Category Archives: How to monitor internet bandwidth

Monitor clients bandwidth in network with WFilter Enterprise.

In a previous blog How to monitor internet bandwidth usage in lan network?, I introduced features and steps to monitor lan bandwidth with WFilter NG Firewall.

We have another windows software program named “WFilter Enterprise”, which also can monitor clients bandwidth in pass-by deployment. The WFilter pc do not need to be a gateway or network bridge, it can do internet monitoring and filtering through a mirroring port in your switch or router(passby deployment). With pass-by deployment, you don’t need to change network topology or add new hardware to deploy an internet content filter.

In this guide, I will demonstrate the bandwidth monitoring features of WFilter Enterprise 4.1.

1. Realtime bandwidth shows clients list and real-time bandwidth rate.bandwidth01

2. Click bandwidth to get live connections of a client.

You also can terminate connections by clicking the red icon.

bandwidth02

3. Bandwidth Report by protocols

The reports have pie, bar, line and data formats. You can do report by username, data, protocol name and protocol category.

bandwidth03

4. Bandwidth Alert

Send an alert email when bandwidth threshold is reached.

bandwidth04

WFilter 4.1 version is coming.

Finally, WFilter 4.1 version is coming to the beta testing after two years of development. Now let me show you the exciting new features in this new version.

1. More deployment solutions

More deployment solutions are added, especially for wifi networks. We also added solutions to monitor by mac address in multiple segments networks. In WFilter 4.0 version, only “by ip address” mode is supported, the new version will retrieve mac address information from your core switch via SNMP.

2. More monitored content

Added support for ip protocols and ip fragment. For web monitoring, WFilter new version will record browser type(userAgent) as well.

3. Faster UI speed

We adopted fastcgi technology in the new 4.1 version, which makes great improvement on UI loading speed. Monitoring performance is also improved.

4. New UI design

Added “common” menu for you to define common used menus, so you can open a page within one click.

We also re-designed the “online computers” page.


5. New “Protocols” system

With this “protocols” system, you can download and share protocols within a few clicks. You will never have the pain to configure new protocols any more.

6. New “Plugins” system

We integrated a set of tools for network monitoring and management, which is still growing. You can get plugins for network discovery, wfilter management and other related features.

7. New “web content push” feature

This feature enables you to push web content without a real blocking. You can define time interval, web push triggers for this content to appear regular in client computers.

8. More flexible policy settings

With the last version, it’s easier to assign policy for new detected devices, and set default OU policy for new detected AD users.

New version downloading URL: WFilter 4.1

Please notice: WFilter 4.1 version is still in beta testing, and some features are not fully tested. This version is only for preview and testing purpose. So if you already have a stable WFilter 4.0 running, it’s not wise to replace it with this beta version.

How to monitor and filter internet activities of PPPOE users?

PPPOE is widely used for user authentication and traffic accounting. However, it’s a little difficult to monitor and filter PPPOE clients’ internet usage and behavior.

In this example, we will demonstrate you to monitor and filter PPPOE clients with WFilter Free. Please notice that only non-encrypted and uncompressed PPPOE traffic can be supported. So the first step is to configure your PPPOE server for non-encryption and non-compression.

1. PPPOE server settings

Let’s take windows 2003 and RouteOS for examples.

1). 2003 Server Configuration

If you are using windows 2003 server as the PPPOE server, please follow below steps to configure:

In “Properties” of the “Routing and Remote Access”, disable “software compression” and “LCP” in the “PPP” tab.

Edit “remote access policy” for “no encryption” in “Edit Profile”. Notice: The default two policies shall all be modified.



2). ROS Configuration

If you are using routeOS as PPPOE server, please follow these steps to disable compression and encryption:

In “PPP” tab of “Profiles”, click “Protocols” and disable compression and encryption.

2. Monitor PPPOE clients in WFilter

2.1) Choose the internal adapter

Now WFilter is able to parse PPPOE traffic. In this example, we just install WFilter free in the windows 2003 PPPOE server.

You need to choose the internal adapter as the “monitoring adapter” in “System Settings”->”Monitoring Settings” of WFilter.


2.2). Setup client policy

Add a block policy to block web surfing.


Apply this policy to PPPOE clients’ ip ranges


2.3). Check Blocking

PPPOE clients get blocked.

Blocking events in WFilter.

WFilter deployment with openwrt router.

1. Openwrt Introduction

OpenWrt is a highly extensible GNU/Linux distribution for embedded devices. As a third party firmware, openwrt can extend your wireless router into a powerful Linux system. With openwrt, even if your router hardware does not support “port mirroring” function, you can also enable traffic mirroring by software mirroring.

This blog will guide you to install “port-mirroring” program in your openwrt router and deploy WFilter for internet monitoring and filtering. We assume you already has an openwrt router, if not, please check openwrt homepage to get the latest firmware.

2. Port-mirroring program

Port-mirroring is an open source project sponsored by IMFirewall Software, it is designed to mirror network traffic on linux systems.

2.1. Installation

For detailed installation guide, please check Port-mirroring open source packet mirroring. In this guide, let’s take linksys wrt54g router as an example (with openwrt backfire firmware). Steps:

a). Update openwrt package list.

b). Install the port-mirroring program

opkg install http://port-mirroring.googlecode.com/files/port-mirroring_1.2-1_backfire_brcm47xx.ipk.

2.2. Configuration

You need to edit /etc/config/port-mirroring to set the mirroring target and mirrored source interfaces.

In this example, we choose “wlan0″ wireless adapter as the mirrored source interface.

2.3. Start Port-mirroring

/etc/init.d/port-mirroring start

3. Check monitoring in WFilter

Now WFilter shall be able to monitor client computers.

Management of multiple deparments in WFilter

You may use WFilter to setup internet access policies for network computers. However, it could be a very complicated mission for IT department to set the policies when you have a lot of departments and users.

In this case, the solution is to setup multiple WFilter operators for departments. Each operator only can set policies for users in certain departments. For example, department manager has the privilege to set internet policies for department staffs.

In this topic, I will guide you to manage multiple operators in WFiler Enteprise 4.0.

1. Add departments

You can add departments in Policy Settings->Department Settings

2. Add operators

Add operators in System Settings->Manage Operators.

The “Supervising Dept.” defines the users whom this operator can see and configure. You also can define the WFilter menu for each operator.

3. Policy Settings

You can define departments’ ip ranges in “Default Ip Policy”. So ip addresses will be added to certain deparment automatically.

4. Operator Features

In “User-computer table”, operator can only see users in its “Supervising Dept.”.

You can schedule standard reports to be sent to the department managers.

How to track and restrict internet usage in your network?

Internet can be a benefit to business when used properly, but internet is often abused by employees and poses significant liability and security risks:

  • 1. Internet downloading and malicious websites are harmful to your network.
  • 2. Online messengers, social networks websites are killing your productivity.
  • 3. P2P programs and IPTV applications can easily consume most of your bandwidth.
  • 4. Sharing of copyrighted popular music and movies is illegal in most jurisdictions.

Therefore, it is necessary for business administrators to track employees internet usage and restrict internet usage in company networks.

Below I list several aspects to track and filter internet activity on company networks.

1. Keep a record of internet activities.

To track internet usage, you can setup a mirroring port in your switch, and connect an internet monitoring product to this mirroring port to archive all internet activities.

Please check this blog article: How to monitor internet usage on company network?

2. Restrict websites access

  • 1. Only work-related websites are allowed during work time.
  • 2. Destructive websites like violence, adult, shall be blocked always.
  • 3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed.

For those companies who are very strict with websites browsing, you can implement a website whitelist, by which, only websites in the whitelist can be visited.

How to whitelist websites?

3. Block bandwidth consuming protocols

To keep your internet working smoothly, bandwidth consuming protocols like p2p downloading, online streaming shall be blocked during working hours.

Please check:

1. How to monitor internet bandwidth?
2. How to block p2p traffic in your network?

Use dumpPacket.exe of WFilter to generate a packet dump file.

Sometimes, on an indeterminate problem of using WFilter, we might need a packet dump file for diagnosis. WFilter has a packet dump tool named “dumpPacket.exe”, which will dump packets on the monitoring adapter.

This tutorial will guide you to generate a packet dump file using “dumpPacket.exe”.

First, lauch “dumpPacket.exe” from “Start”->”IMFirewall WFilter”->”Tools”. If you didn’t install WFilter shortcuts, you can find this tool in WFilter directory.


It will ask you to enter a testing ip address. For example, if
you need to check a monitoring problem for ip “192.168.1.20″, you can
input “192.168.1.20″ here. If you just want to capture some packet
samples, you may just press “enter” here! Press “enter” means dumping
packets for all computers.

Close the dumping window. If you’re doing a certain test, you need to wait until the test is done. For example, sending an email message.  If you’re dumping packets for all computers, you only need to wait for 3-5 seconds because the dump file can be very large. If the dumping file is too large, you can do the test again in a shorter time.

The dump.cap file can be found in “temp” directory of WFilter. The dump.cap file is pcap format, which can be opened by wireshark and other pcap applications.

How to check whether port mirroring settings are correct?

To make WFilter work, you need to setup port mirroring in your switch. However, sometimes you might still cannot monitor other computers even port mirroring is configured. It has several possibilities:

1. WFilter computer shall be connected directly to the mirroring port.
2. Configured ports does not match real ports.
3. Both outbound and inbound traffic is required by WFilter. If you only mirror one direction packets, WFilter can not work properly.
4. Incorrect WFilter settings. (wrong ip segment or monitoring adapter…)
5. Firewall/anti-virus programs blocks non-local packets. For example, nod32 will block non-local packets, so even port mirroring settings are correct, the mirrored traffic still can not reach WFilter. We recommend you to shutdown your firewall and anti-virus programs for checking.

To locate the problem, first we need to confirm whether packets are mirrored to WFilter computer. It can be checked in a simple way following below steps:


Upon successful mirroring, the “Received” packets number shall be much larger than the “Sent” packets. If not, you need to check certain mirroring settings or cable connections.

How to control internet bandwidth usage on network?

Traffic Shaping and Prioritization is becoming more and more common in the corporate market. Most companies with remote offices are now connected via a WAN (Wide Area Network). Applications tend to become centrally hosted at the head office and remote offices are expected to pull data from central databases and server farms. As applications become more hungry in terms of bandwidth and prices of dedicated circuits being relatively high in most areas of the world, instead of increasing the size of their WAN circuits, companies feel the need to properly manage their circuits to make sure business-oriented traffic gets priority over best-effort traffic. Traffic shaping is thus a good means for companies to avoid purchasing additional bandwidth while properly managing these resources.

With a linux gateway, you have a very rich set of tools for managing and manipulating the transmission of packets. More details can be found at: http://linux-ip.net/articles/Traffic-Control-HOWTO/index.html, However, sometimes it might be difficult for you to deploy a linux gateway server.

This tutorial will guide to implement a passby bandwidth management solution, which enables you to manage internet bandwidth through a mirroring port on your switch. Port mirroring allows you to setup a port in the switch to receive packets of other ports. Setting up a mirror port does no change to your network topology, and it will not affect your network speed.

Let’s take WFilter as an example:

First, setup a mirroring port.

When the port mirroring is properly setup, WFilter will be able to monitor all computers internet activities.

Bandwidth Management Settings

Using WFilter’s bandwidth management feature, you can set a maximum accumulating bandwidth of each computer for a period time. In this example, each user can have 200M internet bandwidth every day. Only messengers and emails are allowed when the bandwidth limit is reached.

You also can setup a policy to block certain users when available
internet bandwidth of the entire network is not enough. For example,
When entire network traffic exceeds 80% of available internet
bandwidth, p2p traffic will be blocked.


Bandwidth Alert Settings

And the bandwidth alert feature will send you an alert email when the accumulating bandwidth of a computer is too large.

More information, please check “WFilter Enterprise”.
Other related links:
How to block websites at work during working hours?
How to block video streaming on company network?
How to block internet downloading?
How to monitor internet bandwidth?
How to monitor internet usage on company network?
How to block instant messaging on company network?
How to filter websites and restrict website access?

How to block internet downloading?

  Unmanaged internet downloading can consume most of your bandwidth, In practice, many, often most, of the files shared on peer-to-peer
networks are copies of copyrighted popular music and movies. 

  So, it is important for corporations to manage, control and block p2p traffic and block unwanted file downloading.

  Files can be downloaded via various ways as described below:

  1. Downloading from HTTP/FTP websites.

  2. Downloading from p2p networks.

  3. Downloading from instant messenger buddies.

  For security purpose, downloading from p2p networks shall be completely forbidden in company networks. And only HTTP/FTP downloading from trusted websites can be allowed.

  Instant messenger file transfer makes it convenient to share files with our friends. It is fast and secure. However, because IM is so popular, virus writers can use it to spread malicious programs. These viruses are spread, in most cases, when a person clicks a link or opens an infected file that was sent in an instant message that appeared to come from a friend. Therefore, messenger file transfer also put your network in danger.

  “WFilter Enterprise”  makes it simple to manage file transfers between local network and the internet. Using WFilter, you may:

  1. Limit file downloading size.

  2. Block web downloading by file type.

  3. Block web downloading by content type. (Mime type)

  4. Block p2p traffic.

  5. Block file transfer via messengers.

  Figures:

 

Other related links:
How to monitor internet bandwidth?
Internet blocking
How to filter web surfing?
How to monitor internet usage on company network?
Internet monitoring software for business
Internet monitoring software