
Joined
Aug 18, 2011
Messages
1,815
I don't believe PFSense would run on a Pi but there might be something else that could. If you were to get a new router then you'd have to find on that has the features you want. To make it nice and easy for you, you'll really need something with 2 Ethernet ports on it. You have a ton of gadgets but I'm guess you don't have a lot of desktops just laying around to fiddle with. It does sound like DD-WRT should be able to do it though, so that might be the best bet / excuse to get a new router.

Best I can see if that IPFire might support the Pi, but I don't know what kind of packages or options it has, so it might be down a rabbit hole to get that going.
https://downloads.ipfire.org/latest
 

Mega6

2[H]4U
Joined
Aug 13, 2017
Messages
3,556
PFSense sux. The Chinese hackers cut through that like hot knife through butter. Custom iptables scripts is the way to go if you can.

Turn your devices off one by one per gaming session. You will find out quick which one is a fault.
 

SticKx911

2[H]4U
Joined
Mar 14, 2004
Messages
2,509
I’m in a similar boat (something bogging my network down) except I have nearly 100 devices including 4 separate ddwrt routers all running through powerline adapters. Ddwrt only tracks usage through a particular input/output. Like lan, wan, wlan. Not particularly useful if trying to track down individual devices.
 

bman212121

[H]ard|Gawd
Joined
Aug 18, 2011
Messages
1,815
I’m in a similar boat (something bogging my network down) except I have nearly 100 devices including 4 separate ddwrt routers all running through powerline adapters. Ddwrt only tracks usage through a particular input/output. Like lan, wan, wlan. Not particularly useful if trying to track down individual devices.

Yea I see what you're saying. The link I was looking at with using an add-on to do it, but it sounds like it's been depreciated.

https://csdprojects.co.uk/ddwrt/

I see several projects to do something like that, but all of them have either a script or an add-on.

https://github.com/vortex-5/ddwrt-bwmon


In your case I'd definitely think about moving up to something better than custom firmware on a SOHO device. Those little processors have limited amount of power and memory, and often can choke when the number of states gets too high. You can continue to use the DD-WRT as LAN APs, but whatever is your edge device just needs to be swapped out for something a bit more powerful. (I don't know if that's also a DD-WRT router or if you already have something else)
 

Biznatch

2[H]4U
Joined
Nov 16, 2009
Messages
2,224
PFSense sux. The Chinese hackers cut through that like hot knife through butter. Custom iptables scripts is the way to go if you can.

Turn your devices off one by one per gaming session. You will find out quick which one is a fault.


PFSense is based on freebsd and ads a web GUI to manage the firewall/additional services.

Please back up your claims with a source/documentation or stop spreading bullshit (As well as poor troubleshooting advice....)
 

Mega6

2[H]4U
Joined
Aug 13, 2017
Messages
3,556
PFSense is based on freebsd and ads a web GUI to manage the firewall/additional services.

Please back up your claims with a source/documentation or stop spreading bullshit (As well as poor troubleshooting advice....)


The source is me.. Go ahead and install it if u want. I'm just relaying the events.
 

cheap50

n00b
Joined
Feb 27, 2018
Messages
44
I didn't see this asked. Have you confirmed the (suspected) congestion is inside your home network? If not, that should be your next step. No need to waste time troubleshooting an ISP issue.
 

Biznatch

2[H]4U
Joined
Nov 16, 2009
Messages
2,224
The source is me.. Go ahead and install it if u want. I'm just relaying the events.


Well can't refute evidence (bullshit) from a source like that......


I've run PFsense at home for 6+ years, and for almost that at multiple corporate offices with 100's of users. It's packaged as an enterprise firewall solution, and is used by a lot of companies. If what you said has any basis in reality, that shit would be all over the security sites, and even their own forums......

So again, stop spreading unfounded bullshit as if it were fact.
 

Mega6

2[H]4U
Joined
Aug 13, 2017
Messages
3,556
Well can't refute evidence (bullshit) from a source like that......


I've run PFsense at home for 6+ years, and for almost that at multiple corporate offices with 100's of users. It's packaged as an enterprise firewall solution, and is used by a lot of companies. If what you said has any basis in reality, that shit would be all over the security sites, and even their own forums......

So again, stop spreading unfounded bullshit as if it were fact.


You're right - I imagine the whole thing and if it isn't on the internet it didn't happen. You go ahead and use PFshit and all is good. Sleep well.

Maybe it was this. Timing is right.

https://www.exploit-db.com/exploits/36506/

My apologies to OP on the thread sidetrack, some people, ya know?
 
Last edited:

Biznatch

2[H]4U
Joined
Nov 16, 2009
Messages
2,224
You're right - I imagine the whole thing and if it isn't on the internet it didn't happen. You go ahead and use PFshit and all is good. Sleep well.

If one of the biggest open source firewalls out, used by a very high number of small to large corporations doesn't have posts on security blogs about chinese hackers 'slicing through it like butter', then finally you are correct. It didn't happen.

You can't even give a simple source, attack vector used, or even express basic knowledge of the product itself. So why would anyone take your word for it?
 

Mega6

2[H]4U
Joined
Aug 13, 2017
Messages
3,556
Anyway back on subject, custom firewalls iptables, my fancy gui (ports included) : Obsolete Freeware.WallWatcher. Can't recommend because there are dll's and ocx's I had to hunt down and install to get it to work. Looks a lot nicer when it actually parses the log instead of just displaying kernel messages routed to drop. Parses logs nice on DD-WRT. You can always create a jffs partition on the router, log to it. ssh in via putty and tail -f. On my LinkSys - custom iptables firewall, use insert and start at 1 to bypass the standard rule set and start my rules first, breaks some things in dd-wrt like port forwarding, but I created those as well for things like steam, ect. so it hardly matters. Just a gui page to ignore. Even using dynamic established - related rules - it takes a bit to build up your standard ruleset. Version and archiving will save a load of time and effort. Ports display nice, 23 22 are the favorites of course. Those get thrown in the trash first.

2rcsetu.png
 
Last edited:
Top