Menu
I have a shiny new Fritz!Box 7530. It's a nice enough piece of kit, and a big improvement on its forebear.
I should like to monitor the flow of routed IP traffic, broken down by local IP or MAC address. (How) is this possible?
Backstory: my ISP's monitoring tools tells me I am uploading far far more data than I am downloading, and I cannot account for that. Naturally I am a little(*) concerned.
Were I able to configure the router to record statistics on the bytes routed out/routed in, per local IP address (i.e. 172.16.x.y) I can then track down the miscreant(s).
Can anyone advise on how I might achieve this (w/o rooting it and installing OpenWRT, because .. that's plan B)?
Many thanks
*: I am British, so .. understatement.
504
When monitoring network traffic you have the choice of monitoring directly through the router or using third-party network monitoring software. In this section, we will look at how you can use a router to monitor your network traffic. Before we begin, it’s important to note that the process will depend on the brand and model of your router.
Network traffic monitoring and analysis is an essential component of network performance monitoring. It helps you determine whether your network’s bandwidth is working correctly. If there are issues, network traffic monitoring can help you solve the problem fast.
Early detection with the help of a reliable router bandwidth monitor can go a long way towards avoiding downtime. One of the best ways to assure real-time traffic monitoring in your routers is to use flow-based router traffic monitoring.
Router traffic monitoring thus becomes an essential component of an IT team to ensure that nothing serious goes wrong with the organization’s backbone, which could disable it for an extended period and have unfavourable consequences.
It seems many Fritz!Boxes do have a hidden Wireshark sniffer as a debug service http://fritz.box/html/capture.html. This link will only work in a local network with a Fritzbox.
After this page opened, login with your router password.
Then a (long) list of available interfaces is shown which are available for recording. Press start, e.g. on the internet interface in the group at the top of the list. A Prompt will open to save the sniffed packets on your computer.
Stop the recording at any point. You'll probably end up with a large file. It's probably a good idea, avoid intentional traffic during the recording session.
Now the hard part starts, download Wireshark, and import the recorded traffic to get a chance to analyze it. You might want to watch some video tutorials or read the documentation...
193
answered Sep 28 '22 16:09
Router devices alike AVM Fritz!Box offer a protocol called TR-064, which permits retrieving statistics. In general, you'd need to write a SOAP client, because this is the base for the TR-064 protocol. Not sure if this would offer the granularity, as you demand it - but it's the only interface available to obtain statistics. There's also TR-069, but this is intended for provisioning from the provider side. Calling #96*7* would enable Telnet and #96*8* disables it, in order gain terminal access, when one wants to edit configuration files (but the web surface might show an "unsupported changes" warning then).
But as you describe the situation, there might be an easier way: In case you use any one machine running Windows 10, this might explain the seemingly unexplained upstream traffic. Go to Settings > Update & Security > Windows Update > Advanced Options > Choose how updates are delivered and set the one switch there to Off - or select PCs on my local network. Then this machine will not participate in their P2P Windows updates, or at least not upload them to random machines on the internet anymore. Repeat this with every single machine, which is running Windows 10. Other P2P clients might cause similar upstream traffic, but with Windows 10 this does not necessarily imply illegal activity on your network. Without much upstream traffic, the speed of the downstream traffic should also improve (assuming this is an A-DSL or V-DSL connect; S-DSL is unlikely given).
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
