You might look at the Ubiquiti EdgeRouter X Advanced Gigabit Ethernet Routers
ER-X 256MB Storage 5 Gigabit RJ45 ports abut $50 on Amazon. It actually runs a
small Debian like OS. It is configured by a web interface and a command line
interface through ssh or embedded in the web interface. It has counters and
displays graphs of the current throughput of each port. The basic router
configuration (configured by wizards to get you started) has one port to connect
to the internet (your dsl modem) and NATed to the other 4 ports set up like a
switch. It has a DHCP server to assign internal IP addresses on your LAN if you
want. Mirroring is also possible through the command line interface. Port rate
limiting is also possible. While I use a Debian box for my main router/firewall
I have been experimenting with a ER-X for a while as a backup in case the Debian
box goes down.
I also have a TP-Link 5-Port Gigabit Ethernet Web Managed Easy Smart Switch
(TL-SG105E v2.0) about $28 on Amazon. It has a Web configuration interface
(make sure you get the V2.0) and can be easily set up to mirror ports. This is
not a router so it won't protect your internal LAN like the ER-X would.
Now to actually monitor the traffic from a mirrored port connected to your
desktop Debian you can use wireshark. It can display traffic in real time
showing source and destination address/names and protocols. It can filter by IP
so you could just see the traffic your son generates. You can graph the data
also. Wireshark has many ways to see the data it collects. My favorite is
"conversations" which shows source and destinations and packets/bytes
transferred. For instance you might see your son's internal IP going to youtube
and the data he uses just to watch a video.
Another program I use to just watch data amounts being used is vnstat. It can
show data usage by hour, day or month. Just install vnstat on each Debian
machine and have the results of "vnstat -i eth0 -d" emailed to you every day by
a crontab entry. Here is an example of what is on my outgoing port on my route
box.
vnstat -i eth1 -d
eth1 / daily
day rx | tx | total | avg. rate
------------------------+-------------+-------------+---------------
01/05/2017 4.82 GiB | 274.30 MiB | 5.09 GiB | 493.72 kbit/s
01/06/2017 5.16 GiB | 250.13 MiB | 5.40 GiB | 524.53 kbit/s
01/07/2017 4.13 GiB | 271.32 MiB | 4.39 GiB | 426.58 kbit/s
01/08/2017 4.61 GiB | 267.46 MiB | 4.87 GiB | 472.95 kbit/s
01/09/2017 3.35 GiB | 624.10 MiB | 3.96 GiB | 384.68 kbit/s
01/10/2017 4.72 GiB | 263.63 MiB | 4.98 GiB | 483.42 kbit/s
01/11/2017 5.02 GiB | 303.67 MiB | 5.32 GiB | 516.44 kbit/s
01/12/2017 2.87 GiB | 194.76 MiB | 3.06 GiB | 297.22 kbit/s
01/13/2017 4.44 GiB | 270.56 MiB | 4.70 GiB | 456.34 kbit/s
01/14/2017 4.36 GiB | 244.49 MiB | 4.60 GiB | 446.73 kbit/s
01/15/2017 4.04 GiB | 354.37 MiB | 4.39 GiB | 426.23 kbit/s
01/16/2017 4.60 GiB | 360.85 MiB | 4.95 GiB | 480.43 kbit/s
01/17/2017 4.07 GiB | 269.75 MiB | 4.34 GiB | 420.89 kbit/s
01/18/2017 3.90 GiB | 272.31 MiB | 4.17 GiB | 404.66 kbit/s
01/19/2017 4.70 GiB | 321.41 MiB | 5.01 GiB | 486.59 kbit/s
01/20/2017 4.65 GiB | 294.00 MiB | 4.94 GiB | 479.26 kbit/s
01/21/2017 7.12 GiB | 343.20 MiB | 7.45 GiB | 723.52 kbit/s
01/22/2017 7.23 GiB | 379.96 MiB | 7.60 GiB | 737.88 kbit/s
01/23/2017 5.54 GiB | 290.97 MiB | 5.82 GiB | 565.08 kbit/s
01/24/2017 4.85 GiB | 355.95 MiB | 5.20 GiB | 505.09 kbit/s
01/25/2017 3.48 GiB | 259.62 MiB | 3.73 GiB | 362.58 kbit/s
01/26/2017 10.14 GiB | 469.21 MiB | 10.60 GiB | 1.03 Mbit/s
01/27/2017 4.94 GiB | 324.84 MiB | 5.26 GiB | 510.76 kbit/s
01/28/2017 5.75 GiB | 332.64 MiB | 6.08 GiB | 589.86 kbit/s
01/29/2017 4.16 GiB | 291.04 MiB | 4.44 GiB | 431.41 kbit/s
01/30/2017 5.93 GiB | 331.44 MiB | 6.25 GiB | 606.99 kbit/s
01/31/2017 3.36 GiB | 247.76 MiB | 3.61 GiB | 350.02 kbit/s
02/01/2017 3.22 GiB | 248.35 MiB | 3.47 GiB | 336.53 kbit/s
02/02/2017 3.87 GiB | 257.72 MiB | 4.12 GiB | 399.78 kbit/s
02/03/2017 1.21 GiB | 128.89 MiB | 1.34 GiB | 265.66 kbit/s
------------------------+-------------+-------------+---------------
estimated 2.48 GiB | 262 MiB | 2.74 GiB |
I watch several hours of Netflix a day so this is pretty high usage.
Hope this helps.
*...Bob*
On 02/02/2017 10:42 PM, rhkra...@gmail.com wrote:
> Thanks for the replies (from Dan and Frank)!
>
> I'm going to do some thinking--at first I just wanted to find out how we were
> using so much bandwidth, but, once I do, I might want to try blocking some of
> it if that won't disable pages that I want to look at.
>
> I'll look for pfSense or OPNSense--apper doesn't list them for Wheezy, but
> I'm
> sure I can find them.
>
> I don' think I want to try to use a Debian box as a smart router, I'd rather
> find a packaged solution. (I've done things like that before--I've learned
> too
> much about NAT and such over the last 30 years or so. ;-)
>
> Just for posterity, here's an example of a <$30 smart gigabit switch on
> eBay:TP-Link 5-Port Gigabit Ethernet Web Managed Easy Smart Switch (TL-SG105E
> v2.0)
>
> NEW NETGEAR ProSAFE GS105Ev2 5-Port Gigabit Web Managed (Plus) Switch
>
> http://www.ebay.com/itm/NEW-NETGEAR-ProSAFE-GS105Ev2-5-Port-Gigabit-Web-
> Managed-Plus-Switch-/381923274422
>
>
> On Thursday, February 02, 2017 11:58:28 AM Dan Ritter wrote:
>> On Thu, Feb 02, 2017 at 11:19:59AM -0500, rhkra...@gmail.com wrote:
>>> Aside: I am actually gobsmacked (I don't think I've ever been gobsmacked
>>> before ;-)--in a week of monitoring, we (my son and I, but with my son
>>> gone 8 to 12 hours a day) are downloading 1.5 to 4 GB *per day* (and
>>> uploading 100 to 300 MB *per day*).
>>>
>>> Anyway, I want to try to figure out where all this data is going to and
>>> coming from, at least in terms of the devices we have on our LAN (I'll
>>> discuss those below), so I'm thinking that a(n inexpensive) managed
>>> (Ethernet) switch or two (discussed below) might help me do that.
>> I think you actually want a smart router. A Debian box with two
>> or more network interfaces can be such a thing.
>>
>>> One thing I want to do is implement QOS--we have two ObiHai VOIP devices
>>> (which we use pretty rarely, but still want to keep--they might be used
>>> for 4 calls / 10 to 30 minutes a week). Sometimes the conversation gets
>>> pretty choppy, probably depending on what my son is doing at the time (I
>>> mean, like watching a video or something), so I'm hoping that QOS would
>>> improve that (assuming the packets from the ObiHai device can be
>>> recognized--I would think they can based on their (private / on the LAN)
>>> IP addresses.
>> A router can do that better than a switch can.
>>
>>> Like I mentioned above, the other thing I want to do is start monitoring
>>> (at least on an occasional / diagnostic basis) the bandwidth used by
>>> each device.
>> Depending on exactly what you want, either a switch or a router
>> can help here.
>>
>>> Layout of the network (for background):
>>>
>>> The Earthlink DSL modem (Westell) is followed by an Ethernet (unmanaged}
>>> switch.
>> You would want to put your router in between these. If you can
>> arrange a third network interface on the router, you could
>> connect the WiFi hotspot to the router, as well.
>>
>>> I see managed 5-port gigabit switches on eBay starting at a little under
>>> $30, and I'd like to stay close to that as a budget (i.e., ~$60 for 2).
>>> Of course, if a more featureful switch can monitor the data flows to
>>> each device from that (central) location, I could spend that ~$60 for
>>> the more featureful switch). (But there is some value to me to have two
>>> managed switches such that one would serve as a spare for the central
>>> one even if being used at other locations for monitoring.)
>>>
>>> Advice / comments / recommendations?
>> That seems an unlikely price point, even for used equipment on
>> ebay. And managed switches usually have a minimum of 12 ports,
>> not 5. (12, 16, 24, 32 and 48 are all common)
>>
>> I would recommend putting in a Debian box between the DSL modem
>> and the ethernet switch. You will need to learn a little about
>> routing and IP masquerading / NAT, and you will want to set up
>> firewalling with iptables.
>>
>> You can look at traffic in realtime with iftop, which will show
>> you graphs of the top users by IP address or domain name and
>> where they are connecting.
>>
>> You can set individual traffic counters per IP address or per
>> service or both with iptables.
>>
>> What you won't get is flow information between local devices,
>> but as I understand it you are more concerned about traffic
>> in/out to the Internet at large.
>>
>> If you set fq_codel as the queue discipline on the interfaces
>> to the router, you will probably solve most of your traffic
>> interference problems without mucking with QoS.
>>
>> -dsr-
>
