Hello,
Running 3.4.5, had an issue with "pppoe" which wasn't count router's own data, for example transmission was running on router but data wasn't count, so I look into and found that you detect interfaces with "ifconfig | grep HWaddr | tr -s ' ' | cut -d ' ' -f1,5" so I run code locally and result was
Hello,
Running 3.4.5, had an issue with "pppoe" which wasn't count router's own data, for example transmission was running on router but data wasn't count, so I look into and found that you detect interfaces with "ifconfig | grep HWaddr | tr -s ' ' | cut -d ' ' -f1,5" so I run code locally and result was
so it started count the data.Ty for your attention
Thanks for identifying the problem and even better, you provided a fix!
*Really* appreciated!
Al
So, if we're also noticing data inconsistencies, do we need to do something like this for our routers as well (running AC68U with Asuswrt-Merlin)? My output for that is:
Code:
br0 Link encap:Ethernet HWaddr <snip>
eth0 Link encap:Ethernet HWaddr <snip>
eth1 Link encap:Ethernet HWaddr <snip>
eth2 Link encap:Ethernet HWaddr <snip>
vlan1 Link encap:Ethernet HWaddr <snip>
and I notice the 'lo' is not listed with the search - but is it needed to account for missing data?
How else could we start identifying the source of the data usage?
Hello,
Running 3.4.5, had an issue with "pppoe" which wasn't count router's own data, for example transmission was running on router but data wasn't count, so I look into and found that you detect interfaces with "ifconfig | grep HWaddr | tr -s ' ' | cut -d ' ' -f1,5" so I run code locally and result was
So, if we're also noticing data inconsistencies, do we need to do something like this for our routers as well (running AC68U with Asuswrt-Merlin)? My output for that is:
Code:
br0 Link encap:Ethernet HWaddr <snip>
eth0 Link encap:Ethernet HWaddr <snip>
eth1 Link encap:Ethernet HWaddr <snip>
eth2 Link encap:Ethernet HWaddr <snip>
vlan1 Link encap:Ethernet HWaddr <snip>
and I notice the 'lo' is not listed with the search - but is it needed to account for missing data?
How else could we start identifying the source of the data usage?
Perhaps someone more knowledgeable than I can chime in but AFAIK, the Io interface would capture only internal traffic (i.e., to the built-in web server at IP address 127.0.0.1) which is not needed from the ISP usage context.
I happy to have my mind changed though.
In terms of tracking down `rogue` traffic, if you open a PuTTY window and run
Code:
iptables -L YAMON34v4 -vnx
I believe you should see near the bottom of the list:
This entry will log all traffic that does not match one of the prior rules in the chain (or more specifically, traffic originating from an unmatched IP address)
More information relating to those unmatched IPs is written to log files: e.g.,
(Note, there is a MAC and IP address & also network interface!)
on my Turris router, I find the entries in `/tmp/logs/message`
I can't recall off the top of my head where those logs get saved in DD-WRT (but it might be right in /tmp/)
So, if we're also noticing data inconsistencies, do we need to do something like this for our routers as well (running AC68U with Asuswrt-Merlin)? My output for that is:
Code:
br0 Link encap:Ethernet HWaddr <snip>
eth0 Link encap:Ethernet HWaddr <snip>
eth1 Link encap:Ethernet HWaddr <snip>
eth2 Link encap:Ethernet HWaddr <snip>
vlan1 Link encap:Ethernet HWaddr <snip>
and I notice the 'lo' is not listed with the search - but is it needed to account for missing data?
How else could we start identifying the source of the data usage?
Perhaps someone more knowledgeable than I can chime in but AFAIK, the Io interface would capture only internal traffic (i.e., to the built-in web server at IP address 127.0.0.1) which is not needed from the ISP usage context.
I happy to have my mind changed though.
In terms of tracking down `rogue` traffic, if you open a PuTTY window and run
Code:
iptables -L YAMON34v4 -vnx
I believe you should see near the bottom of the list:
This entry will log all traffic that does not match one of the prior rules in the chain (or more specifically, traffic originating from an unmatched IP address)
More information relating to those unmatched IPs is written to log files: e.g.,
(Note, there is a MAC and IP address & also network interface!)
on my Turris router, I find the entries in `/tmp/logs/message`
I can't recall off the top of my head where those logs get saved in DD-WRT (but it might be right in /tmp/)
Al
Thanks for the reply. Executing,
Code:
iptables -L YAMON34v4 -vnx
initially yielded nothing - I am having issues with YAMon3 stopping numerous times throughout the day and having to continually log in with PuTTy to run the restart script. Anyway, after restarting, I see this output:
Code:
admin@RT-AC68U-F310:/tmp/mnt/opt/YAMon3# iptables -L YAMON34v4 -vnx
Chain YAMON34v4 (1 references)
pkts bytes target prot opt in out source destination
0 0 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 192.168.1.125
0 0 YAMON34v4_gp_Unknown all -- * * 192.168.1.125 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.125
0 0 RETURN all -- * * 192.168.1.125 0.0.0.0/0
0 0 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 192.168.1.214
0 0 YAMON34v4_gp_Unknown all -- * * 192.168.1.214 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.214
0 0 RETURN all -- * * 192.168.1.214 0.0.0.0/0
0 0 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 192.168.1.159
0 0 YAMON34v4_gp_Unknown all -- * * 192.168.1.159 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.159
0 0 RETURN all -- * * 192.168.1.159 0.0.0.0/0
0 0 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 192.168.1.10
0 0 YAMON34v4_gp_Unknown all -- * * 192.168.1.10 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.10
0 0 RETURN all -- * * 192.168.1.10 0.0.0.0/0
0 0 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 192.168.1.227
0 0 YAMON34v4_gp_Unknown all -- * * 192.168.1.227 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.227
0 0 RETURN all -- * * 192.168.1.227 0.0.0.0/0
0 0 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 192.168.1.198
1 77 YAMON34v4_gp_Unknown all -- * * 192.168.1.198 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.198
1 77 RETURN all -- * * 192.168.1.198 0.0.0.0/0
0 0 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 192.168.1.50
0 0 YAMON34v4_gp_Unknown all -- * * 192.168.1.50 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.50
0 0 RETURN all -- * * 192.168.1.50 0.0.0.0/0
46 2242 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 192.168.1.202
53 2719 YAMON34v4_gp_Unknown all -- * * 192.168.1.202 0.0.0.0/0
46 2242 RETURN all -- * * 0.0.0.0/0 192.168.1.202
53 2719 RETURN all -- * * 192.168.1.202 0.0.0.0/0
6 1027 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 192.168.1.39
10 1671 YAMON34v4_gp_Unknown all -- * * 192.168.1.39 0.0.0.0/0
6 1027 RETURN all -- * * 0.0.0.0/0 192.168.1.39
10 1671 RETURN all -- * * 192.168.1.39 0.0.0.0/0
0 0 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 192.168.1.75
0 0 YAMON34v4_gp_Unknown all -- * * 192.168.1.75 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.75
0 0 RETURN all -- * * 192.168.1.75 0.0.0.0/0
0 0 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 192.168.1.57
0 0 YAMON34v4_gp_Unknown all -- * * 192.168.1.57 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.57
0 0 RETURN all -- * * 192.168.1.57 0.0.0.0/0
0 0 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 192.168.1.147
0 0 YAMON34v4_gp_Unknown all -- * * 192.168.1.147 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.147
0 0 RETURN all -- * * 192.168.1.147 0.0.0.0/0
0 0 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 192.168.1.205
0 0 YAMON34v4_gp_Unknown all -- * * 192.168.1.205 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.205
0 0 RETURN all -- * * 192.168.1.205 0.0.0.0/0
17 2132 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 192.168.1.66
20 2127 YAMON34v4_gp_Unknown all -- * * 192.168.1.66 0.0.0.0/0
17 2132 RETURN all -- * * 0.0.0.0/0 192.168.1.66
20 2127 RETURN all -- * * 192.168.1.66 0.0.0.0/0
0 0 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 192.168.1.78
0 0 YAMON34v4_gp_Unknown all -- * * 192.168.1.78 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.78
0 0 RETURN all -- * * 192.168.1.78 0.0.0.0/0
4750 7020109 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 192.168.1.69
268 48037 YAMON34v4_gp_Unknown all -- * * 192.168.1.69 0.0.0.0/0
4750 7020109 RETURN all -- * * 0.0.0.0/0 192.168.1.69
268 48037 RETURN all -- * * 192.168.1.69 0.0.0.0/0
0 0 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 192.168.1.218
0 0 YAMON34v4_gp_Unknown all -- * * 192.168.1.218 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.218
0 0 RETURN all -- * * 192.168.1.218 0.0.0.0/0
0 0 YAMON34v4_gp_Unknown all -- * * 0.0.0.0/0 75.130.92.1
0 0 YAMON34v4_gp_Unknown all -- * * 75.130.92.1 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 75.130.92.1
0 0 RETURN all -- * * 75.130.92.1 0.0.0.0/0
5 619 YAMON34v4_gp_Hardware all -- * * 0.0.0.0/0 75.130.92.204
5 327 YAMON34v4_gp_Hardware all -- * * 75.130.92.204 0.0.0.0/0
5 619 RETURN all -- * * 0.0.0.0/0 75.130.92.204
5 327 RETURN all -- * * 75.130.92.204 0.0.0.0/0
0 0 YAMON34v4_gp_Hardware all -- * * 0.0.0.0/0 192.168.1.1
68 23580 YAMON34v4_gp_Hardware all -- * * 192.168.1.1 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.1
68 23580 RETURN all -- * * 192.168.1.1 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
admin@RT-AC68U-F310:/tmp/mnt/opt/YAMon3#
If I interpret that correctly, the last line suggests there are no unaccounted packets/bytes, yet the report is showing a difference (see attached image for today), so I'm not sure what to check...
Did more digging, I *think* the reason for the massive discrepancy is because I was initially logging into the router via PuTTy, executing YAMon, verifying it was running via the Usage Monitoring webpage's 'Live' Tab, then logging out.. This is critical - logging out of the PuTTy window *killed* the YAMon process and thus YAMon no longer monitored data usage, *until* I logged back in via PuTTy and restarted YAMon. Hence, YAMon was missing a lot of data usage when not running.
After more researching and testing, I finally found a startup script that would run (put under the /jffs/scripts directory) - nat-start. Neither init-start, services-start, or wan-start would work (using logger to monitor in the WebGUI system log), but nat-start did. So, I initiated YAMon there, and voila, since the process is no longer tied to the PuTTy window, it is now running without any login.
Going to check over the next few days, but I hope that daily usage as measured via the router vs. YAMon will come into agreement....
Oh, and for clarity, I am actually using Asuswrt-Merlin on an RT-AC68U - I realize this is the DD-WRT forum, but there isn't any forum/thread on YAMon usage that I could find on Asuswrt forums that YAMon's creator, al_c monitors so I apologize for having to hijack a DD-WRT forum to post this info...
Did more digging, I *think* the reason for the massive discrepancy is because I was initially logging into the router via PuTTy, executing YAMon, verifying it was running via the Usage Monitoring webpage's 'Live' Tab, then logging out.. This is critical - logging out of the PuTTy window *killed* the YAMon process and thus YAMon no longer monitored data usage, *until* I logged back in via PuTTy and restarted YAMon. Hence, YAMon was missing a lot of data usage when not running.
After more researching and testing, I finally found a startup script that would run (put under the /jffs/scripts directory) - nat-start. Neither init-start, services-start, or wan-start would work (using logger to monitor in the WebGUI system log), but nat-start did. So, I initiated YAMon there, and voila, since the process is no longer tied to the PuTTy window, it is now running without any login.
Going to check over the next few days, but I hope that daily usage as measured via the router vs. YAMon will come into agreement....
Oh, and for clarity, I am actually using Asuswrt-Merlin on an RT-AC68U - I realize this is the DD-WRT forum, but there isn't any forum/thread on YAMon usage that I could find on Asuswrt forums that YAMon's creator, al_c monitors so I apologize for having to hijack a DD-WRT forum to post this info...
Glad to hear you figured things out but I'm still a little perplexed. I almost exclusively use PuTTY to start and stop my instances of YAMon and they continue to run after I exit. What OS are you running? How are you launching PuTTY? How do you log-out of PuTTY?
According to my firmware/router count (http://usage-monitoring.com/router-tally.php), less than 2% of YAMon users are running Asuswrt-merlin and I don't have a test router running it so I don't have a lot of familiarity with the nuances of that particular firmware variant. Is there an active discussion forum? Please send me a link and I'll monitor things there more closely.
Not sure if I should start a new thread (let me know), but I came home tonight and 1) YAMon was still running on the router (that's good), but 2) daily totals between YAMon and router are way off (that's bad, see attached).
How is 'measured @ router' calculated vs. YAMon? Clearly something is different here...
How can I track down why this large discrepancy occurs?
Again, if I should start a new thread, or move to a different forum, please let me know...