jow- / nlbwmon

Simple conntrack based traffic accounting
ISC License
157 stars 34 forks source link

feature suggestion: show the protocol (ip port ip-protocol) for most heavily used in other. #21

Closed rezad1393 closed 3 years ago

rezad1393 commented 7 years ago

I want to categorize the traffic in others but I don't have any info of it. can you add a feature that shows the most used protocol (at least port and maybe ip too) in other category? or is that impossible to track?

this way I can label correctly the traffic in other into correct protocol and know what is using how much.

AndreaBorgia-Abo commented 5 years ago

After using it for a bit, I tend to think this cannot be easily done within the program: nlbw relies on port numbers to classify protocols and "other" is just traffic with no well-known port mapping, so nlbw would have to sniff the packets and identify the protocol.

However, if you have a pretty good hunch at what the offending protocol in "other" really is (hint: torrent), you could always edit the configuration, adding an entry like this: 6 6881 torrent

6 -> protocol number (TCP, use 17 for UDP) 6881 -> port used by the application (transmission) torrent -> a description

The past cannot be reclassified, though.

rezad1393 commented 5 years ago

can the most used port ,outside of the defined one, be shown ? not the protocol of the network, just port and tcp/udp?

I dont think it would be easy because then this app would have to put all the ports in their own individual groups (if not defined by user) to comapare the size of bandwidth used. but maybe this can be considered?

and users that dont want this just disable it?

P.S. I have added my torrent port and I still get this.

AndreaBorgia-Abo commented 5 years ago

can the most used port ,outside of the defined one, be shown ? bot the protocol of the network, just port and tcp/udp?

I hope @jow- understands your suggestion,, I sure don't.

P.S. I have added my torrent port and I still get this.

Unfortunately, the tracker port of torrents shows litte traffic (25MB last night), the vast majority still falls into "other" (2.7GB).

rezad1393 commented 4 years ago

I meant that maybe this program can keep some sort of port usage counter for the ports that are not common or set in configuration then aggregates that usage overall so that user can see the port that has the most traffic (with its protocol (like tcp/udp) so that the user can add that to the configuration.

for example I have " Application Connections Download (Bytes) Download (Packets) Upload (Bytes) Upload (Packets) other 128.42 K 43.33 GB 40.60 MP 2.85 GB 34.62 MP"

in the application protocol report of the nlbwmon in luci-app . so I have no idea what this is.

finding the most used port (most traffic on that) I can add that to configuration and clear this up.

MikeKlem commented 3 years ago

Even shipping with more of the commonly used ports would be helpful. (Always) Incomplete listing of ports: https://en.m.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

There are two Sections, Well-known and Registered The listed table contains Assigned, Assigned/Standardized, Unofficial, Not Assigned and Reserved

jow- commented 3 years ago

Since only aggregated data is stored, it is conceptually impossible to retroactively determine the most used "other" protocol/port. That information is lost.

rezad1393 commented 3 years ago

Since only aggregated data is stored, it is conceptually impossible to retroactively determine the most used "other" protocol/port. That information is lost.

what that means and how is that different from other protocols that this app supports? so tcp/80 can be stored but say 10081/tcp cant?

I didnt mean to do it retroactively . I mean from now on for new connections.