Possible to detect a specific client-wan connection?

Discussion in 'Tomato Firmware' started by philess, May 6, 2013.

  1. philess

    philess Networkin' Nut Member

    Hey guys,

    i am wondering if it is possible to monitor a client connected to the router,
    and if a certain network port (or multiples) are being used, execute a script?

    I think nmap or netcat are no help because the port is in use and not open.
    Maybe something with iptables/monitor is possible?

    Background is, i want to listen for a specific connection (game) and then
    invoke a different bandwidth limiter setting. Check again every x minutes,
    if the game is closed (port no longer in use), restore default bw limiter settings.

    Also, it probably doesnt help but the game in question (Battlefield 3) is using
    mostly UDP ports. TCP ports seem to be chosen at random.
  2. Victek

    Victek Network Guru Member

    I think tcpdump is available in some mods allowing you to do it.. not?

  3. philess

    philess Networkin' Nut Member

    Thanks Vic! I just played around with it (btw its not included in your Mod (1.1k)
    but available through Entware).

    tcpdump -qnn -i br0 src and udp and src port 3659 -c1 -w /tmp/dump
    That works so far, it listens for connections, and as soon as i start the game, it captures (limited to 1 packet).
    I can save the dump to file, check if file exists and then adjust the bw limiter. Problem is tho, there is
    no switch to exit tcpdump after a certain amount of time, only after X packets captured.
    I dont want to have tcpdump running all the time, just like once per minute do a quick check for packets,
    if successful adjust bw, if not, exit and check again in 1 minute.

    Seems to be a bit tricky with tcpdump.

    Btw Vic, i updated yesterday to 1.1k from 1.1f on the E4200 and the WebUI is amazingly fast!
    I dont know what you did or if its just temporary odd behaviour for me, but it reacts a lot faster
    than before. I dont think you have replaced the default httpd with nginx, but whatever you did
    it is great :) Thank you! Oh and btw, the "iptables-restore" notice appeared to me too.
    But only when i enabled a Access Restriction. No AR enabled or deleted and everything worked.
    Enabled AR showed the error in the AR menu and also the Port Forwarding menu.
    Of course it was a clean fresh flash with erased NVRAM and nothing special configured yet.
  4. Victek

    Victek Network Guru Member

    Yes, It's a constant optimization not only internally, also with the user interface. I have been 'touching' something inside but no, nginx is not replacing uhttpd ;) yet.
    It makes extremely complicated for me to adapt gui to different browsers and may be your rocket navigation sticks with IE10 (in fact it's and I'm trying now to find why it goes slower than other browsers). I think IE and Ajax are not good colleagues ....
  5. philess

    philess Networkin' Nut Member

    Sorry but who cares about IE10? ;) I am using mostly Chrome btw but
    also compared with Firefox on Windows and Mac.

    Btw, after changing the NVRAM settings of the BW limiter, is "service qoslimit restart"
    the only thing i have to do to make them active?

    Days ago i tried and it always rebooted the router and after a bit it was stuck
    in a reboot loop and i was forced to do a 30/30/30. But maybe something else
    caused that. I am just wondering if the service restart will be enough to toggle
    between BW limiter settings.
  6. Victek

    Victek Network Guru Member

    BW limiter as you know use tc shape and it's related to HTB, I suffered the loop with E4200 but I can't reproduce it with RT-N16 or RT-N66 .. what I suspect (I talked many times with roadkill) it seems something is provoking a SIGUR and it's not killed in the restart, only can be avoid under a very curious scenario, read it:

    _ The issue is not present in non VLAN firmware thought OR may be will appear after many hours of navigation. Not confirmed 100% yet.
    _ In VLAN firmware the loop is happening after navigation in many sites, the way that it can be stopped is unplug the WAN cable, then the router reboots only one or two times and everything seems normal and you can disable the service, but when WAN is plugged if the service is still active after a few seconds the phenomena appear again.

    So... it's something closer to: VLAN map provoking RAM overflow. Also and not trivial to take in mind that VLAN module in fact is spliting the user space /5 isolating each port, then the available memory is also split....

    Since these issues I did'nt use the E4200 for development (my mistake), now I have new serial tag and will revert it to the E4200 to follow the development and discover what's happen. Previous attempts did not stored any information or log so I have been not able to know yet what's happening. All comments are just what I saw and may be not related with VLAN or any part of the software.


    edit, btw, answering your question, yes, service restart exists for bw limiter.
    philess likes this.
  7. philess

    philess Networkin' Nut Member

    Aha thats interesting. I thought about unplugging the cables when it happened but didnt think it would help haha.
    Ok i will play around with switching between BW limiter "profiles" today and tomorrow, if the loop happens again
    i will let you know by pm here on the forum ok? Maybe i can give you some info about the config to help
    figure out this bug.
  8. Victek

    Victek Network Guru Member

    Thanks, I'll appreciate it very much to find the bug that affects all Tomato version since many updates.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice