WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RUT955 Is it possible to monitor application WAN usage?

0 votes
675 views 13 comments
by anonymous
I would like to (preferably from the command line on the Pi), see which applications are using the WAN (mobile) connection and the bytes sent/received?

Is this at all possible on the RUT955 (f/w >00.06.05.346) please?

1 Answer

0 votes
by anonymous

Hello, 

You can use SSH to RUT955 in this case from the Rasp Pi it is connected. And you can see the total data usage for Mobile WAN via mdcollectdctl commands. 



For more information you may refer to this link: https://wiki.teltonika-networks.com/view/RUT955_Mobile_Traffic

You can get this mdcollectd.db data from /tmp/mdcollectd.db from the router itself.

Note: There is a chance of data loss when the router is power is cut.  

For the other question about monitoring which application is using the most additional research and development may be needed. But if you want to implement this functionality I suggest to contact your sales manager for this one. 

Hope it helps.

Regards,
Jerome

by anonymous

From that command, run from cron every 5 minutes, I can see the figures rising by 168 bytes every 5 minutes. This is without any devices connected to the RUT955. How can I see where that traffic is originating coming from please?

  1. 06.10.2020.00.00 0,0
  2. 06.10.2020.00.05 168,168
  3. 06.10.2020.00.10 336,336
  4. 06.10.2020.00.15 504,504

by anonymous

Hello, 

You can try generating tcpdump on the WAN interface e.g (tcpdump -n -i wwan0). 

You may refer to this link for more details: https://wiki.teltonika-networks.com/view/Shell_Commands

Regards,
Jerome

by anonymous

The figures I get from 'mdcollectdctl' (-cdayrx & -cdaytx) seem to be wildly different from the packet capture using tcpdumpi.e. rx=9054, tx=9768, but looking at the pcap file in Wireshark, seems to indicate a total of 2k. Our Telco said 3k, but the start/end times differ, so I guess there will be a bit of discrepancy. Am I missing something here?

by anonymous
Hello,

Yes, there would be a short discrepancy. You can find more information on this link:
https://wiki.teltonika-networks.com/view/RUT950_Mobile_Traffic

Regards,
Jerome
by anonymous
A small discrepancy I can understand, but your collection statistics says something like 18k in total, whereas the actual seems to be closer to 2k, so nearly 10x the traffic.
by anonymous

Hello, 

Could you try converting the value from mdcollect via this one? 

1 kibibyte (KiB) = 210 bytes = 1024 bytes
1 mebibyte (MiB) = 210 kibibytes (KiB) = 220 bytes = 1 048 576 bytes 

Hope it helps.

Regards,
Jerome

by anonymous
So the last values I have from yesterday evening are: rx=8336, tx=9072, so if I am understanding this correctly, you need to multiple by 1024 to get bytes rx/tx?

Whereas the figures we get from our mobile provider suggest a total of 2.13k for the day (10th oct 2020).
by anonymous

Hello, 

You can compare the values in the Routers Web UI Traffic Logs to see the comparison. Or you can get the mdcollectd.db file via WinSCP. You can find the said file in /tmp/mdcollectd.db. You can open it on any SQL DB browser like this one: https://sqlitebrowser.org . Also you can convert the date time via https://www.epochconverter.com



The database file would have this kind of data. 

I will try to do some testing on my side and let you know the results :) 

Regards,
Jerome
 

by anonymous

Hello, 

The calculation is like this it has a little discrepancy. 

Let say you have a record of 23060019 from your mdcollectd.db you can convert that one to Megabytes via this solution. 

I recommend it on an excel sheet to make it much simple simply by: Value x 1.024 / 10^6



I hope it helps 

Regards,
Jerome

by anonymous

I believe the "tcpdump" gives the best  analysis of packets sent/received. I then use "tshark -z conv,ip -r <pcap file>" on the Pi to break it down by IP. Would be nice to be broken down by IP/port as well, but that is something to work on.

I can see a couple of DNS look ups to "rut.teletonika.lt", what are these for please? All data traffic is "off" presently. There seem to be quite a lengthy exchange with port 5000 on IP 3.120.7.82, which I don't understand.

I am also uploading the /tmp/mdcollectd.db to the Pi, and using the sqlite browser to get access to the data. It looks like it gives a breakdown of total traffic per hour, which is nice :)

Unfortunately the values reported from the mdcollecteddctl remain a mystery.

by anonymous
Had nearly 20kb of data to this IP address 3.120.7.82 yesterday, and I have no idea what it is and if it's necessary?
by anonymous

Hello, 

That ip address is for Amazon Technologies Inc. based on https://www.lookip.net/whois/3.120.7.82 

May i know if the RMS functionality of the device is enabled or not. Could you try disabling it and see if this IP address will still show up on your tcp logs :) 

Regards,
Jerome

by anonymous
I've disabled the RMS functionality and we are looking good now, thanks for your assistance.