How to monitor internet usage per ip address?

[Thecoolman5]

Hi everybody. So, over the past few months, my family's monthly data usage limit has been grossly high. We pay for 250 gigs a month and lately have been having usages of over 320 gigs. I just need to know how to monitor web traffic on an ip address basis so I can pick out the culprit. I have already looked into dd-wrt scripts and alternate router firmwares. The dd-wrt scripts ended in failure and I couldn't seem to figure out the alternate router firmwares (such as gargoyle). Is there anything I can do? I would rather leave my main router alone for the most part. I have 3 other crappy routers that are not doing anything that I have at my disposal. Any ideas? Thanks!

 

[nukemaster]

If you happen to have Windows 10, please check to ensure it is not helping by being a part of the Windows update service. This is a good feature if you WANT to use bandwidth to help others(could be anyone) get updates, but it eats bandwidth.

You can use the feature for good but letting it ONLY share updates on the local network(this could save bandwidth.).

 

[slyverine]

http://www.howtogeek.com/192654/how-to-monitor-your-internet-bandwidth-usage-and-avoid-exceeding-data-caps/

Glasswire seems like a good software!

 

[bill001g]

It appears you have tried the methods that I normally recommend using router firmware. Glasswire will not work since it can not see other machines and does not even get all traffic on the machine it runs on.

Most times I used a feature called netflow to export the data flows to a server from the router. I always just used the free prtg to collect the data.

Still all methods use a similar design. You first must find a way to intercept the traffic. You could put a inline server firewall in.

You would do Main router(wireless disabled)----firewall---router running as AP/switch

This would force all traffic to go though the firewall. The firewall would act as the router and DHCP source to the lan. If you run the second router as a router the NAT would make it hard to find the actual issue. Most firewalls has extensive traffic reporting abilities.

The other common way is to use a switch that has mirror ability and use something like wireshark to collect and analyze the data.

It still would be

Main router (wireless disabled)---switch----ap.

You need to force the wireless traffic though the switch.

You might be able to use one of your routers running dd-wrt as a switch with a mirror port. If you can do the mirror function depends on the lan chips in the router. I forget its been so long but there was some strange restriction.


Now either asus or tplink latest firmware has greatly increased their ability to display this type of information. I forget which and am too lazy to read the manuals. But if a new router would be a option then you might consider doing that.

 

[Thecoolman5]

My main router isn't that horrible. It is a R6300v2 and we have only had it for 3 or 4 months. The only kind of monitoring it does is simple traffic metering. It displays the daily average, weekly average, etc. So if I were to go with your second idea bill001g, how would I start? Is the switch a computer that isn't being used? That's how I see wireshark running.

 

[bill001g]

What the switch does is copy all the data going to and from the main router to the wireshark pc. So lets say the main router is on port 1. your monitor pc is on port 2, you have user machines and your AP on the other ports. You configure the switch to copy all data being send and received from port 1 to port 2. Wireshark is smart enough figure this all out.

Technically you can use the pc that is running wiresshark while you capture but you may have to set a special option in the switch. In your case it would likely make little difference but it causes confusing capture. Say you would browse a web page. Wireshark would capture the session and then you would get a second copy of the traffic when it was mirrored to you as it went on the router port.

 

[Thecoolman5]

Alright. I'll see what I can do! Thanks!