Router traffic monitoring

[TonyK132]

This thread is interesting. I'd like to try to use Networx, and while I've loaded the files into Entware, and started mini-snmpd with my router's address, I'm not seeing its stats in Networx. But I do not know about the SNMP community name(s) in the router and Networx. Where specifically are they located? Also does Networx need the router login credentials to get the data from SNMP?

Sorry, also, when the router reboots, will I need to reload those files, modify the services-start file, and reconfigure the SNMP config file again? If yes, I suppose the best way is to have a start-up script that does all that.

 

[TheLyppardMan]

This thread is interesting. I'd like to try to use Networx, and while I've loaded the files into Entware, and started mini-snmpd with my router's address, I'm not seeing its stats in Networx. But I do not know about the SNMP community name(s) in the router and Networx. Where specifically are they located? Also does Networx need the router login credentials to get the data from SNMP?

Sorry, also, when the router reboots, will I need to reload those files, modify the services-start file, and reconfigure the SNMP config file again? If yes, I suppose the best way is to have a start-up script that does all that.

Well, I'm no expert on this so all I can say is what I did. I installed the SNMP by pasting the two lines of code into the command prompt within the xShell program I use for this sort of thing. Then I went to check the files that had been installed, using another useful utility called WinSCP. During that process , I removed the # at the start of the line of code mentioned by Morris (I hope I did that right, but see the screenshot of the file below to see what I did - it's the line I have marked with an arrow). Then I copied and pasted the startup code into services-start and checked that I had done any other things mentioned in the link that Morris kindly provided. Despite all this, I still couldn't get Networx to monitor my router and I had almost given up when I found that by using Control + the letter o in Network settings, I could choose to force it to use SNMP version 2 and at that point it allowed me to set it to monitor my router using SNMP and promptly sprang into life.

I hope this helps a bit. I'm sure those who know much more than I will be able to help you further if you still get stuck. At least now we know it's possible!

 

[TonyK132]

What about the login? What did you change the Router V2 Community to?

 

[Morris]

What about the login? What did you change the Router V2 Community to?

The default Read Only community name is public and is in the configuration file. If you want you can change it.

Morris

 

[TonyK132]

Sorry if I'm not clear. What does that name need to be to coordinate between the PC and the router?

 

[TheLyppardMan]

Sorry if I'm not clear. What does that name need to be to coordinate between the PC and the router?

I didn't have to change anything - it just worked. It's currently showing the data from my Synology DiskStation being backed up by the iDrive app on the NAS.

 

[Morris]

Sorry if I'm not clear. What does that name need to be to coordinate between the PC and the router?

The same string

 

[TheLyppardMan]

The same string

So in my case, this is what I have and I didn't have to change anything except to tell Networx to use SNMP version 2.

 

[TonyK132]

So in my case, this is what I have and I didn't have to change anything except to tell Networx to use SNMP version 2.

Thanks, that's what I was looking for.

 

[TheLyppardMan]

Update: This doesn't work using SNMP enabled from within the router's GUI, so I only seem to have a few options: 1) Leave UPnP enabled (it works with that); 2) Try installing SNMP using the instructions in this thread; 3) Only monitor traffic in/out of my laptop or 4) Stop using Networx.

Question regarding option 1: Trend Micro still flags UPnP as a security risk, but is it?
Question regarding option 2: Would that cause any problems now that we have SNMP available from the router's GUI?

 

[TheLyppardMan]

Update: After trying the stock firmware for a while, I thought I'd give Merlin another go to see if I could get the Networx monitor to work. Initially, it was worse than with the stock firmware, in that neither my preferred SNMP method, nor UPnP would work, but after performing a full factory reset and setting up everything from scratch, I was pleasantly surprised to find that both SNMP (from the GUI) and UPnP both work now. So I've disabled UPnP and will use the more secure (?) SNMP.

 

[Morris]

Update: After trying the stock firmware for a while, I thought I'd give Merlin another go to see if I could get the Networx monitor to work. Initially, it was worse than with the stock firmware, in that neither my preferred SNMP method, nor UPnP would work, but after performing a full factory reset and setting up everything from scratch, I was pleasantly surprised to find that both SNMP (from the GUI) and UPnP both work now. So I've disabled UPnP and will use the more secure (?) SNMP.

View attachment 50290
View attachment 50291

UPnP has nothing to do with network monitoring. It is good you are turning if off as there are security concerns. If your router is exposed to hosts you don't control, then you should change your SNMP Get Community name from the default as it's like a password. Also, be aware that the older SNMP you are using is clear text so somone monitoring your network could see the community name. V3 solves this if you have a monitor that will work with V3.

 

[TheLyppardMan]

UPnP has nothing to do with network monitoring. It is good you are turning if off as there are security concerns. If your router is exposed to hosts you don't control, then you should change your SNMP Get Community name from the default as it's like a password. Also, be aware that the older SNMP you are using is clear text so somone monitoring your network could see the community name. V3 solves this if you have a monitor that will work with V3.

UPnP is one of the two options you can use with Networx for monitoring your router traffic, SNMP being the other.

I think the latest version of Networx does use SNMP version 3, so I would have to upgrade if I wanted to use that. It's only traffic on my home network that I'm monitoring, so is there still a risk with version 1 in that scenario?

 

[Morris]

UPnP is one of the two options you can use with Networx for monitoring your router traffic, SNMP being the other.

View attachment 50293

I think the latest version of Networx does use SNMP version 3, so I would have to upgrade if I wanted to use that. It's only traffic on my home network that I'm monitoring, so is there still a risk with version 1 in that scenario?

UPnP opens firewall holes. Google it.

As for SNMP v1 risk, it depends on the hosts on your LAN, who uses them and who might compromise and control one of them. For a typical home network it is not huge . For corporate it is a no no

 

[ColinTaylor]

UPnP opens firewall holes. Google it.

It does other things as well, like return traffic stats from the gateway device. Google it.

 

[Morris]

It does other things as well, like return traffic stats from the gateway device. Google it.

Universal Plug and Play - Wikipedia

en.m.wikipedia.org

Not in UPnP

 

[ColinTaylor]

Universal Plug and Play - Wikipedia

en.m.wikipedia.org

Not in UPnP

Yes it does. UPnP is an umbrella term which in the router's case includes IGD.

Universal Plug and Play - Wikipedia

en.wikipedia.org

# upnpc -s
upnpc : miniupnpc library test client, version 2.2.3.
 (c) 2005-2021 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://192.168.1.1:43253/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://192.168.1.1:43253/ctl/IPConn
Local LAN ip address : 192.168.1.10
Connection Type : IP_Routed
Status : Connected, uptime=235025s, LastConnectionError : ERROR_NONE
  Time started : Fri May 19 21:51:53 2023
MaxBitRateDown : 1000000000 bps (1000.0 Mbps)   MaxBitRateUp 1000000000 bps (1000.0 Mbps)
ExternalIPAddress = xxx.xxx.xxx.xxx
Bytes:   Sent: 899812967        Recv: 974443734
Packets: Sent:  7537397 Recv: 64592660

miniupnpd[17434]: HTTP REQUEST from 192.168.1.10:37876 : POST /ctl/CmnIfCfg (HTTP/1.1)
miniupnpd[17434]: Host: 192.168.1.1:36963
miniupnpd[17434]: SOAPAction: urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetTotalBytesSent
miniupnpd[17434]: HTTP REQUEST from 192.168.1.10:37886 : POST /ctl/CmnIfCfg (HTTP/1.1)
miniupnpd[17434]: Host: 192.168.1.1:36963
miniupnpd[17434]: SOAPAction: urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetTotalBytesReceived
miniupnpd[17434]: HTTP REQUEST from 192.168.1.10:37894 : POST /ctl/CmnIfCfg (HTTP/1.1)
miniupnpd[17434]: Host: 192.168.1.1:36963
miniupnpd[17434]: SOAPAction: urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetTotalPacketsSent
miniupnpd[17434]: HTTP REQUEST from 192.168.1.10:37898 : POST /ctl/CmnIfCfg (HTTP/1.1)
miniupnpd[17434]: Host: 192.168.1.1:36963
miniupnpd[17434]: SOAPAction: urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetTotalPacketsReceived

 

[Morris]

Yes it does. UPnP is an umbrella term which in the router's case includes IGD.

Universal Plug and Play - Wikipedia

en.wikipedia.org

# upnpc -s
upnpc : miniupnpc library test client, version 2.2.3.
 (c) 2005-2021 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://192.168.1.1:43253/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://192.168.1.1:43253/ctl/IPConn
Local LAN ip address : 192.168.1.10
Connection Type : IP_Routed
Status : Connected, uptime=235025s, LastConnectionError : ERROR_NONE
  Time started : Fri May 19 21:51:53 2023
MaxBitRateDown : 1000000000 bps (1000.0 Mbps)   MaxBitRateUp 1000000000 bps (1000.0 Mbps)
ExternalIPAddress = xxx.xxx.xxx.xxx
Bytes:   Sent: 899812967        Recv: 974443734
Packets: Sent:  7537397 Recv: 64592660

LOl,

Bye

 

[ColinTaylor]

LOl,

Bye

Happy to have been able to teach you something new.

Bye.

http://upnp.org/specs/gw/UPnP-gw-WANCommonInterfaceConfig-v1-Service.pdf

 

[TheLyppardMan]

UPnP is one of the two options you can use with Networx for monitoring your router traffic, SNMP being the other.

View attachment 50293

I think the latest version of Networx does use SNMP version 3, so I would have to upgrade if I wanted to use that. It's only traffic on my home network that I'm monitoring, so is there still a risk with version 1 in that scenario?

I did check out the latest version of Networx, but unless I am missing something, they seem to have removed most of the advanced options that were accessible to users of the earlier version that I am using. They have also moved some of the general options onto sub menus, which I also didn't like, so I'm sticking with what I have. One thing that has puzzled me is that looking again at the SNMP version options in the Networx advanced menu, it does have one line that references SNMP version 3, but I have no idea what the value they have added means or how it relates to the options available in the GUI of my router. Morris: At your suggestion, I have used Roboform to create a 12-character complex password for the SNMP Get Community, so thanks for that.