Incoming bandwidth usage per source/ external ip

Discussion in 'Tomato Firmware' started by belbo, May 8, 2010.

  1. belbo

    belbo Addicted to LI Member

    Good day.

    I am running tomato on a linksys wrt54gl.

    I have some rogue process/es on my home network (4 ubuntu machines, one with xp dual boot) downloading from the internet and chewing up my bandwidth. On 2 days this week nobody in the house (just my wife and I) used the machines yet 300 - 400mb of data was downloaded on each of those days. Intermittent unknown downloads are still occuring at about the same rate. My normal monthly usage is usually well within my 5gb cap - so my capacity is being chewed up rapidly and I am hoping to find a solution as quickly as possible. (In the meantime I am probably going to switch off my modem unless I want to go online).

    The utilised capacity is reported in the tomato bandwidth screens and in the firefox plugin (netusage item) which reports my usage according to my ISP account - so it is definitely bandwidth being used by internet downloads.

    There are 4 machines on the network (all ubuntu, one with xp dual boot). One of the machines, a htpc, runs 24/7 and it is highly likely that this is the machine doing the downloading. However it is not at all apparent to me what it is downloading, and from where.

    If I could somehow get a report showing the external ip addresses from which the downloads are being sourced that would throw a lot of light on things for me. If anybody can advise I would very much appreciate it.

    I have done a lot of trawling through this forum and google but haven't found an obvious solution. The following appear to be the possibilities but none seems particularly straightforward or guaranteed to be the solution I'm looking for.

    - The bandwidth usage screens in tomato don't report this.

    - The qos screens report external ip connections (first pie chart) but do not give bandwidth per connection nor specify the time period being reported. All the ip's reported looked innocuous (my ISP, google etc).

    - Try using wallwatcher in xp (or using wine) ? Seems this might be able to do the trick but not sure.

    - Seems it may be possible to set up some specific iptables rules and then get the info via iptables reports (?). No real experience with iptables but of course happy to learn and do it if this would give me the required info.

    - Seems there is a linux tool called nstat which may help?

    - Find/ write a script for tomato that will do this - but can't find one and don't have scripting experience. Someone seems to have written a script that reports usage per client local network ip but that is not what I am looking for

    - It seems that the tomato rstat file is some sort of binary that can't be read by any tool other than the tomato frontend or scripts running on the router - hence it seems I can't easily extract the data from the rstat file without a script.

    Of course, somebody could have wirelessly hacked into my network and could be leeching my bandwidth but I very much doubt this. I am using WPA2 encryption and a strong passphrase, have changed the name of SSID from linkys, have changed the admin login and password (also strong) for the router etc.

    If people are able to assist with advice and ideas I would very much appreciate it.

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice