[ale] Monitor Internet Traffic

[George Allen]

RE Queue disciplines: maybe this -> "The Ultimate Traffic Conditioner: Low
Latency, Fast Up & Downloads"
http://lartc.org/howto/lartc.cookbook.ultimate-tc.html

Jumping in a bit late here on the traffic analysis, but if you're router
can generate netflow (ddwrt can, many others should) you can feed it to the
netflow collector on cacti for a graphical view.

Scrutinizer is my go-to tool for analysing netflow graphically. You can get
a free eval vm at
https://www.plixer.com/Scrutinizer-Netflow-Sflow/scrutinizer-download.html
that's more than capable for a small network.

The more light-weight and quick method for flow analysis is argus:
http://qosient.com/argus/ It's an opensource flow analysis tool that has
origins at CERN. You'll have to compile from source, then there are three
tools that will be most useful: argus (collects flow data based on netflow
or libpcap) ratop (for watching live data) ra (for reading argus records
from a file).

Basically, depending on whether your router is sending you netflow, or
collecting at a tap, you set different flags on argus to write these flow
records to a file. The flow records consist of your Src/Dst IP, Src/Dst
Port, Tcp Flags, Timing, Packet and Bit count, etc. Then these files can be
summarized by 'ra' to yield what you're looking for. Examples are here:
http://qosient.com/argus/gettingstarted.shtml and
http://qosient.com/argus/howto.shtml

Let me know if you have questions with Argus. It can be a bit tricky on
initial setup.
-George




On Wed, Aug 12, 2015 at 9:19 PM, Michael Trausch <mike at trausch.us> wrote:

> I will try to find the link later, but the same doc explains the use of
> the tool to nix an uplink buffer to avoid the choked TCP download situation
> on very async pipes, also shows how to bump packets to the front of the
> line, have variable speed limits and so forth. Queue disciplines are to
> Ethernet what a line discipline is to a serial port channel driver.
>
>
>
> Sent from my iPhone
>
> > On Aug 12, 2015, at 9:14 PM, Michael Trausch <mike at trausch.us> wrote:
> >
> > You'll want to read the huge TLDP doc on the subject. The tool you want
> is 'tc', unless you want to go one level lower and speak netlink with the
> kernel.
> >
> > Sent from my iPhone
> >
> >> On Aug 12, 2015, at 3:44 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
> >>
> >> You can set QoS rules somewhere. I've never done that but have a hard
> need (teen and networked games WHILE watching netflix AND group skype call).
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150813/7576e03f/attachment.html>