Daily Bandwidth Report: Difference between revisions
Jump to navigation
Jump to search
(→FAQ) |
|||
Line 26: | Line 26: | ||
****Because IPTables can collect information, we can determine which internal computer generated the traffic and maintain statistics | ****Because IPTables can collect information, we can determine which internal computer generated the traffic and maintain statistics | ||
***IPTables uses an ordered series of rules to determine whether to allow or block the data | ***IPTables uses an ordered series of rules to determine whether to allow or block the data | ||
****This, along with some helpful tricks from the operating system, is what allows multiple | ****This, along with some helpful tricks from the operating system, is what allows multiple computers to share one Internet connection | ||
***The stage between IPTables deciding whether to accept the data and whether to send the data is where | ***The stage between IPTables deciding whether to accept the data and whether to send the data is where the data is Accounted | ||
****Therefore IPTables may count data being sent from or to a computer, but later reject it so it does not show up as Raw data on the wire | ****Therefore IPTables may count data being sent from or to a computer, but later reject it so it does not show up as Raw data on the wire | ||
***Once IPTables has decided it is okay to send the data, it passes it back to the operating system, which then puts it on the appropriate Ethernet port for transmission to the wire. | ***Once IPTables has decided it is okay to send the data, it passes it back to the operating system, which then puts it on the appropriate Ethernet port for transmission to the wire. | ||
***One exception to IPTables data collection is the total usage on the external port | ***One exception to IPTables data collection is the total usage on the external port | ||
****This is data | ****This is a count of all data leaving IPTables independent of source or destination, and as such cannot determine direction | ||
****More accurately, it is data from anywhere to anywhere, counted at the last rule as data passes from IPTables back to the operating system | ****More accurately, it is data from anywhere to anywhere, counted at the last rule as data passes from IPTables back to the operating system | ||
*My Accounted data shows higher than my | *My Accounted data shows higher than my | ||
==SAMPLE REPORT WITH EXPLANATIONS AND COMMENTS INLINE== | ==SAMPLE REPORT WITH EXPLANATIONS AND COMMENTS INLINE== |
Revision as of 14:43, 19 March 2014
Basics
- 2014/03 => The old bandwidth reporting script has been rewritten in the Perl programming language and should now do a better job at keeping up with nwtel's new and improved internet packages.
- The bandwidth report, as installed on a nwtel-connected firewall and configured by Computerisms, will compile a report and send it every night at midnight
- It is important to note that Accounted data should not be used as a measure against what nwtel will charge you
- It will accurately track how much bandwidth crosses the firewall, but may count more or less than the actual data that crosses your external ethernet port
- Accounted data can only tell you how much data the computers behind the firewall have sent or "invited" in, but it cannot tell you how much uninvited data is being sent to you from the internet.
- Accounted data may also count data that crosses the firewall but is blocked before leaving it.
- It is a good tool to use for identifying abusers, runaway connections, and other network problems, but does not accurately reflect what nwtel counts
- The Raw Data will usually be a bit higher than the Accounted Data count
- This is because your external ethernet port should be recieving data that will not cross into your private network
- It will accurately track how much bandwidth crosses the firewall, but may count more or less than the actual data that crosses your external ethernet port
- When you start using this report, the initial counts will be wrong, how wrong is pretty random, depending on the existing stats on your firewall
- Daily counts should start being accurate for the 2nd report
- MTD (Month to Date) counts will start being accurate at the beginning of the next month
FAQ
- Q: What is the difference between Raw data and Accounted data?
- A: Raw data is a measure of bits as they transfer to or from the wire to your Ethernet port, Accounted data is data that has traversed a set of firewall rules
- Raw Data is counted by your Ethernet hardware driver
- This data can be differentiated as outgoing or incoming, but no information about the data packets is collected
- Because no data is collected, it is not possible to tell from this data which of your internal computers generated it
- This is a measure of the number of bits that pass along your Ethernet cable, and therefore is a measure of the number of bits your nwtel modem will see
- This data can be differentiated as outgoing or incoming, but no information about the data packets is collected
- Accounted data is counted by software known as IPTables
- Once data comes through the Ethernet port it is transferred to the operating system on your firewall
- When the operating system receives bits from the Ethernet port, it uses the IPTables software to determine what to do with the data
- IPTables is capable of inspecting the data's source and destination
- Because IPTables can collect information, we can determine which internal computer generated the traffic and maintain statistics
- IPTables uses an ordered series of rules to determine whether to allow or block the data
- This, along with some helpful tricks from the operating system, is what allows multiple computers to share one Internet connection
- The stage between IPTables deciding whether to accept the data and whether to send the data is where the data is Accounted
- Therefore IPTables may count data being sent from or to a computer, but later reject it so it does not show up as Raw data on the wire
- Once IPTables has decided it is okay to send the data, it passes it back to the operating system, which then puts it on the appropriate Ethernet port for transmission to the wire.
- One exception to IPTables data collection is the total usage on the external port
- This is a count of all data leaving IPTables independent of source or destination, and as such cannot determine direction
- More accurately, it is data from anywhere to anywhere, counted at the last rule as data passes from IPTables back to the operating system
- Raw Data is counted by your Ethernet hardware driver
- My Accounted data shows higher than my