Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Bandwidth Monitor

  1. #1
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741

    Bandwidth Monitor

    I have been having a strange issue recently at home. I am hoping to do some analysis but dont have a lot of experience in investigating network traffic/packets...

    One of many issues:
    I have some roommates that rent from me in my house and use various amounts of bandwidth for whatever.

    I am an avid gamer as is one of my other roommates but whenever we both get online and play something like halo 3 we end up killing the network connection. In order to fix this issue I have to reboot the router and cable modem wait and then it will work again for x amount of time before we kill it again. Its getting quite annoying.

    Background Info:

    Network setup:
    Code:
    WAN>Linksys Cable Modem> Linksys WRTG54g wireless Router>Some PC's
                                           |-------->Cisco 2624 Switch>PC's,Xbox
    I cant remember if the switch is connected with a crossover or a straight thru cable, not sure if that matters.

    Now I currently have the Xbox port forced to 100/full on the switch and dont really see a setting for that in the xbox, this could be part of the issue. I dont have any VLAN's setup on the switch either, everything is currently defaulting to VLAN 1 as I have never had to setup VLAN's before so I dont know how to segment it. I will probably do that soon to isolate game stations vs my PC and then my roommates PC's so I can keep them away from my ****.

    Goal:
    I would like to be able to see why the internet is crashing, overload? bad packets? not sure what might be happening. I would like to make sure bandwidth to each node is controllable. I would like to do any other cool things that might force me to learn something about my network.

    I have an extra PC that I was testing Ubuntu on so I have a PC I can dedicate to this if I need to set it up as a box, ideally i would like to use this box to run a firewall between my modem and router but thats open to discussion and can be compelted after I troubleshoot my current issue.

    Any help would be appreciated.
    Last edited by Spyrus; November 14th, 2007 at 05:19 PM.
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    The router probably can't keep up with the amount of traffic you are throwing at it. Those little things don't have very much memory in them and it is fairly easy to exhaust the the memory and/or connections table. There are many different versions of those routers with various system specs, so you can look up your model and check out this wiki to see how much you can't do with them...

    This also happens a lot with things like bittorrent and even nmap depending on which scan you use. I use to DoS myself with nmap when trying to scan some host outside my LAN before I had a decent edge device...

    If you really want to see what is going on with the device itself, load a custom firmware on it (such as ddwrt) and watch the cpu and memory usage as well as the number of connections.

    Something that is pretty quick and easy to do is to just put a NTOP sensor in between your router and the hosts on your network. That'll give you a good breakdown of who's doing what, how much bandwidth is being used and by which protocols. You can use your Cisco switch to SPAN the ports you want to monitor and plug your NTOP sensor in there with no IP bound to it's monitoring interface.

    If you want a canned linux distro, I've been a fan of IPCOP for home use for a long time now. It's simple to setup and it has quite a few nice features and an active support and development/addon community. This would be the easiest approach and is good for starters.

    If you want to get complicated and make your own, Linux is def. the way to go. Some packages you might want to include are iptables, fwbuilder (for management of the fw policy), openvpn, nagios, cacti, ntop, snort w/MySQL if you want IDS, and of course the other normal stuff like DHCP, NTP, SYSLOG, TCPD and QoS. I would use three interfaces. One for one for external, one for internal and one for snort and ntop. Keep in mind, running all of that on one box will take up quite a bit of resources depending on which rulesets you choose for snort and how much traffic you're analyzing with ntop.

    You could probably do without nagios if you really don't want to monitor services. This is probably overkill... but I like it.

    Cacti will monitor and keep a history of resources such as CPU, memory, traffic over the interfaces, etc. Nice pretty graphs and whatnot.

    Ntop will give you tons of stats about your network... top talkers, how much bandwidth each host is using and for which protocols.

    I suppose it really depends on how big of a project you want to make it and how good you are with networking and linux.

    Keep in mind, that in order to use VLANs you need some layer three device to route the traffic between the VLANs. So, you'll need another router if you want to implement VLANs. This could cause a bottleneck between the VLANs depending on your router interface speeds and is pretty much overkill for a home setup...
    Last edited by phishphreek; November 14th, 2007 at 07:46 PM.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I used to have this issue at home...recently got a newer modem and it hasnt happened since..

    Another thing I used to do is adjust the MTU settings on the router on some sites with repeated disconnects
    Ping with some switches set to determine the best MTU setting.

    Open a command prompt and type ... ping google.com -f -l xxxx ..... xxxx is the packet size. Start with 1492 and reduce it until you don't see the message "Packet needs to be fragmented"

    Then place this value in your MTU settings box in your router.

    May help

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #4
    Senior Member
    Join Date
    Oct 2007
    Location
    do a whois search on my ip...
    Posts
    268
    also depends on your isp and what package you have purchased from them! If your not sure that you have enough bandwidth call up your tech support and ask them how much your getting...

    my friend would play halo 3 and his girlfriend would get on a laptop, it would lag the game out completely. I called his isp for him and he had 100k package; as soon as he upgraded they gave him 3000k and he has been happy ever since.

    Most likely its the wrt54g like phishphreek said, those are good for an xbox and laptop at most... going beyond that I wouldn't use wireless. I have two xbox 360's, and two computers all wired and there is no lag...

  5. #5
    Senior Member
    Join Date
    Oct 2004
    Posts
    183
    Quote Originally Posted by morganlefay
    ... Open a command prompt and type ... ping google.com -f -l xxxx ..... xxxx is the packet size. Start with 1492 and reduce it until you don't see the message "Packet needs to be fragmented"

    Then place this value in your MTU settings box in your router.
    I came across this http://help.expedient.com/broadband/mtu_ping_test.shtml which recommends a similar technique, but it suggests adding 28 to account for the IP/ICMP headers. I've always had my Netgear router set to MTU = 1500 (as recommended by my ISP) which correlates with what I've just found. The maximum size which doesn't fragment is 1472 to which I add 28 = 1500. I've seen a few sites without the recommendation to add 28 so which is correct - add 28 or not?

  6. #6
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Not sure about the 28....I just know I improve performance with multiple computers hooked up....usually to older router\modems....or both ...or one....by lowering MTU settings on the router

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    source mac: 6 bytes
    destination mac: 6 bytes
    source ip: 4 bytes
    destination ip: 4 bytes
    source port: 2 bytes
    destination port: 2 bytes
    checksum: 4 bytes
    ----------------------------- +
    total: 28 bytes

    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Senior Member
    Join Date
    Oct 2004
    Posts
    183
    Quote Originally Posted by SirDice
    source mac: 6 bytes
    destination mac: 6 bytes
    source ip: 4 bytes
    destination ip: 4 bytes
    source port: 2 bytes
    destination port: 2 bytes
    checksum: 4 bytes
    ----------------------------- +
    total: 28 bytes

    I realise where the 28 comes from - does this mean that you recommend adding the 28 (to, for instance, 1472) or leave the MTU as 1472? As I mentioned, I've seen some sites which recommend adding and others not adding 28. Both options can't be right because the whole intention is to *optimise* the MTU!

  9. #9
    Senior Member
    Join Date
    Apr 2005
    Location
    USA
    Posts
    422
    Quote Originally Posted by morganlefay
    I used to have this issue at home...recently got a newer modem and it hasnt happened since..
    Just curious, what was the new modem that hasn't given you issues?

  10. #10
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Seimens...not sure of the model

    and I cant remember to make of the old one...but it was over 5 years old....so is my router..but I have updated firmware

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

Similar Threads

  1. Hacker Horror stories
    By gore in forum Tech Humor
    Replies: 8
    Last Post: January 23rd, 2008, 08:17 PM
  2. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  3. Getting the Most out of your Bandwidth
    By sickyourIT in forum Other Tutorials Forum
    Replies: 27
    Last Post: July 9th, 2003, 07:54 AM
  4. Bandwidth Usage Monitor Software
    By micky05 in forum AntiOnline's General Chit Chat
    Replies: 2
    Last Post: December 18th, 2002, 03:49 PM
  5. XFree86 And Xinerama Multi-monitor Tutorial
    By The_Magistrate in forum Other Tutorials Forum
    Replies: 1
    Last Post: August 3rd, 2002, 10:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •