My actual goal is to monitor the traffic going through a zyxel USG60 switch (v4.15). For that I use zabbix.
The problem I got is that I actually monitor the interfaces of the switch, but I need to go deeper (if you know what I mean), in the term that my boss asked me if I could monitor on each interface, the different traffic port by port (I mean service, like port 80 is for http), to check precisely who is using bandwidth and for what.
I tried to see if snmp can do that, but it seems it didn't go further the interface level. Since I don't know where to start or search, I need your help and advice.
One last precision, the monitoring server will be run under ubuntu 14.04 .
You need to collect additional data using NetFlow/sFlow protocols to get the detailed traffic information.
Related
I am using an android app that streams real-time accelerometer data to the specified ip address of a server. I have written a "server" in C running on Linux which is running in VMware.
I am connected to the hotspot created by the Windows7(Host machine) running the VMware Workstation.
So my question is how do I connect the virtual-machine to same network as the hotspot so that I can get the phone and the "server" program on the same network and stream data to the server program?
I use VirtualBox, but I'm guessing the settings are very similar in VMWare Workstation.
You probably need to do one or both of these things:
1) Port Forwarding. If your app is hitting port 80 (or whatever port), you'll need to tell VMWare that any hits coming in to the host machine on that port get forwarded to the VM. Of course, your VM will have to be listening on that port. I'd suggest using a high port number (over 1024) to minimize conflicts, and avoid annoying root/admin issues using a low port number.
2) Hopefully that gets you there. If not, you may need to change the virtual adapter settings on the VM. NAT mode is a good first try. If not, there are other modes (bridged, internal, host-only) you can tinker with. (Not sure if VMWare uses different names)
That's probably all you need for the topology you describe -- Android device connected directly to the same subnet as the host machine. If not, perhaps your hotspot routes all client traffic to the gateway (i.e. out to the Internet), without allowing direct access to localhost. If so, maybe there are settings for that. If not, ngrok is your new best friend.
It is SUPER easy and allows you to tunnel traffic from anywhere on the Internet to a specific service running on your machine. This would sidestep some of the issues above.
If you want to take your Android device to another network (e.g. cell network), then ngrok is absolutely the way to go, particularly for development and prototyping. This lets you avoid issues with DNS, routing, firewalls, etc.
Hey I'm developing a 3G connected device with a raspberry Pi. My mobile provider allows me to use 50 MB/month.
This device will be installed somewhere nobody can have physically access to.
My concern is to avoid data traffic overuse. I need a tool to measure all the accumulated traffic going through (in and out) the ppp0 interface in order to disconnect the interface until next month if the 50MB limit is reached.
I tried with ifconfig but since I have some disconnections the counter is always rested at each reconnection.
I tried ntop and iftop but from what I understood these are tools for measuring real-time traffic.
I'm really looking for some kind of cumulative traffic use, like we usually can find on smartphones.
Any idea?
Take a look in to IPtraf :)
I'm not sure if it will go in to enough detail for you as it is relatively lightweight, though it may not be wise to go too heavy on the raspberry pi processor. You could also try looking around for netflow or SNMP based solutions, though I think that might be overkill.
Good luck!
This is my first question on SO. Basically, I am attempting to create a sort of offline neighborhood forum. I have setup NodeBB to host a forum locally, but the problem is allowing users to connect. Eventually I plan to use a high-strength wireless router to broadcast an open network, and from there redirect all traffic to the local page. In the mean time, I was wondering if it would be possible to implement this with by means of an ad-hoc network. Broadcasting an ad-hoc network seems easy enough, but how might I redirect the traffic to the port running NodeBB? Any help or comments on the overall idea would be greatly appreciated.
By default, NodeBB listens on all network interfaces (0.0.0.0), so if you set up an ad-hoc network, anybody connected to your machine will be able to access it via MACHINE_IP:4567.
If you have your machine behind a NAT/Router, you'll have to forward port 4567 to your machine. Alternatively, you could translate requests from external port 80 to port 4567, though that is untested for NodeBB specifically.
We're trying to debug an issue with a server that must receive and respond to a large number of persistent HTTP connections.
Ideally we'd like a tool that could pick (at random) a single HTTP connection and log all traffic to and from it, such that we can see what is going on.
Unfortunately we don't have the ability to limit the number of persistent connections we must respond to (typically it is thousands of them), so we really need to tool to narrow down its monitoring to just a single connection.
Can anyone recommend such a tool, and give guidance on how to persuade it to do what we need?
Wireshark is a great open source tool for this purpose.
If using wireshark directly doesn't work out, you could fiddle with the routing on a firewall/router type box and have the monitored connection go out over a different interface (where you can tap into it using wireshark or whatever) than all the rest of the connections to the server.
The actual capturing of packets is usually done by libpcap.
There are different tools building on top of it:
First there is good old tcpdump. It is a text tool, which allows you to specify what packets you are interested in and prints (per default) a line for each matching packet. Actually you have lots of option what shall be done. You can also dump all traffic in a capture file.
Then there is wireshark (formerly known as ethereal). This is a GUI allowing you to capture packets as in tcpdump, and has lots of ways to analyze such data. It can also read and analyze capture files created by tcpdump.
Along with wireshark comes tshark (formerly known as tethereal), which is pretty much the console version of wireshark.
If you are only interested in the data send in the packets have a look at tcpflow.
There are also some more advanced tools which can also be used to attack other hosts.
For example ettercap, will list all current connections and among others can show you the data send on that connection.
It is not completely clear from your question, what exactly you try to find out, but it sounds like something like tcpflow might be what you want.
Need a basic direction in the following project.
There is a linux based controller doing some industrial control stuff.
The box is equipped with cellular modem and is capable to get online through cellular carrier. Cellular communication is used because controller is mostly installed where no cables or short range radio is available. Places where sun don't normally shine :)
The task is to allow internet clients to connect directly to the box for some basic control/monitoring stuff. The problem is connectivity - how clients will discover the box? - I'd like to have the box act as a server (if possible). Assuming that cellular carrier allows the box to get online doesn't necessarily mean that the box will get public IP so that anyone would be able to get connected. To my understanding the cellular network acts as a gateway from those who are working inside of it, and reaching someone in that network from outside isn't possible. Am I wrong? We are looking for a generic solution, not a solution around particular cellular provider. The controller is installed in different countries, we need to find the standard way to "webify" it.
The software (and hardware) in the box is ours, we can basically do anything, but I am looking for the right way to do it in order to avoid surprises with different providers later. BTW, the solution doesn't necessarily have to be technical, may be it's possible to buy a permanent IP's per box, or setup VPNs.. Which way should I dig to? What questions to ask?
Your ideas are welcome!
Your summary of the problem is basically correct. I've implemented several systems that do this, and the odds of success are good.
The way you tackle this will depend on the number of remote units you expect a single user to interact with. If each user will handle only one or two devices, it's plausible to implement the web server on the remote device. If each user handles many devices, consider centralising as much administration as possible. I've implemented this using Zenoss for data logging, and a custom control server.
If the web server sits on the remote device, you can either buy a SIM with a static IP, or use a proxy server. I recommend setting up a proxy server unless the number of devices is very small.
There are three options for SIMs:
Static IP with an address on the public Internet will be expensive, and negotiating the deal with each provider in each country will be irksome. No proxy server is required.
Private APN SIMs will give you the option of a static address, but in a private address range. Negotiation with the mobile network is still required, and you will require a proxy server to sit between the public Internet and the private address range,
Standard data SIMs will connect to the Internet through NAT. You can use these to host your service by opening a VPN connection (we used openvpn) to your server. You can now reach the devices directly by connecting to the same VPN, or through a proxy server.
If you use openvpn, here are some more tips:
Give each unit a public serial number, and a private key. Store these in the firmware of the unit, and in a central database. Put the public serial number on the outside of the unit. You can use an openvpn login script to ensure that a particular unit always appears at the correct IP address, which keeps the proxy configuration static.
You can control openvpn's bandwidth usage by adjusting its keepalive behaviour, and how often it renegotiates. Measure and tune this before a large deployment.
The NAT timeouts in the mobile networks are generally between 5 and 15 minutes. The device must send a packet to the server often enough to keep NAT alive.
Cheap SIM deals may be web only with limited ports.
Other tips:
GPRS modem firmware can (rarely) crash internally. If your hardware supports it, provide software with the ability to power cycle the modem.
Test your box in areas with poor coverage in your own country before you send out international shipments.
This is a typical problem with "mobile agent" appearing in different places or using different providers (in this case just one provider, but it's almost the same). Usually it's solved using some kind of home agent - a server that the mobile connects to and gives details about how to reach it or if it can't be reached directly then the home agent acts as a proxy.
Client always contact the home agent first and then if it is possible they contact the mobile or if it's not they use the server as a proxy.
In some cases dynamic dns might be sufficient in other you need real proxy/ façade.
There's a good book: Andrew S. Tanenbaum & Maarten van Steen :"Distributed Systems: Principles and Paradigms"
You can ask cellular provider to give you a SIM card with internet access and fixed IP address. Then you can host any server you like. Do not forget that you are dealing with limited bandwidth.