Record network usage by local source?

vstokesjr · June 9, 2021, 3:23pm

Is there any package that allows us to record network usage by local source? Something similar to vnstat but by each local source?

We use vnstat but it just represents the router as a whole. I would like something that actually tracks the same information but by local source. We have a device that is consuming way to much bandwidth. It's way out of the norm and we cannot figure out why. See below 10.3.17.64:4500 from Real Time Graphs; Connections:

We would like to monitor 10.3.17.64 traffic. The device is a T-Mobile Personal Cell Spot but so is source 10.3.17.94:4500 and, as you can see, there is a huge disparity. 10.3.17.64 is actually in a more isolated area - it should NOT be using so much bandwidth.

faser · June 9, 2021, 3:38pm

tcpdump to collect and wireshark to analyse.
You just would need to have a server with a fast enough connect to write the tcpdump to.

vstokesjr · June 9, 2021, 3:45pm

tcpdump to collect and wireshark to analyse

Hmmm, wireshark would be give me far more details about what is being sent real-time. Something for me to ponder. Thank you.

sml156 · June 9, 2021, 5:42pm

Wireshark is a terrible idea if you have never used it before, The learning curve is steep and time consuming but feel free to try if you really want.

I use wrtbwmon and I think you will agree it looks a lot like what you want

This is the usage page

A small configuration page

This page will allow you to give friendly names to unknown hosts using their mac address.

There are a few tutorials on how to install wrtbwmon but they are old and the version in all have the old package download locations and the end result looks not as nice as the newer version's. -- wrtbwmon is not in OpenWrt's opkg packages list so you will have to download and install it yourself from Github.

I took some notes when I installed wrtbwmon and posted it on old website just so I would remember how I did it.
Here is a TLDR of the main points.

Github location of the dev's.
https://github.com/pyrovski/wrtbwmon/releases/tag/0.37_ipv6 # main pacage
https://github.com/Kiougar/luci-wrtbwmon/releases # needed for displaying in luci

Start by SSH'ing into OpenWrt and download the needed packages, I use curl to download them so first you must install curl if you don't have it already.

opkg update && opkg install curl

now get the packages one line at a time.

curl -k -LO https://github.com/pyrovski/wrtbwmon/releases/download/0.37_ipv6/wrtbwmon_0.37_ipv6_all.ipk

curl -k -LO https://github.com/Kiougar/luci-wrtbwmon/releases/download/v0.8.3/luci-wrtbwmon_v0.8.3_all.ipk

Now install them one line at a time.

opkg install wrtbwmon_0.37_ipv6_all.ipk

opkg install luci-wrtbwmon_v0.8.3_all.ipk

Now you have to make it persist and run at boot.

/etc/init.d/wrtbwmon enable

/etc/init.d/wrtbwmon start

I had to restart.

reboot

Now log onto OpenWrt with your web browser and go to

Network >> Usage >> Configuration

And cheek the box labelled " Persist database "

Now click on the Usage Tab and your list should start populating with data, It may take a while for some devices to populate the list depending on if their actively using the internet.

Shameless plug for my site with the notes on wrtbwmon and more pictures of the SSH output during the commands used.

frollic · June 9, 2021, 6:59pm

If this is only temp logging, cloudshark might be a solution.

Free/demo accounts last 30 days, should be more than enough to find the device generating the traffic.

Note that you'll be sharing your data with a 3rd party.

slh · June 9, 2021, 9:21pm

luci-app-nlbwmon provides per-client statistics.

system · June 19, 2021, 9:21pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.