Total Connection Minutes By IP Address

[Kevin K]

I'd like to report total minutes connected by IP address each day. e.g.

• 37:07 8/22/2017 12.34.56.78
• 18:02 8/22/2017 23.45.67.89
• 45:06 8/23/2017 12.34.56.78
• 12:02 8/23/2017 23.45.67.89

I'm sure I'll have to do some post-processing of the raw data. Can I get Asuswrt-Merlin to collect the raw data? Maybe I can supply a few IP addresses and have it log the duration of each connection to those IP addresses? Or is something like this built-in?

TIA

 

[ColinTaylor]

I don't think it's possible to get that kind of information from the router. You might be able to get it from each individual client by using something like this. But the only relevant information the router has access to that I can think of is /proc/net/ip_conntrack, but that doesn't give you any duration information.

Also bear in mind that if you are talking about web browsing it is not as though the client has a constant connection to the website whilst they are looking at it.

 

[Kevin K]

Thanks. That's a start. I'm really only interested in the long running connections. (I'm aware that HTTP times-out connections.)

I could write a script to run once a minute and send the data to a server or to a USB drive. Assume that ESTABLISHED state on same IP and ports was connected for the minute between collection. Non-trivial, but not an epic project.

 

[ColinTaylor]

Yeah, I use a similar technique to monitor wireless client connects and disconnects. Every 15 seconds it gets the current client list and compares it to the previous one. Seeing what has been added or removed from the list indicates what's happening. Basically, it's just using grep to compare the lists.

Here's my script in case it's useful to you:

#!/bin/sh

oldlist=/tmp/assoclist.old
newlist=/tmp/assoclist.new
touch $oldlist        # Create an empty file the first time through
 
while sleep 15
do
    for iface in $(nvram get wl_ifnames) $(nvram get wl0_vifs) $(nvram get wl1_vifs)
    do
        wl -i $iface assoclist | awk '{print $2}' >> $newlist
    done

    for macaddr in $(grep -vxFf $oldlist $newlist)
    do
        arpinfo="$(arp -a | grep -iF $macaddr | awk '{print $1 " " $2}')"
        logger -t wireless $macaddr $arpinfo "has connected."
    done

    for macaddr in $(grep -vxFf $newlist $oldlist)
    do
        arpinfo="$(arp -a | grep -iF $macaddr | awk '{print $1 " " $2}')"
        logger -t wireless $macaddr $arpinfo "has disconnected."
    done

    mv $newlist $oldlist
done

 

[ColinTaylor]

# grep ESTABLISHED /proc/net/ip_conntrack | awk '{print $5 "\t" $6}' | sort -k 1,2
src=192.168.1.238       dst=192.168.1.1
src=192.168.1.238       dst=23.212.234.79
src=192.168.1.238       dst=62.254.26.207
src=192.168.1.40        dst=17.252.60.141
src=192.168.1.86        dst=52.31.254.80
src=192.168.1.86        dst=66.102.1.188
src=192.168.1.87        dst=31.13.90.1
src=192.168.1.87        dst=31.13.90.34
src=192.168.1.87        dst=52.17.45.123
src=192.168.1.87        dst=64.233.166.188
src=192.168.1.88        dst=64.233.184.188
src=192.168.1.93        dst=108.168.176.242
src=192.168.1.93        dst=157.240.1.13
src=192.168.1.93        dst=157.240.1.170
src=192.168.1.93        dst=64.233.184.188
src=192.168.1.94        dst=31.13.90.2
src=192.168.1.94        dst=31.13.90.36
src=192.168.1.94        dst=31.13.90.6
src=192.168.1.94        dst=40.77.229.32

 

[Kevin K]

Ha! It is *very* useful to me. One of my other projects is to set up monitoring of wireless client connects and disconnects. Thanks!

 

[ColinTaylor]

Ha! It is *very* useful to me. One of my other projects is to set up monitoring of wireless client connects and disconnects. Thanks!

@Kevin K I've updated the script in post #4 with the following line which will hopefully include guest wireless networks.

for iface in $(nvram get wl_ifnames) $(nvram get wl0_vifs) $(nvram get wl1_vifs)

 

[thelonelycoder]

@Kevin K I've updated the script in post #4 with the following line which will hopefully include guest wireless networks.

for iface in $(nvram get wl_ifnames) $(nvram get wl0_vifs) $(nvram get wl1_vifs)

Since you run john's fork you don't see the helpful graphical interpretation of the cpu's doings. But I was wondering how large of a spike this causes, running so frequently?

 

[ColinTaylor]

Since you run john's fork you don't see the helpful graphical interpretation of the cpu's doings. But I was wondering how large of a spike this causes, running so frequently?

That's a good question and something that I expected would be a problem when I first started using the script. So I thought I'd set it to be quite aggressive at 15 seconds, fully expecting to have to change it to something like a minute.

I have been running this script continuously since last December and haven't encountered any issues. So much so that I'd forgotten that it was running. Bear in mind that I don't use the guest networks so that could multiply the load. As it stands I can't really detect any CPU impact at all. If there is any it's getting lost amongst all the other router processes which total <5%.

The script itself does negligible processing, being mostly asleep. I think the "heavy lifting" would be done by the wireless chipsets (just guessing). I though that running the query so frequently might cause "glitches" in wireless transfers but I haven't noticed any.

It would be interesting if you could test it on your setup.

 

[john9527]

Since you run john's fork you don't see the helpful graphical interpretation of the cpu's doings. But I was wondering how large of a spike this causes, running so frequently?

We'll see what Colin says, but my guess is that it would barely be noticeable, if at all. It just a few reads, and the data being grep'd is small.

EDIT: I just checked it with top running in another window....and can't see a thing.

 

[thelonelycoder]

It would be interesting if you could test it on your setup.

Tiny tiny spikes, really nothing to worry about.
But I get an error, what could that be:
wl: wl driver adapter not found

EDIT: I just checked it with top running in another window....and can't see a thing.

Same here, top does not register such small activity as the script only takes a blink of an eye to run through the job, even if I run it off of the stick.

My dual-wan-helper script is much more complex and when run, shows noticable cpu activity. And this is the reason I asked.
Sometimes I wonder if some cpu activity is suppressed, say for the wanduck or other function. I never see a difference if turned on or off.
But maybe it's just the shell scripts I write are not very economic codeing wise. Or shell scripts really are more taxing to process.

 

[ColinTaylor]

But I get an error, what could that be:
wl: wl driver adapter not found

Oh dear, that usually means the wl command is trying to use an interface that doesn't exist.

EDIT: The script only works with Broadcom wireless chipsets, not Quantenna.

I'm not surprised as the script is only tested on my particular hardware (RT-AC68U).

Could you post the output of:

ifconfig -a
nvram get wl_ifnames
nvram get wl0_vifs
nvram get wl1_vifs

 

[john9527]

But I get an error, what could that be:
wl: wl driver adapter not found

If you are testing on the 87U, the command set is different for querying the 5GHz band.

 

[thelonelycoder]

Oh dear, that usually means the wl command is trying to use an interface that doesn't exist.

EDIT: The script only works with Broadcom wireless chipsets, not Quantenna.

I'm not surprised as the script is only tested on my particular hardware (RT-AC68U).

Could you post the output of:

ifconfig -a
nvram get wl_ifnames
nvram get wl0_vifs
nvram get wl1_vifs

tlc@RT-AC87U-D700:/tmp/home/root# ifconfig -a
aux0      Link encap:Ethernet  HWaddr 1C:xx:xx:xx:xx
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:171877 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:12711052 (12.1 MiB)  TX bytes:0 (0.0 B)
          Interrupt:180 Base address:0x5000

br0       Link encap:Ethernet  HWaddr 1C:xx:xx:xx:xx
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:1672165 errors:0 dropped:0 overruns:0 frame:0
          TX packets:947989 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:161033986 (153.5 MiB)  TX bytes:270218130 (257.6 MiB)

br0:0     Link encap:Ethernet  HWaddr 1C:xx:xx:xx:xx
          inet addr:169.254.39.67  Bcast:169.254.39.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1

br0:pixelserv Link encap:Ethernet  HWaddr 1C:xx:xx:xx:xx
          inet addr:192.168.2.2  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1

eth0      Link encap:Ethernet  HWaddr 1C:xx:xx:xx:xx
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:28329950 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8465954 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:251331247 (239.6 MiB)  TX bytes:661438327 (630.7 MiB)
          Interrupt:181 Base address:0x6000

eth1      Link encap:Ethernet  HWaddr 1C:xx:xx:xx:xx
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:3093411 errors:0 dropped:0 overruns:0 frame:2177245
          TX packets:14443146 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:324265004 (309.2 MiB)  TX bytes:3658143406 (3.4 GiB)
          Interrupt:163

ifb0      Link encap:Ethernet  HWaddr F2:1C:F7:EF:FA:35
          BROADCAST NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

ifb1      Link encap:Ethernet  HWaddr 62:8E:CB:44:6F:49
          BROADCAST NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
          RX packets:191138 errors:0 dropped:0 overruns:0 frame:0
          TX packets:191138 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:54071273 (51.5 MiB)  TX bytes:54071273 (51.5 MiB)

tun21     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

vlan1     Link encap:Ethernet  HWaddr 1C:xx:xx:xx:xx
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:10931477 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3439087 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:13595928829 (12.6 GiB)  TX bytes:1424868576 (1.3 GiB)

vlan2     Link encap:Ethernet  HWaddr 1C:xx:xx:xx:xx
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

vlan3     Link encap:Ethernet  HWaddr 1C:xx:xx:xx:xx
          inet addr:77.xx.xx.xx  Bcast:77.xx.xx.xx  Mask:255.255.240.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:17570347 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5100614 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:12172456098 (11.3 GiB)  TX bytes:3525016794 (3.2 GiB)

tlc@RT-AC87U-D700:/tmp/home/root# nvram get wl_ifnames
eth1 wifi0

These return nothing:
nvram get wl0_vifs
nvram get wl1_vifs

 

[ColinTaylor]

tlc@RT-AC87U-D700:/tmp/home/root# nvram get wl_ifnames
eth1 wifi0

From what I've read these are the equivalent commands for wifi0 but I have no way of testing it.

qcsapi_sockrpc get_count_assoc wifi0
qcsapi_sockrpc get_station_mac_addr wifi0 0
qcsapi_sockrpc get_station_mac_addr wifi0 1
qcsapi_sockrpc get_station_mac_addr wifi0 2
:
:

Also, I don't know what would be the commands for guest networks on that band.

These return nothing:
nvram get wl0_vifs
nvram get wl1_vifs

That would be the same for me if I don't have any guest networks turned on.

I'll have to leave this to people that have an AC87U to try and resolve.

 

[thelonelycoder]

From what I've read these are the equivalent commands for wifi0 but I have no way of testing it.

qcsapi_sockrpc get_count_assoc wifi0
qcsapi_sockrpc get_station_mac_addr wifi0 0
qcsapi_sockrpc get_station_mac_addr wifi0 1
qcsapi_sockrpc get_station_mac_addr wifi0 2
:
:

Also, I don't know what would be the commands for guest networks on that band.


That would be the same for me if I don't have any guest networks turned on.

I'll have to leave this to people that have an AC87U to try and resolve.

That works, thanks.
The 87U is really the odd one among my routers.
Especially so that since four weeks ago lightning struck close by and rendered the WAN port useless.
No other damage I know of elsewhere, so this is still my main workhorse.