I've been running OpenWRT on a Linksys WRTSL54GS for a few months now, and I've been incredibly happy with the results. One of the main attractions was the ability to run OpenVPN on one of these little embedded devices, which pretty much eliminated the need for a full-fledged Linux or Solaris box as a router.
Now, the only real disappointment I had with the setup was a lack of fine-grained monitoring that I'd been used to with NTOP. After poking around a bit, I learned that ntop could support NetFlows sent from other device via a plugin, and that the OpenWRT device could send NetFlows with fprobe. This means I can use my MythTV box (for example) to run ntop on, and still receive all the data from the linksys.
On the OpenWRT side of things, setup is really easy:
root@openwrt:~# ipkg install fprobe
root@openwrt:~# fprobe -ibr0 192.168.1.6:2055
Where '192.168.1.6' is replaced with the IP of your ntop box. If you want to automatically start sending Flows every time the router boots up, you can add this to an init script.
Assuming you already have ntop up and running, adding a NetFlow is pretty simple there too. Navigate to the configuration options for the NetFlow plugin and fill in the relevant information. Activate the NetFlow plugin, and then you can view the statistics by selecting "Switch NIC" from the "Admin" menu in ntop. Once you do so, you'll start seeing what the router sees, which depending on your network may be, well, everything that's going on. At the very least you'll be able to track all connections from your internal hosts to hosts outside of your network, as well as all wireless traffic using the device.
Comments
Simon @ Thu Dec 04 18:52:52 -0500 2008
Thanks for the tip! I also set up fprobe on my OpenWRT-running router and feed my HTOP-running laptop, and it works great. HTOP isn't as real-time as I'd like (since it has a web-based interface that has to reload when it updates), but for larger networks it could prove very useful for diagnosing problems.
As a side note, my interface was called 'br-lan', but this probably depends on the version of the OpenWRT firmware and the router in question, since most documentation also calls it br0.
hardly @ Sat Sep 10 06:06:39 -0400 2011
Thanks for this info.
One thing though. How do I init scripts? (See what I did there?)
Also haha HTOP. That's ok. I am sometimes incapable of typing i's, favoring heavily instead the o key.
Steven @ Sat Mar 31 03:53:37 -0400 2012
I believe he is referring to the resource monitoring program, htop.
You can find information here: http://htop.sourceforge.net/
But at least you were kindly pointing out the falsely assumed typo, instead of being a jerk like a lot of the internet-identities.
Also -- To the Author --
Wonderful information here. Your article is very high when google searching "openwrt ntop" and provides a much more practical method to using ntop with an embedded system rather than trying to compile the ntop binaries themselves and run locally. While I'm sure one could use CIFS to accomplish this, it is still a method that provides results after about 3 minutes of work!
Thanks again.
Maciej @ Fri Jul 20 11:03:48 -0400 2012
Thanks, especially for the steps to enable in ntop.
I'll check it out today!