khodor/documentation
0
0
Fork 0
forked from spinesystemspublic/documentation
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
405a51746608a6f627106699fc8f54eb99582c97
documentation/PPPOE_misc_tricks.md
T
Denys Fedoryshchenko 0bf2177669 updates about accel-pppd
2024-10-06 21:00:18 +03:00

82 lines
2.5 KiB
Markdown
Raw Blame History

# Misc tricks for GlobalOS
## trafw
Trafw allows to see bidirectional traffic statistics.
Usage: trafw interface1 "interface1 pcap filter" interface2 "interface2 pcap filter" timer
Example:
```
trafw ppp0 "inbound" ppp0 "outbound" 1
```
Will show inbound and outbound traffic on ppp0 every second.
## iptop
Usage: iptop interface "pcap filter" packets (dst|src) [p|b]
Example:
```
iptop eth0 "inbound" 10000 dst
```
Show top 20 destination ip address by rate. (top consumers)
## tcpdump and accel-cmd
To check user traffic you need to use tcpdump and accel-cmd.
To find out interface name of user you can use:
```
accel-cmd show sessions
pppoe-9 ~ # accel-cmd show sessions|more
ifname | username | calling-sid | ip | type | comp | state | uptime
---------+-----------------+-------------------+----------------+-------+------+--------+-------------
ppp185 | user1 | 6c:3b:6b:73:33:11 | 172.17.16.185 | pppoe | | active | 17.00:56:54
ppp305 | user2 | 50:0f:f5:40:22:22 | 172.17.17.49 | pppoe | | active | 17.00:56:53
ppp318 | user3 | 6c:3b:6b:c4:11:33 | 172.17.17.62 | pppoe | | active | 17.00:56:53
```
Which means that user1 is connected to ppp185 interface, user2 to ppp305 and user3 to ppp318.
To check traffic of user1 you need to use:
```
tcpdump -ni ppp185 -vvv -c 100
```
Which means:
* -n - do not resolve ip addresses (we don't need it)
* -i ppp185 - listen on ppp185 interface
* -vvv - verbose output
* -c 100 - capture 100 packets and exit
## pcap filters
You can use various pcap filters in trafw, iptop and tcpdump.
For example if you want to see only traffic from subnet 8.8.8.0/24 and source port 53 you can use:
```
# to show total traffic for this filter
trafw ppp0 "src net 8.8.8.0/24 and src port 53" ppp0 "src net 8.8.8.0/24 and src port 53" 1
# to show top consumers of such traffic
iptop eth0 "src net 8.8.8.0/24 and src port 53" 10000 dst
# to capture such traffic and see each packet, only 100 packets
tcpdump -ni ppp185 -vvv -c 100 "src net 8.8.8.0/24 and src port 53"
More info, in articles:
https://iphelix.medium.com/packet-filtering-techniques-84fc3fc2ea3b
## restarting accel-pppd
If you need to restart accel-pppd you can use:
```
killall accel-pppd
```
then wait until process is killed, it might take up to few minutes on large pppoe.
To check if accel-pppd is running you can use:
```
ps aux|grep accel-pppd
```
If you see accel-pppd process you can start it with:
```
/usr/sbin/accel-pppd -c /etc/accel-ppp.conf -p /var/run/accel-ppp.pid -d
```
Reference in New Issue View Git Blame Copy Permalink