Thanks for the replies (from Dan and Frank)! I'm going to do some thinking--at first I just wanted to find out how we were using so much bandwidth, but, once I do, I might want to try blocking some of it if that won't disable pages that I want to look at.
I'll look for pfSense or OPNSense--apper doesn't list them for Wheezy, but I'm sure I can find them. I don' think I want to try to use a Debian box as a smart router, I'd rather find a packaged solution. (I've done things like that before--I've learned too much about NAT and such over the last 30 years or so. ;-) Just for posterity, here's an example of a <$30 smart gigabit switch on eBay: NEW NETGEAR ProSAFE GS105Ev2 5-Port Gigabit Web Managed (Plus) Switch http://www.ebay.com/itm/NEW-NETGEAR-ProSAFE-GS105Ev2-5-Port-Gigabit-Web- Managed-Plus-Switch-/381923274422 On Thursday, February 02, 2017 11:58:28 AM Dan Ritter wrote: > On Thu, Feb 02, 2017 at 11:19:59AM -0500, rhkra...@gmail.com wrote: > > Aside: I am actually gobsmacked (I don't think I've ever been gobsmacked > > before ;-)--in a week of monitoring, we (my son and I, but with my son > > gone 8 to 12 hours a day) are downloading 1.5 to 4 GB *per day* (and > > uploading 100 to 300 MB *per day*). > > > > Anyway, I want to try to figure out where all this data is going to and > > coming from, at least in terms of the devices we have on our LAN (I'll > > discuss those below), so I'm thinking that a(n inexpensive) managed > > (Ethernet) switch or two (discussed below) might help me do that. > > I think you actually want a smart router. A Debian box with two > or more network interfaces can be such a thing. > > > One thing I want to do is implement QOS--we have two ObiHai VOIP devices > > (which we use pretty rarely, but still want to keep--they might be used > > for 4 calls / 10 to 30 minutes a week). Sometimes the conversation gets > > pretty choppy, probably depending on what my son is doing at the time (I > > mean, like watching a video or something), so I'm hoping that QOS would > > improve that (assuming the packets from the ObiHai device can be > > recognized--I would think they can based on their (private / on the LAN) > > IP addresses. > > A router can do that better than a switch can. > > > Like I mentioned above, the other thing I want to do is start monitoring > > (at least on an occasional / diagnostic basis) the bandwidth used by > > each device. > > Depending on exactly what you want, either a switch or a router > can help here. > > > Layout of the network (for background): > > > > The Earthlink DSL modem (Westell) is followed by an Ethernet (unmanaged} > > switch. > > You would want to put your router in between these. If you can > arrange a third network interface on the router, you could > connect the WiFi hotspot to the router, as well. > > > I see managed 5-port gigabit switches on eBay starting at a little under > > $30, and I'd like to stay close to that as a budget (i.e., ~$60 for 2). > > Of course, if a more featureful switch can monitor the data flows to > > each device from that (central) location, I could spend that ~$60 for > > the more featureful switch). (But there is some value to me to have two > > managed switches such that one would serve as a spare for the central > > one even if being used at other locations for monitoring.) > > > > Advice / comments / recommendations? > > That seems an unlikely price point, even for used equipment on > ebay. And managed switches usually have a minimum of 12 ports, > not 5. (12, 16, 24, 32 and 48 are all common) > > I would recommend putting in a Debian box between the DSL modem > and the ethernet switch. You will need to learn a little about > routing and IP masquerading / NAT, and you will want to set up > firewalling with iptables. > > You can look at traffic in realtime with iftop, which will show > you graphs of the top users by IP address or domain name and > where they are connecting. > > You can set individual traffic counters per IP address or per > service or both with iptables. > > What you won't get is flow information between local devices, > but as I understand it you are more concerned about traffic > in/out to the Internet at large. > > If you set fq_codel as the queue discipline on the interfaces > to the router, you will probably solve most of your traffic > interference problems without mucking with QoS. > > -dsr-