Sidebar Sidebar
Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

Home Network Monitoring

ZrowGz

ZrowGz

macrumors newbie
Original poster
Dec 1, 2015
2
0
Seattle
Hello, Thank you for taking a look here! I need some help figuring out how to monitor my home network!! Thank you!

My ISP (Comcast) has a monthly data limit of 250GB/mo, and I've found that I tend to go over this. I've been trying to find out who in the house is using data, and I want to find out how much is actually being transferred outside the home network. I am currently experiencing overages, and the programs I've attempted to use don't seem to be able to tell me what is constantly moving 30-300kB/s, nor can I tell if it is going between devices within my network, if a device/program/port is constantly sending and receiving (malware?).

I'd like to be able to see and log transfer rates and totals for each ip address on LAN, and get a total for how much is transferred over WAN. I would also like to see, for each internal ip address, the portion of data transferred within the home network vs. the amount of data each device transfers out into the WAN.

Being able to tell if the data is leaving the home network is important because I have a network attached storage device where we stream audio and video from, as well as use as our backup for TimeMachine. So, large amounts of LAN data are transferred regularly, and I want to be able to tell if certain devices (or even individual programs through port monitoring) are hogging my monthly allotment from the ISP.



So far, the programs I have tried are:

PeakHour 3 - shows a good visual of default gateway data, and NAS. Doesn't discern between LAN and WAN, nor does every device use SNMP.
Little Snitch - great for blocking individual requests for network access to determine if malware is present (couldn't find any), but it only captures one device.
iNet - waste of $10 as it can do exactly what I'm looking for, but only using an AirPort.
nmap - thought I'd try it, haven't had the time to learn it's command line interface workings. Doesn't appear readily usable or have an easy to monitor GUI.

I've also tried shutting off all devices on my network to see which one was transferring the data constantly. When I did this, my router showed that there was an android OS device connected via LAN (not WiFi), which I could not identify. So, I changed my network credentials and filtered its MAC address, but it didn't disconnect until restarting router, and it hasn't come back. PeakHour 3 still shows continuous data transfer at the default gateway, and little snitch shows continuous data transfer between the NAS and my rMBP, but only about 25% of what the default gateway is seeing.



My network consists of:

-Zoom! cable modem
-Linksys EA6900 router
-QNAP TS-269L NAS connected via a single ethernet port to router, running QTS 4.2 (updated to newest build last night)
-One retina MacBook Pro, OSX 10.11.1, using WiFi
-One Macbook Air, OS X 10.11.1, WiFi
-iPad mini 3, iOS 9
-iPhone 6s, iOS 9
-iPhone 5s, iOS 9
-HP Envy 5530, WiFi
-2009 MacBook Pro, OS X 10.10, currently not being used, but can readily be set up as a server to monitor network usage

I am also planning on adding an AppleTV, or an Xbox One at some point in the future (gotta play the new HALO 5!)
 
Weaselboy

Weaselboy

Moderator
Staff member
Jan 23, 2005
32,732
12,735
California
I think this is something that will need to done (monitored) at the router level. I looked i the manual for your router and I don't see a setting for this, but you can flash your router to an open source firmware called DD-WRT that will add that functionality. Read over the instructions at that link carefully because you can brick a router if you don't do this correctly. Take a look at this also.

I found a web site here that shows the bandwidth monitoring capabilities of DD-WRT.
 
  • Like
Reactions: phrehdd and CoastalOR
ZrowGz

ZrowGz

macrumors newbie
Original poster
Dec 1, 2015
2
0
Seattle
Weaselboy said:
I think this is something that will need to done (monitored) at the router level. I looked i the manual for your router and I don't see a setting for this, but you can flash your router to an open source firmware called DD-WRT that will add that functionality. Read over the instructions at that link carefully because you can brick a router if you don't do this correctly. Take a look at this also.

I found a web site here that shows the bandwidth monitoring capabilities of DD-WRT.
Click to expand...


I wish I had thought more into the future when purchasing this EA6900 router! It would be so much easier to have gotten the WRT model instead. Shoot! The link you gave discussed using Linux CLI, but to not attempt it if one isn't familiar with it, which I am not. So, it looks like this would be much easier with a different router. I'll take a look around and see if I can find any step by step tutorials for doing the firmware switch. You wouldn't happen to know of any good places to check off the top of your head? I found one on the DD-WRT forums, and it looked like they were still in the process of making a ready to use version of the firmware...
 
Weaselboy

Weaselboy

Moderator
Staff member
Jan 23, 2005
32,732
12,735
California
http://www.snbforums.com

The forums at Small Net Builder are probably the best place for router information.

If you can swing the money, it would sure be easier to just buy another router that supports this. The Asus RT-AC68U is pretty popular and I know supports the traffic monitoring you want right out of the box.
 
  • Like
Reactions: phrehdd
r0k

r0k

macrumors 68040
Mar 3, 2008
3,611
75
Detroit
ZrowGz said:
...


So far, the programs I have tried are:

PeakHour 3 - shows a good visual of default gateway data, and NAS. Doesn't discern between LAN and WAN, nor does every device use SNMP.
Little Snitch - great for blocking individual requests for network access to determine if malware is present (couldn't find any), but it only captures one device.
iNet - waste of $10 as it can do exactly what I'm looking for, but only using an AirPort.
nmap - thought I'd try it, haven't had the time to learn it's command line interface workings. Doesn't appear readily usable or have an easy to monitor GUI.

I've also tried shutting off all devices on my network to see which one was transferring the data constantly. When I did this, my router showed that there was an android OS device connected via LAN (not WiFi), which I could not identify. So, I changed my network credentials and filtered its MAC address, but it didn't disconnect until restarting router, and it hasn't come back. PeakHour 3 still shows continuous data transfer at the default gateway, and little snitch shows continuous data transfer between the NAS and my rMBP, but only about 25% of what the default gateway is seeing.



My network consists of:

-Zoom! cable modem
-Linksys EA6900 router
-QNAP TS-269L NAS connected via a single ethernet port to router, running QTS 4.2 (updated to newest build last night)
-One retina MacBook Pro, OSX 10.11.1, using WiFi
-One Macbook Air, OS X 10.11.1, WiFi
-iPad mini 3, iOS 9
-iPhone 6s, iOS 9
-iPhone 5s, iOS 9
-HP Envy 5530, WiFi
-2009 MacBook Pro, OS X 10.10, currently not being used, but can readily be set up as a server to monitor network usage

I am also planning on adding an AppleTV, or an Xbox One at some point in the future (gotta play the new HALO 5!)
Click to expand...

Inet works fine for me for scanning my local network and reporting ip addresses, mac addresses and services of every device. It advertises bandwidth monitoring but I don't know how useful that would be without reports regarding which device is using bandwidth.

I'd like to address these possible "data thieves" one by one...

-Zoom! cable modem [not guilty - unless - are you a comcast customer and unknowing sharing a public wifi called "xfinitywifi" and comcast is botching your billing by making you pay for freeloaders using their xfinity credentials to sign in and use the internet over your connection? I'm pretty sure this only happens if you use their router but I'm bringing it up just in case. I've done this at Panera when their wifi was down. Xfinity wifi is now cached in my wifi list and every now and then I get on it in the parking lot of big box stores close subdivisions full of xfinity customers]

-Linksys EA6900 router [probably not guilty; maybe guilty if you left your guest network turned on. either turn it off, add login credentials or change existing login credentials; maybe guilty if you have a usb drive connected and didn't disable sharing files over the WAN port (internet). Use only the QNAP nas and disconnect any usb device(s) you have plugged in to your router]

-QNAP TS-269L NAS connected via a single ethernet port to router, running QTS 4.2 (updated to newest build last night) [Maybe guilty if you have any QNAP cloud backup or autodownloading features enabled]

-One retina MacBook Pro, OSX 10.11.1, using WiFi [are you running crashplan or another cloud based backup software?]

-One Macbook Air, OS X 10.11.1, WiFi [are you running crashplan or another cloud based backup software? Are you running Plex or any other data hogs?]

-iPad mini 3, iOS 9 [probably not guilty]

-iPhone 6s, iOS 9 [probably not guilty]

-iPhone 5s, iOS 9 [probably not guilty]

-HP Envy 5530, WiFi [IMHO windows is always a suspect with its susceptability to becoming enslaved to some botnet or virus or another. can you shut this thing off for a month to see if your problem goes away? Are you running Plex or any other data hogs?]

-2009 MacBook Pro, OS X 10.10, currently not being used, but can readily be set up as a server to monitor network usage [are you running crashplan or another cloud based backup software? Are you running Plex or any other data hogs?]

I would disable all nonessential login items on your Macs and on the HP Envy. Maybe one of them is downloading crap and caching it "just in case you need it". Autoupdate on Mac or Windows might grab several gig at a time worth of updates and while OSX updates are infrequent, windows needs security patches almost daily.

Here's another thing to try but it depends on what firmware is in your router. Assuming you have the latest firmware, you do this...
http://www.dslreports.com/faq/2333
If you have older firmware, prior to version 1.38, SNMP should already be enabled on the EA6900(though undocumented)
then buy a $7.99 program called Netuse Traffic Monitor in the OS X app store...
https://itunes.apple.com/app/id440301281?mt=12


Netuse was updated 11/6/2015 which is a good sign that it works properly, however I haven't tried this so I don't know for a fact that it will work. It suggest it is worth trying as it is cheaper than going out and buying another router to try and get to the bottom of this. Whatever you do, if you want control over your home network, I would avoid Airport Extreme or Time Capsule and stick with one of the higher rated routers listed on smallnetbuilder. The last time I for a router, the consensus was to avoid anything from Belkin (who recently bought Linksys from Cisco).

Hope this helps...
 
r0k

r0k

macrumors 68040
Mar 3, 2008
3,611
75
Detroit
Weaselboy said:
I've used that app and all it shows is total data usage with no breakdown by device like OP wants. I don't think SNMP at the router level even tracks by device.
Click to expand...

Thanks for the clarification. The screenshot I saw made it look like the app had that feature. I believe router logs contain this level of detail so if there is a way to log in and view them the user should be able to figure out which device is using up all his data.
 
MRxROBOT

MRxROBOT

macrumors 6502a
Apr 14, 2016
611
513
1011100110
ZrowGz said:
I wish I had thought more into the future when purchasing this EA6900 router! It would be so much easier to have gotten the WRT model instead. Shoot! The link you gave discussed using Linux CLI, but to not attempt it if one isn't familiar with it, which I am not. So, it looks like this would be much easier with a different router. I'll take a look around and see if I can find any step by step tutorials for doing the firmware switch. You wouldn't happen to know of any good places to check off the top of your head? I found one on the DD-WRT forums, and it looked like they were still in the process of making a ready to use version of the firmware...
Click to expand...

I've had the EA6900 since 2013, here's my 2 cents.

The EA6900 has solid hardware, but a terrible OS in turn giving a terrible user experience. Switching to DD-WRT changes all of that and I cannot recommend it enough. If you're still trying to figure out your data overages (hell even if you're not) make the switch to DD-WRT. It will do everything you're after and then some.
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom