Solved

How do you monitor the download usage of wireless users?

Posted on 2009-05-08
12
1,291 Views
Last Modified: 2013-11-09
I have a satellite internet connection with a fixed daily download limit set by my internet provider. I have anywhere from 3 to 8 computers sharing this connection during the day. These computers each connect through the wireless router to the modem. I do not know of anyway to centrally monitor how much each computer is downloading. I have asked each user to use restraint in downloading, but some one or two users take more than their share, which puts me over my limit, and that causes my provider to shut off the service for awhile.
Is there anyway I can monitor how much each user has downloaded each day from my computer? I have tried various things that I downloaded, but none of them worked.
Another thought I had was to setup a dedicated computer that would serve as the "gateway" to the internet. All traffic would run through it before sending it to the modem. This computer would then keep track of what each user was downloading. (I use the word "gateway" not really knowing it's technical meaning, but you get the idea.)
Looking for suggestions, preferably cheap ones, since this is in my home.
Thanks
0
Comment
Question by:smithgordonm1
  • 4
  • 3
  • 3
  • +1
12 Comments
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 250 total points
ID: 24341579
You can use some of the free Firewall's. They can also monitor the downlad from each station and can report it throughoptiona software.

Try:
IPCop here http://www.ipcop.org/
SmoothWall here http://www.smoothwall.org/

They both support the add-on called URL Filter. You can find it here: http://www.urlfilter.net/. The
URL filter can log traffic and limit bandwidth, enforce transfer quota, limit size of the contents and limit the download of executables, p2p or streaming on each client individually or as a group.

It is basically Squid + Additional software. If you're good with Linux you can try to build a gateway for yourself using squid and something like dansguardian. You can find DansGuardian here http://dansguardian.org/

Hope this helps.

Cheers,
K.

0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24341621
Here's the link for a screenshot from urlfiler user quota screen:
http://www.urlfilter.net/images/screenshots/ipcop-userquota.png

Here's the main policy enforcement screen where you can limit the download of media, executables, zip files etc:
http://www.urlfilter.net/images/screenshots/ipcop-urlfilter.png


You need a PC with 2 interfaces one interface will be connected to your Satellite router's ethernet port  the second will be connected to your WAP(Wireless Access Point) ethernet. IIt will enforce user quota or log only your user activity.
0
 

Author Comment

by:smithgordonm1
ID: 24341690
Re: comments by KeremE
Thanks for sending me info!
I have been looking at the links you sent and have some related questions.
First, I know almost nothing about Linux or Unix.
I see that I need a computer with two interfaces. I assume that means a dedicated computer with two network cards. That I can do.
Next, if I download IPcop or Smoothwal, will it just run on Windows, or what do I have to do?
Last, I see the URL filter stuff, which is great. Can you show me what the Download monitoring / limiting function is like?
Thanks
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24341814
You need adedicated PC yeah.

When it comes to installation: They are Firewall distros. They come in as .iso file ten you burn it to a CD.
Once burned to a CD you boot from the CD. It installs itself there's no ned for any intervention.

Once the setup finishes you login to it from the console it is dos like and it has a menu system to enter network info.

you manage it all over the GUI you don't need to know about linux.

About limitations I'd already sent you the links for 2 screenshots. The first shows user based quota
the second shows network limitations.

There's an installation manual at IPCop site.  It details the installation steps.
0
 
LVL 1

Expert Comment

by:msn-expert
ID: 24342494
Well there are two scenarios... if this is a home network and you know whos connecting and have assigned fixed IPs to them (and the network is protected with a unique password) then i would just install parental lock / usage software on the clients. Inform them it is for their own good as well as the better good for everyone.

If this is just an open wireless network then anyone wandering around can use it and you can not even track/trace them. (since it sounds your not too savvy on networking)

What I would do is log into your wireless router and see if there is a setting that lists all the computers connected (usually 192.168.1.1 in your web browser) maybe your neighbors are mooching your internet and pushing it to their limit caps.

Unless the internet conenction is coming out of a single computer, or your managed router/switch is configurable it is very hard to limit the connection of others
0
 
LVL 8

Expert Comment

by:inbox788
ID: 24344807
As I understand it, you know all the users, just don't know who's the bandwidth hog. A simple solution is to use a hacked router running DDWRT or Tomato (http://www.dd-wrt.com/wiki/index.php/Quality_of_Service and http://www.polarcloud.com/tomato).  You might already have an Linksys 54g or similar, and they're a lot of inexpensive ones if you don't. This cheap and easy solution provides limited information, but should be sufficient to identify your offender(s). Hookup the DDWRT/Tomato router to your existing router and replace the wireless connectivity function (replace existing SSID). Label these users UNKNOWN. Create a new wireless SSID on your original router and put TRUSTED users on it. You can easily monitor the UNKNOWN users usage and slowly move one or two onto the TRUSTED router. If you do this gradually and note a sharp increase in bandwidth usage on the unmonitored router, then it's likely the last users you moved is the offender.
This requires very little knowledge or effort, but additional learning and settings on the DDWRT/Tomato router can yield more specific information and control over users without having to dedicate a PC to the effort.

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Expert Comment

by:msn-expert
ID: 24345557
Seems his gateway is also a built in wireless router, if that is the case it will require you to turn off the wireless antenna on your origional router and use a crossover cable to uplink the new hacked router to it. AND you would need to buy another router... So if your friends/family wants to be childish and make you do all this then so be it, another possibility is that their machine is compromised and a worm for example is spamming out connections, OR they are bittorrenting music, movies, porn etc...
0
 
LVL 1

Expert Comment

by:msn-expert
ID: 24345573
OR if your wireless network is not secure and anyone can use it... then someone else might be dling massive things.
So first see if you have secured your router (requires a passphrase to connect) If it does not then anyone can connect and use it.
0
 

Author Closing Comment

by:smithgordonm1
ID: 31579830
The answer was fine, I needed to research what was suggested before I could really appreciate it. I also found an addon for IPcop that does traffic monitoring, which was what I needed most.
Thanks
0
 
LVL 8

Expert Comment

by:inbox788
ID: 24346945
No, keep both wireless routers on creating TWO different networks, one unmonitored trusted users and one monitored/restricted untrusted users. It's very easy to setup and requires almost no maintnance. With little learning/setup, you create two groups of users and start to find out who the offenders are by shifting them from one router to another. Additional setup is required to differentiate individual users or protocols if need be. Shutting down p2p, game or other specific service may be enough to solve the problem.

One added benefit from a network solution rather than a dedicated server is the lower cost (these router can be had for less than $50) and operating costs (i.e. power) are much lower.

0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24346971
MAy be it will be cheaper but how do you know that  acomputer in the trusted segment will not be infected by a trojan? Or the guy uisng it will not setup a p2p program for just one file he needs and then he leaves unattended and people outide will not download from him later on? Or lets say how do you know that other people won't plant a proxy server in a trusted system and forward all internet traffic to the trusted client?

Also it requires rather manual and comples task of installing WRT to a Wireless router. Then  he needs to monitor two diffrent networks. Which means support...

I believe the best solution is to monitor all the traffic all the time log it and when a problem occurs just create a log to find the problem. Separate AP solution can not be as solid as this. since it could easily create lots of bottlenecks.
0
 
LVL 8

Expert Comment

by:inbox788
ID: 24349154
Ah, I see the confusion. Trojans and other malware are security issues not relevant to this problem of dealing with a bandwidth hog on a home network, likely an uncooperative teenager or roommate. Protecting individual systems and networks from malware is an entirely different and larger discussion.

I used the term trusted, not in the security sense, but in describing the person/computer that isn't/won't be a bandwidth hog. IMO, it's a simpler solution to a simple problem. Installing DDWRT/Tomato is similar in complexity to updating firmware on the router, and less complex in my view than dealing with a dedicated system.

0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now