smithgordonm1
asked on
How do you monitor the download usage of wireless users?
I have a satellite internet connection with a fixed daily download limit set by my internet provider. I have anywhere from 3 to 8 computers sharing this connection during the day. These computers each connect through the wireless router to the modem. I do not know of anyway to centrally monitor how much each computer is downloading. I have asked each user to use restraint in downloading, but some one or two users take more than their share, which puts me over my limit, and that causes my provider to shut off the service for awhile.
Is there anyway I can monitor how much each user has downloaded each day from my computer? I have tried various things that I downloaded, but none of them worked.
Another thought I had was to setup a dedicated computer that would serve as the "gateway" to the internet. All traffic would run through it before sending it to the modem. This computer would then keep track of what each user was downloading. (I use the word "gateway" not really knowing it's technical meaning, but you get the idea.)
Looking for suggestions, preferably cheap ones, since this is in my home.
Thanks
Is there anyway I can monitor how much each user has downloaded each day from my computer? I have tried various things that I downloaded, but none of them worked.
Another thought I had was to setup a dedicated computer that would serve as the "gateway" to the internet. All traffic would run through it before sending it to the modem. This computer would then keep track of what each user was downloading. (I use the word "gateway" not really knowing it's technical meaning, but you get the idea.)
Looking for suggestions, preferably cheap ones, since this is in my home.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Re: comments by KeremE
Thanks for sending me info!
I have been looking at the links you sent and have some related questions.
First, I know almost nothing about Linux or Unix.
I see that I need a computer with two interfaces. I assume that means a dedicated computer with two network cards. That I can do.
Next, if I download IPcop or Smoothwal, will it just run on Windows, or what do I have to do?
Last, I see the URL filter stuff, which is great. Can you show me what the Download monitoring / limiting function is like?
Thanks
Thanks for sending me info!
I have been looking at the links you sent and have some related questions.
First, I know almost nothing about Linux or Unix.
I see that I need a computer with two interfaces. I assume that means a dedicated computer with two network cards. That I can do.
Next, if I download IPcop or Smoothwal, will it just run on Windows, or what do I have to do?
Last, I see the URL filter stuff, which is great. Can you show me what the Download monitoring / limiting function is like?
Thanks
You need adedicated PC yeah.
When it comes to installation: They are Firewall distros. They come in as .iso file ten you burn it to a CD.
Once burned to a CD you boot from the CD. It installs itself there's no ned for any intervention.
Once the setup finishes you login to it from the console it is dos like and it has a menu system to enter network info.
you manage it all over the GUI you don't need to know about linux.
About limitations I'd already sent you the links for 2 screenshots. The first shows user based quota
the second shows network limitations.
There's an installation manual at IPCop site. It details the installation steps.
When it comes to installation: They are Firewall distros. They come in as .iso file ten you burn it to a CD.
Once burned to a CD you boot from the CD. It installs itself there's no ned for any intervention.
Once the setup finishes you login to it from the console it is dos like and it has a menu system to enter network info.
you manage it all over the GUI you don't need to know about linux.
About limitations I'd already sent you the links for 2 screenshots. The first shows user based quota
the second shows network limitations.
There's an installation manual at IPCop site. It details the installation steps.
Well there are two scenarios... if this is a home network and you know whos connecting and have assigned fixed IPs to them (and the network is protected with a unique password) then i would just install parental lock / usage software on the clients. Inform them it is for their own good as well as the better good for everyone.
If this is just an open wireless network then anyone wandering around can use it and you can not even track/trace them. (since it sounds your not too savvy on networking)
What I would do is log into your wireless router and see if there is a setting that lists all the computers connected (usually 192.168.1.1 in your web browser) maybe your neighbors are mooching your internet and pushing it to their limit caps.
Unless the internet conenction is coming out of a single computer, or your managed router/switch is configurable it is very hard to limit the connection of others
If this is just an open wireless network then anyone wandering around can use it and you can not even track/trace them. (since it sounds your not too savvy on networking)
What I would do is log into your wireless router and see if there is a setting that lists all the computers connected (usually 192.168.1.1 in your web browser) maybe your neighbors are mooching your internet and pushing it to their limit caps.
Unless the internet conenction is coming out of a single computer, or your managed router/switch is configurable it is very hard to limit the connection of others
As I understand it, you know all the users, just don't know who's the bandwidth hog. A simple solution is to use a hacked router running DDWRT or Tomato (http://www.dd-wrt.com/wiki/index.php/Quality_of_Service and http://www.polarcloud.com/tomato). You might already have an Linksys 54g or similar, and they're a lot of inexpensive ones if you don't. This cheap and easy solution provides limited information, but should be sufficient to identify your offender(s). Hookup the DDWRT/Tomato router to your existing router and replace the wireless connectivity function (replace existing SSID). Label these users UNKNOWN. Create a new wireless SSID on your original router and put TRUSTED users on it. You can easily monitor the UNKNOWN users usage and slowly move one or two onto the TRUSTED router. If you do this gradually and note a sharp increase in bandwidth usage on the unmonitored router, then it's likely the last users you moved is the offender.
This requires very little knowledge or effort, but additional learning and settings on the DDWRT/Tomato router can yield more specific information and control over users without having to dedicate a PC to the effort.
This requires very little knowledge or effort, but additional learning and settings on the DDWRT/Tomato router can yield more specific information and control over users without having to dedicate a PC to the effort.
Seems his gateway is also a built in wireless router, if that is the case it will require you to turn off the wireless antenna on your origional router and use a crossover cable to uplink the new hacked router to it. AND you would need to buy another router... So if your friends/family wants to be childish and make you do all this then so be it, another possibility is that their machine is compromised and a worm for example is spamming out connections, OR they are bittorrenting music, movies, porn etc...
OR if your wireless network is not secure and anyone can use it... then someone else might be dling massive things.
So first see if you have secured your router (requires a passphrase to connect) If it does not then anyone can connect and use it.
So first see if you have secured your router (requires a passphrase to connect) If it does not then anyone can connect and use it.
ASKER
The answer was fine, I needed to research what was suggested before I could really appreciate it. I also found an addon for IPcop that does traffic monitoring, which was what I needed most.
Thanks
Thanks
No, keep both wireless routers on creating TWO different networks, one unmonitored trusted users and one monitored/restricted untrusted users. It's very easy to setup and requires almost no maintnance. With little learning/setup, you create two groups of users and start to find out who the offenders are by shifting them from one router to another. Additional setup is required to differentiate individual users or protocols if need be. Shutting down p2p, game or other specific service may be enough to solve the problem.
One added benefit from a network solution rather than a dedicated server is the lower cost (these router can be had for less than $50) and operating costs (i.e. power) are much lower.
One added benefit from a network solution rather than a dedicated server is the lower cost (these router can be had for less than $50) and operating costs (i.e. power) are much lower.
MAy be it will be cheaper but how do you know that acomputer in the trusted segment will not be infected by a trojan? Or the guy uisng it will not setup a p2p program for just one file he needs and then he leaves unattended and people outide will not download from him later on? Or lets say how do you know that other people won't plant a proxy server in a trusted system and forward all internet traffic to the trusted client?
Also it requires rather manual and comples task of installing WRT to a Wireless router. Then he needs to monitor two diffrent networks. Which means support...
I believe the best solution is to monitor all the traffic all the time log it and when a problem occurs just create a log to find the problem. Separate AP solution can not be as solid as this. since it could easily create lots of bottlenecks.
Also it requires rather manual and comples task of installing WRT to a Wireless router. Then he needs to monitor two diffrent networks. Which means support...
I believe the best solution is to monitor all the traffic all the time log it and when a problem occurs just create a log to find the problem. Separate AP solution can not be as solid as this. since it could easily create lots of bottlenecks.
Ah, I see the confusion. Trojans and other malware are security issues not relevant to this problem of dealing with a bandwidth hog on a home network, likely an uncooperative teenager or roommate. Protecting individual systems and networks from malware is an entirely different and larger discussion.
I used the term trusted, not in the security sense, but in describing the person/computer that isn't/won't be a bandwidth hog. IMO, it's a simpler solution to a simple problem. Installing DDWRT/Tomato is similar in complexity to updating firmware on the router, and less complex in my view than dealing with a dedicated system.
I used the term trusted, not in the security sense, but in describing the person/computer that isn't/won't be a bandwidth hog. IMO, it's a simpler solution to a simple problem. Installing DDWRT/Tomato is similar in complexity to updating firmware on the router, and less complex in my view than dealing with a dedicated system.
http://www.urlfilter.net/images/screenshots/ipcop-userquota.png
Here's the main policy enforcement screen where you can limit the download of media, executables, zip files etc:
http://www.urlfilter.net/images/screenshots/ipcop-urlfilter.png
You need a PC with 2 interfaces one interface will be connected to your Satellite router's ethernet port the second will be connected to your WAP(Wireless Access Point) ethernet. IIt will enforce user quota or log only your user activity.