Dear imonitor users, potential users, and interested parties:
Some great new features this newsletter!
Summary for those of you new to this newsletter: [scroll down for existing and previous newsletters]
I am working on a project on Internet monitoring, and have a small device which I can deploy to help measure/monitor your Internet service. I have several "guinea pigs" deployed and am always interested in expanding my "customer" base. I initially targeted the service to users on the mountain in Jasper GA (windstream ISP), but it is applicable universally, and I have "customers" on Windstream, ATT, Spectrum, Hughes, Comcast, Qwest, CenturyLink, and several others. I am always interested in getting "customers - guinea pigs" on other ISPs. Please read on if you are interested. I am particularly interested in comments and suggestions from my more "nerdy" customers!!
Please let me know if you would like one of these devices. I still have a few available to deploy free to "guinea pigs"! I can give
login access for nerds!
As usual, I am extremely grateful for the use of your ISP connection to develop this service across many ISPs.
As always, you can refer to the main information page at https://johnloop.com/imonitor.html
There are additional detailed references linked on that page.
Newsletter 1-16-2019
There is news in these areas:
1. I now have 4 of the new Rpi Raspberry pi 3B+ deployed [along with 10 of the older 3Bs]. These will detect the 5G (802.11ac) wifi networks. The previous rpi 3B will do the normal 802.11a/b/g/n wifi networks. If you think you have wifi problems, esp wrt the new 5G, let me know. Maybe I can swap your old rpi 3B for a 3B+ to aid in diagnosing problems. You should note the wifi networks detected, and take precautions if there are any SSIDs which are not password protected [hopefully not yours!]. Several of my customers are located in condos/apts, and the wifi visibility is amazing. Wifi is vulnerable to hacking to a determined hacker [even using WPA2]. Remember, to anybody seeing your wifi and able to join your SSID [via hacking or otherwise] it is the same as plugging into your router inside your house!! The only protections you then have is to exercise caution, and use only SSL/SSH/HTTPS/VPN sessions for your computing/browsing for sensitive situations like banking. Make sure you have a password on your PC, and don't save passwords in the browsers for these sites. Anybody who can access your PC can get the passwords from your browser. If you run a windows network, you can be hacked by a determined hacker, especially if he is on the inside of your router, which all wifi is!
-> It cannot be emphasized enough that if you live in a wifi maze, you are vulnerable. These mazes can be accessed at 300 ft [open air] and much more with hacking equipment!! I have some customers than have access to dozens of wifi SSIDs -a wifi maze- -and their neighbors of course can see all this, and potentially access their local network.
-> Your nightly email lists this maze -one of its nicest features. If the rpi has your wifi key and joins your wifi SSID, it can do better monitoring and even vulnerability scanning of this wifi maze as well as the ethernet [see below]. The scanning will occur over the default interface, which is wifi if you are wifi only of course.
-> Open the "rpiemail.txt" attachment to see a sample of the [almost] latest email. [Notice the wifi maze!]
2. To increase the usefulness of the rpi, I am expanding the capability to detect vulnerabilities. At present my server scans the Internet side of your Internet connection (your IP address) for vulnerabilities every night and report this to you via the email. The server [Internet] should normally only see the port 113/tcp CLOSED . If you have additional ports visible on the Internet, make sure you understand what you are doing, and you have precautions for the services running on those open ports!
3. The rpi has the ability to scan your local network for vulnerabilities in the same way the server scans for vulnerabilities from the Internet side. In this wifi age, it is important to understand what is visible [and hackable] on your network. A report is created and left on the rpi, and linked on your email -only accessible inside your network. This list will not leave your network [it will NOT be reported to me or anybody else], and will reside on the rpi for reference. I am available to help you interpret the results.
-> I have added a switch to turn ON this local network scanning. It is OFF by default. I will be asking you to enable this. I would not recommend keeping it OFF unless you are confident about your own protections. This will be a "submit" button on the rpi web page [link for this given in each daily email].
-> as a necessary precursor to this scan, I detect and list the hosts on the local network. This is listed in the email. I can only -reliably- list the IP addresses. To discover the "names" of your nodes, to help you ID them, I may add this feature in the future. For now you should follow the recommendation in the email. There is a command which will attempt to do this.
-> I hope to add some intelligent software to analyze these scans and warn/recommend action in the future.
-> If you live in a wifi maze, you should really take note of this vulnerability scan, because a determined hacker will see everything if he can get on your network. If you have a windows computer and you run windows networks on your local network, you will be amazed at what is accessible to a determined hacker. Keep sensitive files/passwords in a password lockbox or encrypted file. You need to be aware of this information. I can help you interpret it.
4. I have also implemented a switch which will DISABLE my management access to your rpi -It is called "STANDALONE" mode. This is a "submit" button on the rpi web page. If you enable "standalone" mode, I will have absolutely no access to your rpi for debugging and updating, so I will ask you to toggle it when I need to do updates. This could be daily to weekly requests.... I appreciate your being guinea pigs and allowing me to develop this service, and do this.
-> HOWEVER, at present it is more desirable to use the temporary management DISABLE, which is also a "submit" button. Clicking this will disable my management access until it is restored about 1AM the following morning. You can click this every morning to keep me off the rpi if you want for the day.
5. You are as vulnerable to malware that finds residence on your PCs via the normal route -compromised web pages, bad links -which you click- in email, compromised download files, etc. as you are to the external vulnerabilities -whether via the Internet or via wifi hacking. "Safe computing" practices are needed to minimize these. Ad blockers in browsers, safe browsing e.g. And a good resident virus/malware detection software. Another story entirely!! The rpi can help with none of this presently, other than possibly watch for malicious IP addresses. This can be a future feature.
6. I am attaching files which show the current Rpi web page and the current email that you receive.
7. As always, I am quite desirous of feedback and comments, esp from my "nerdy" customers.
I am eternally grateful for allowing me to use your Internet connection to develop this service. I am hoping it is a more valuable service as time goes on.
General description of rpi monitor tests:
Bash scripts running on a small computer on your network attempt a connect to a target every minute of every day. Statistics are reset at beginning of month. The target is configurable, default is google.com.
The scripts perform a speedtest at 3AM and 3PM. This is done from the Rpi of course!
The scripts perform a single ping every minute of every day to a stable Internet IP address. These are counted and reset at beginning of every day. There will be an entry for each ping failure. The ping target is configurable.
The wait time for both the connect and the ping is 15 seconds; no response and a failure is declared. There are 44640 minutes in a 31 day month. I don't do quite that many.... housekeeping and such.
Last minute ping delay
Yesterday ping delay average
Route to IXC
Yesterday temp average [if enabled]. Up/down limits can be set and you can be alerted.
Scan of wifi networks from your location
Scan of your Internet connection
Week's worth of stats available in piweeklytars directory
Internet IP address changes are recorded, and you can be alerted for a change
Boot times of the Rpi, which may represent power bounces in your house. You are alerted.
A browsable web page [safely on the raspberry pi on your local network] with all these stats available at any time. Link provided in the email.
Access to your router [gateway] via the web page.
Raspberry Pi can be behind a secondary router.
There is absolutely no monitoring, capturing of your Internet traffic. The raspberry pi generates its own to collect stats. The bandwidth demands on your connection average less than 1Kb/s.
I can give you access/login to the raspberry pi if you wish.
I can give you an SD micro with the software if you have your own raspberry pi 3B or 3B+.
John Loop
Previous Newsletter 11-10-2018
There are several new developments to report with this newsletter
1. I no longer need the email credentials for your local ISP to send email reporting on your statistics [I was actually sending the email from the Raspberry Pi]. This was not always necessary, but when it was, it was an imposition upon you and a burden on me to get the email configuration correct on the Raspberry Pi. Going forward, I am copying the information to my server, and then I am emailing your statistics from my server to you, just as I would email anyone else. Sending email often has maddeningly different requirements depending on the ISP you do it from. So this eliminates two problems - using your email credentials, and modifying the configuration depending on which ISP you are on. All Raspberry Pi devices have the same configuration with regard to this now. This is why you see the "from" as "jdloop@brighthouse.com" now.
2. Since I am emailing your statistics from my server, it is now an easy task to do a scan of your Internet connection from my server and add this to the statistics. It is extremely important that your Internet appearance not be vulnerable to hacking, and this will help detect that. For the simplest connection, the scan will only detect that the auth port 113 is open -this is normal. If you are running a web server or other services, I will most likely detect that with this scan. You MUST be aware of open ports on the Internet, since this is a primary hacking route. If you do have open ports and are managing them, you MUST have good passwords and up to date software listening on those ports. The daily email will report on a quick scan of your Internet connection. Please click https://www.grc.com/x/ne.dll?bh0bkyd2 to do a custom scan. This is a reputable/world renowned site to do this.
Please remember that I am not invading your privacy doing this scanning. Your Internet connection is being scanned orders of magnitude more by hackers/scammers, etc!! It is useful to know your vulnerability if any here!
3. The existing Raspberry Pi 3B will NOT detect 802.11ac wifi networks, often referred to as "5G." It only detects 802.11b/g/n networks. Going forward, I will be using Raspberry Pi 3B+ which will have this capability. So you, as guinea pigs lack this capability unfortunately. One of the most useful statistics I report is the detectable wifi networks at your location [except for the 802.11ac -5G- networks of course :-( ]. If you live in an isolated area, you will likely not see any but your own wifi networks. If you live in an apartment/condo, maybe < 300 ft from your neighbor, you will see other wifi networks. If is very important in the second case that your wifi network is secure, that the "encryption" is "on." Otherwise, anybody can join your [open] network, and they can see all your packets [in the same manner that you can join other open networks.....]. If you are not running an https web session, or ssh clients, and if your email client does not encrypt [which is usually not the case], then your packets are fully open to inspection on "open" wifi networks. Using a vpn service is the only way to mask what you are doing on a wifi network.
4. I am transitioning to the Raspberry Pi 3B+ which is an upgrade to the 3B, and will do the 802.11.ac ["5G"] networks. I will have a few guinea pigs here.
5. The temperature monitoring is a particulary useful feature which can be added. It is built into the scripts and is turned on with a single command. You will need a temperature probe which I can send to you with instructions as to where to plug it in. It has a 10 ft cord, so the probe can be located 10 ft from the Raspberry Pi. Email alerts can be setup by you using the web page. They are sent for exceeding up/down limits, and the average temp is reported with the daily email.
6. I have attached a pdf of the local web page accessible on your local network which gives detail info on the stats collected. piWWW.pdf You will use your browser and access this page at the raspberry pi on your local network. This link is indicated in your daily email. The link is a perfectly safe page on your local network - it is NOT on the Internet.
7. The email you receive each day ~5AM is reporting more and more statistics. Here is an explanation, with bold added to point out the details.
raspberrypiXX <- Your Raspberry pi name Internet IP: 173.195.186.62 <- Internet address Speedtests: Speedtests should be consistent day to day. Yday 3AM speedtest: Ping: 71.275 ms Download: 11.21 Mbit/s Upload: 2.80 Mbit/s <- 3AM speedtest Yday 3PM speedtest: Ping: 81.574 ms Download: 11.60 Mbit/s Upload: 2.74 Mbit/s <- 3PM speedtest Counts: Yday Ping Errors: 4 <- ping errors yesterday Yday Good Pings: 1353 via: 173.195.188.13 <- good pings yesterday to target Note error/good ratio Yday ping delay avg (ms): 41.68 <- gross check on performance Last boot time: 2018-11-01 01:17:20 <- last boot -may represent power cycle Since boot offline secs: 5 <- offline secs since boot -unable to connect to target Since boot online secs: 4285 via: www.google.com <- online secs since boot -successful connect to target; Note offline/online ratio Local address of raspberry pi: Rpi monitor [local network SAFE link] to: http://192.168.0.56 <- click to get web page detailed stats wifi tests: wifi networks detected at 12AM: [followed by their Encryption key status/signal quality/channel] Caution! Please note if your Rpi can detect 802.11ac networks: 802.11ac networks [5G] are NOT detected by this Rpi scan! <- Warning displayed if I cannot detect 802.11ac This may include neighbor networks! if you are close -300-500ft?: ESSID:"LeafsOut" ESSID:"YoungLiving" SSIDs are wifi networks detected If Encryption is off, then network is open and anybody can join and see that traffic: Encryption key:on Encryption key:on Encryption status of wifi networks Quality=40/70 Signal level=-70 dBm Quality=24/70 Signal level=-86 dBm Signal levels of wifi networks Channel:6 Frequency:2.437 GHz (Channel 6) Channel:6 Frequency:2.437 GHz (Channel 6) May or may not use different channels You should understand all networks, esp hidden [no SSID] and unsecured [Encryption key:off] Yesterday wifi ping average delay to router [if wifi is participating] -msec- 4.01 Temperature probe: Yesterday temp average [if temp sensor present]: 20 C <- Temp average if you have probe, deg C Scan of your port vulnerability on the Internet: This is a scan of common ports on your Internet connection Be WARY of -Host is up- this means you are discoverable -pingable Be WARY of - XXX/tcp open - ports -you may be vulnerable Be WARY of - XXX/tcp closed - ports -you are discoverable -filtered- means nondiscoverable -OK Please scan your Internet connection by yourself - click on link: Go to https://www.grc.com/x/ne.dll?bh0bkyd2 for vulnerability scan of your Internet connection -click "Proceed", then "Common Ports" on next page This site is a trustworthy, widely used resource to test Internet vulnerability Scan output - scanned by my server: Starting Nmap 5.51 ( http://nmap.org ) at 2018-11-04 05:26 EST Nmap scan report for customer-173-195-186-62.smarterbroadband.com (173.195.186.62) Host is up (0.00076s latency). Not shown: 999 filtered ports PORT STATE SERVICE VERSION 113/tcp closed auth <- Results of scan on your Internet address -113 closed normal Additional ports open should be investigated and understood! Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 6.76 seconds
Previous newsletter 7-7-2018
Dear imonitor users and interested parties, and neighbors:
For the months of May and June [and even April as we scouted locations] I have been consumed with our move from Jasper GA to Hernando FL. Very little work has been done on the imonitor project other than to monitor the performance of the different "guinea pigs." This has necessitated the move of my servers to Hernando, and the reconfiguration necessary for my move off of windstream.net ADSL [and onto spectrum cable]. So the news has barely changed from that of the last newsletter 3-18.
Rpi users may encounter some bounced emails and error msgs as I reconfigure the servers and the Rpis.
My move from Jasper GA to Hernando FL does not mean I need to relinquish all my guinea pigs in Jasper. I will be evaluating the best way forward in the coming months. I have guinea pigs on several ISP networks.
I have found the daily emails of the performance particularly informative in keeping track of the long term performance of the ADSL/Cable/wifi Internet connection. I hope you have also. Browsing to your particular Rpi web page [referred to in the email] can be particularly enlightening for more detailed performance. The Rpi can monitor both your ethernet and wifi connection, or just one of them [it will need the wifi passwd if wifi is the only connection]. Remember there is also a temperature probe which can be added, and an [email] alert can be configured for temperature swings above or below user-configurable set points.
As always, I sincerely appreciate the use of your network connection as a guinea pig. A few new users are welcome. I still have several Rpis I can deploy at no cost to you.
As always, you can refer to the main information page at https://johnloop.com/imonitor.html [notice the transition to https via letsencrypt] --I will be working to update this page as well.
Thank you!
John Loop
Previous newsletter 3-18-2018
Dear imonitor users and interested parties, and neighbors.
The imonitor info is still at http://johnloop.com/imonitor. [I still haven't transitioned to https.... accept the plain http if you have to in your browser]
Note the description docs there, such as http://johnloop.com/imonitor/
As usual, I have attached the current web page provided by the Rpi, as a pdf. The customer can browse to this rpi and look at his network stats and do some configuration as well..
Continuing our adventures in Windstream ADSL/Internet land here on the mountain. ....and elsewhere! I also have "guinea pigs" on Uverse, comcast, hughes, smarterbroadband, and spectrum ISPs. As always, I sincerely appreciate the use of your Internet connection to continue to develop this service!! I invariably learn invaluable things peculiar to the different ISPs. Please let me know of anybody who could benefit from this.
Monthly Performance report
I notice Windstream had a big maintenance/configuration interval the morning of 16th March. I recorded about 4 IP reconfigurations, and two "no response" indications. These things are necessary from time to time. I like to consider it a "positive" thing and hope they are upgrading/replacing equipment. Other than that, no real problems to report this month on the mountain. I continue to monitor the Rpis in my network.
Interesting News
Adrianna noticed a recent Big Canoe [GA] meeting where Windstream was reporting on upgrades they are making in Big Canoe. They are actually adding coax [NOT the normal skinny telephone cable pairs] to enable them to offer 100Mbs service. ....The site www.bigcanoenews.com seems to have disappeared, so I cannot link it! It is no secret that Windstream has had abysmal ISP ratings for a long time, but they have invested a lot of money to upgrade their service over the past few years - allowing all of us to upgrade for free to bonded service [12-24 Mbs if our distance permits it], so I give them some credit. I am not sure we will ever see machines laying coax on our mountain for the 50? or so properties - now THAT would be a big capital investment. And of course we will expect to pay not a cent more. I still contend that the wireless services [such as ATT, Sprint, Verizon] will eventually evolve their services to compete, removing the capping restrictions now in place. I would guess still ten years. Windstream and other landline providers may well be history then. In the meantime, you can utilize my imonitor service to keep track of your Internet performance - it represents an excellent way -nearly the only way- to gauge its long term performance.
Imonitor Improvements since the last newsletter:
[scroll down to see the previous newsletters from last year]
1. I have added a temperature probe to the Rpi. Tho this is far from IP networking, it is a very useful, and easy feature to add to the Rpi. I have added scripting and web control of the temperature probe. You can set an UP limit and a DOWN limit, and receive email alerts if the temperature exceeds the settings. I also report the current temperature, and the average of yesterday's temperatures. This is all controllable from the web page of the Rpi, as reported in the daily emaily. Just browse to it from your PC. The current collection interval is 15 minutes, 24 hours a day.
Let me know if you can think of unique uses for this. I have placed one of my Rpis in my well housing to monitor the temperature - which I have worried about during the very cold days in the winter. You will need an AC outlet [or a battery....] and wifi access to your home network [or ethernet access if you have it there]. You must also make sure the Rpi will not incur water -rain!
I am sure there are other uses which I have not imagined. Maybe you can think of some!!? I also decided to turn off my HVAC over my last trip [leaving it in "emergency mode" to trigger on if temp fell below 50]. I was able to remotely access the Rpi and watch the temp in my house. It got down to 53 degrees, even tho it was in the low 20's for several days. I can teach you how to remotely access your Rpi, which is esp easy if you already access your network remotely when away.
Let me know if you want this temp probe for your Rpi. It requires you to plug it into the Rpi [I will have directions]. It will also require me to enable a device driver [linux kernel module] on your Rpi. The temp probe is a 10 foot long cable, with the probe -about 1/4" in diameter- at the end, so you need to plan the location for the Rpi, and the probe [maybe you can mount the Rpi inside and drill a hole and expose the temp probe outside?] - making sure it has AC power, wifi [or ethernet], and is waterproofed if you place it outside. I only ask you to reimburse me for the cost of the probe - about $10.
2. I have added an email alert if your [Internet] IP address changes. I have found this very useful to indicate ISP "problems" or "maintenance" or "reconfigurations" - after the fact of course, esp in remote areas like our mountains. IP addresses are normally cycled every few weeks - to a month [unless you have a static IP of course]. You can turn the email alert off via the web page if so desired. Please recall the other "ISP monitoring" - via the ability to monitor your neighbor's Internet connection by looking at the "Neighbor's last minute ping delays." This only applies of course if your neighbors are on the same ISP as you, which is the case for Windstream on our mountain. The customers who are on ISPs -by themselves- have no such reference.
3. The wifi reporting is expanded, and included in the daily email. You should understand all wifi networks within your range, esp those whose SSID is unknown to you, and whose encryption key is off. The Rpi is able to report on all the wifi networks visible, which makes it invaluable in doing this. This is done whether or not the Rpi wifi is participating in your network [has the wifi key]. It represents what a hacker can do to scan your network, looking for open access. On our mountain this is not much of a problem with our remote area and distance from each other. Still if your wifi network is 100 feet from the road, and it is open, a hacker can still park there and do you terrible damage!!
4. The Temperature sensor alerts [UP or DOWN] are added to the daily emails, along with a time stamp.
5. The IP address change alerts are also included in the daily emails, along with a time stamp.
Work on coding and scripts
I continue to massage the scripts to minimize the amount of traffic on your Internet connection. I still hope to add the graphing capability. I will add the ability to turn OFF the mgmt link until the next day. I would love to add a water sensor alerting as well. If you are like me, you have had burst pipes, and since they build houses without bsmt floor drains these days, it can be pretty catastrophic.
In summary I have the current samples of Internet connections and devices:
1. Lucy with simple unbonded windstream ADSL using Westell modem -ethernet and wifi -two cascaded routers
2. Ed and Mark and Adrianna with bonded windstream ADSL using Sagecom 4320 -ethernet and wifi
3. John with bonded windstream service using ActionTEC3200 -ethernet and wifi, plus temp probe
4. John using Hughes Satellite connection -ethernet only -two cascaded routers
5. Phil is on an ATT Uverse bonded connection. -ethernet and wifi, plus temp probe
6. Scott is on a wireless ADSL connection in CA. -wifi only
7. John using wifi only in distant location -two cascaded routers
8. Kevin is on a comcast cable modem connection -ethernet and wifi GA
9. Mike is on spectrum Cable in FL
As always, I sincerely appreciate the use of your network connection to develop these services. I eagerly solicit any suggestions or advice for additions or improvements. John
Previous
Newsletter 2-4-2018
Dear imonitor users and interested parties, and neighbors.
The imonitor info is still at http://johnloop.com/imonitor. [I still haven't transitioned to https.... accept the plain http if you have to in your browser]
Note the description docs there, such as http://johnloop.com/imonitor/
Continuing our adventures in Windstream ADSL/Internet land here on the mountain. ....and elsewhere! Uverse, comcast, hughes, smarterbroadband.
As always, I sincerely appreciate the use of your Internet connection to continue to develop this service!!
Please let me know of anybody who could benefit from this.
Monthly Performance report
No real problems to report this month on the mountain. I continue to monitor the Rpis in my network.
Interesting News:
You may be aware of the spectre/meltdown vulnerabilities in virtually EVERY PC. PLEASE keep your OS up to date - they are making modifications to address this. HOWEVER, there is no sure fix yet for the spectre vulnerability. The best advice I would give is to close and restart your PC after using browsers/password managers for important sites like your banking accounts. If you happen to get an exploit on your PC, it can read sensitive info in the CPU cache. Here is a good reference. https://krebsonsecurity.com/2018/01/scary-chip-flaws-raise-spectre-of-meltdown/
Go here to get a windows too to check your vulnerability: https://www.grc.com/inspectre.htm I can vouch for the authenticity.
Also, please consider using "quad9" as your DNS provider -- 9.9.9.9. I have noticed better response since switching to this.
Imonitor Improvements since the last newsletter:
1. The addition of wifi monitoring is the biggest news. The Rpi will attempt to join your wifi network [if a key is provided, or if the network is open]. Even without joining the wifi, we can still scan for wifi characteristics. If the wifi is able to join the network, ping monitoring is done across the wifi network to the source of the wifi - typically your home router. This compliments the wireline monitoring which performs ping monitoring into the Internet. We can thus get a feel for the -home- wifi performance independently of the -Internet- wireline performance.
2. The ability to run "wifi only," "wirleline only," or "wifi AND wireline" monitoring is automatic.
3. The Rpi will do a scan of your wifi network, listing all the networks. You should study this to make sure it is what is expected. Especially if you live where there are multiple wifi networks available. The email will list these networks.
---> the list of wifi networks detected and their characteristics is performed every 10 minutes. This is available by refreshing the Rpi webpage. This is also snapshotted at 12:50AM for the daily email. I have noticed that some wifi networks "come and go." It might pay to understand "who are these guys." LOTs of devices have wifi capability, and may not broadcast their SSID.
---> there are thus 3 situations in which the Rpi will monitor:
a. wireline (ethernet) only - monitor your Internet access. No monitor of wifi, other than reporting wifi characteristics
b. wifi only - monitor your in-house network, or if you have wifi only Rpi, both Internet and in-house via wifi
c. wireline and wifi simultaneously.
The quality of the wifi monitoring may depend on the Rpi location. If possible, locate it coincident with the furthest wifi device in your house. [and it would be "ideal" -for monitor purposes- to have an ethernet connection there as well!]
4. Monitoring of your router path to your IXC [internet exchange carrier]. For people on the same ISP, such as the windstream customers on the mountain here [Jasper, GA], the path to the wider Internet is the same. There are usually 4 hops to get to the IXC. This can be difficult to ascertain. I will be investigating this further. Any insight you can lend is appreciated! It gets VERY complicated in Internet land, and changes rapidly.
--> By monitoring this path at one customer, I can ascertain the performance of the windstream network for all customers on the mountain. --and you can too. You can answer the question "does only my Internet suck?" :-)
E.g. here is the traceroute for a windstream customer. The 192.168.254.254 is the home router. The next four entries are routers encountered on the way to the IXC, which are usually the same for people on the mountain. Of course this is layer 3 Internet only --there are a multitude of layer 1/2 devices that are transited [for example, you don't see your ADSL remote term-the one sitting on Monument Road- at all]. These are impossible to see unless you work for telco and can access their network mgmt systems.
traceroute to 128.223.142.244 (128.223.142.244), 7 hops max, 60 byte packets <- someplace WAY out on Internet to guarantee transit to IXC 1 MyRouter.Home (192.168.254.254) 0.641 ms 0.747 ms 0.735 ms <- home router 2 h3.84.134.40.static.ip.windstream.net (40.134.84.3) 9.319 ms 10.876 ms 11.111 ms <- this hop and the next 3 are often the same 3 ae4-0.agr01.cmrc01-ga.us.windstream.net (40.128.251.104) 10.854 ms 12.180 ms 13.721 ms 4 ae13-0.cr01.atln02-ga.us.windstream.net (40.132.58.106) 16.592 ms 17.388 ms 17.378 ms 5 173.205.35.17 (173.205.35.17) 17.628 ms 17.618 ms 17.782 ms <- I believe this is windstream's appearance at the IXC, tho it is difficult to pin down
I snapshot this route at 1AM and add it to the Rpi web page.
5. These stats are all available by browsing to the Rpi on your local network. This address is given in the email you receive each day. It is perfectly safe to browse to this web page --it is internal to your network.
--> I have attached a snapshot of the current Rpi webpage for those not having the imonitor service.
--> I have attached a snapshot of the daily email. Notice the wifi network listing.
Work on coding and scripts
I continue to massage the scripts to minimize the amount of traffic on your Internet connection. Currently it is much much less than 1kb/s. The Raspberry pi is very busy however, digesting all the data and presenting it. I have been very busy adding the wifi monitoring and updating the Rpi web page to present all the data.
In summary I have the current samples of Internet connections and devices
1. Lucy with simple unbonded windstream ADSL using Westell modem -ethernet and wifi -two cascaded routers
2. Ed and Mark and Adrianna with bonded windstream ADSL using Sagecom 4320 -ethernet and wifi
3. John with bonded windstream service using ActionTEC3200 -ethernet and wifi
4. John using Hughes Satellite connection -ethernet only -two cascaded routers
5. Phil is on an ATT Uverse bonded connection. -ethernet and wifi
6. Scott is on a wireless ADSL connection in CA. -wifi only
7. John using wifi only in distant location -two cascaded routers
8. Kevin is on a comcast cable modem connection -ethernet and wifi
Previous
Newsletter 12-20-2017:
Monthly performance report
No real information to pass on this month on our users. If you suspect your internet performance, you CANNOT rely simply on a speedtest. If your speedtests are continually marginal, from multiple devices on your network, you need to access your router page and look at the DSL statistics. Look especially for SNR [noise margins] as a minimum - it should exceed 6dB upstream and downstream. Your ADSL line may be degrading, and occasional reboots of your modem are necessary. If you have the imonitor service, you can always look at your speedtest history, and also access your router from the Rpi webpage.
Interesting News:
Please consider changing your DNS provider to "Quad9" This should be even better than using OpenDNS. You can change the DNS in your router, or do it individually on each PC. Here is a reference. The imonitor Rpi will continue to use whichever DNS server is passed out via DHCP from your router.
https://arstechnica.com/information-technology/2017/11/new-quad9-dns-service-blocks-malicious-domains-for-everyone/
The "exciting" news is that the web page reporting on all the stats for your ADSL has been updated again. Point your browser to the IP address reported in the email you receive every morning [such as "http://192.168.254.1] and you can have a dynamic view of your network performance. This access is all internal to your network, so there are no Internet worries!!! This work is all done on the Raspberry Pi, so there is almost zero effect on your local network /Internet. I am still working on refining this view. Please check this out and let me know what you think. Any comments are sincerely appreciated.
For those that do not have a Raspberry Pi, there is a screenshot attached -Rpitestindex.pdf. Would be great to add a graph to these......
The improvements since the last newsletter:
1. I have reordered some lists so the current value is on the TOP -boottime and IP address change iframes
2. I have an entry for the last minute ping delay. You can refresh your browser every minute if you want to actively pick it up. [it does not autorefresh in the browser, tho you COULD change this page to do that. The page refreshes automatically once per hour].
3. I have an entry for the average ping delay for yesterday. This is calculated at the end of the day at 1AM.
4. I have entry reporting on the average last minute ping delays of your ISP neighbors. You can compare your last minute ping delay with your neighbors. This is quantized and be delayed up to 20 minutes. And of course it depends on your Internet access being active. [check the config to see if your are online]. The definition of "neighbors" and the scripting to collect the data will be changing. Maybe configurable.
5. I now have a weeks worth of data available in the "piweeklytars" iframe. The last month's data is still in the "pilastmonth" iframe. There is now a "htmlroot" iframe giving access to all the raw data as well.
6. I am collecting the actual route to the ISP. I hope to collect and compare this between users. It will invariably be the same for all users on an ISP [such as windstream]. Thus monitoring it at one user [such as myself], I can monitor everybody's access to the Internet. I hope to add this feature. In the meantime, the reporting of your neighbor's ping delays gives a good feel.
7. I have updated and upgraded all Rpis to the latest code. I rebooted the Rpis to take up the new kernel.
Remember, you will have to find the IP address of your Raspberry pi to browse to it. This is reported in the email you receive each day. You can simply click on that link in the email to take you to the browser. "http://192.168.254.something" is usually the IP address.
I will repeat the description I gave last month:
The scripts attempt a connect to google every minute of every day. This resets at beginning of month.
The scripts perform a speedtest at 3AM and 3PM [I may add a 9PM]. This is done from the Rpi of course!
The scripts perform a single ping every minute of every day to a stable Internet IP address. These are counted and reset at beginning of every day. [The stats for ping counts for the last 6 days can be found in the files "[1,2...]dayprevious.tar" e.g. If there was a ping error, it is added to the "PingErrorsToday" file and a traceroute is performed and added to the file "4AMerrored.txt" file e.g. ]. There will be an entry for each ping failure.
The wait time for both the connect and the ping is 15 seconds; no response and a failure is declared. There are 44640 minutes in a 31 day month. I don't do quite that many.... housekeeping and such.
Additions since then:
Last minute ping delay
Yesterday ping delay average
Your ISP Neighbor's last min ping delays
Route to IXC
Week's worth of stats available in piweeklytars directory
Previous Newsletter 11-13-2017
Greetings former/current/prospective imonitor users,
I has been a long month since the last monthly update -:)
Work has continued sporadically on all fronts, using my guinea pigs --whom I really appreciate. I need to find a "present" for you !
I have been able to help several people with their Internet access by pinpointing problems. Joy had a stable, but marginal Internet access, which occasionally fell below marginal. She was able to get the upgrade to bonded, and get her pair fixed. Sharon actually had a defective pair where one wire was disconnected. She is having an upgrade to bonded and the fix of the pair. If you know of anybody having problems, let me know and I can help diagnose the problem. During the early days of this development, there is no charge for this testing, as, like I said, I am using you as a guinea pig for this project! I now have 10 of the RPis in test/"production."
1. I have cleared up quite a few anomalies in the scripts revealed by several locations. The Raspberry pi does not have a real time clock, which adds complications.
2. I have considerably enhanced the local web view, and have attached a screenshot showing a representative view. This is the view which you can see by browsing to your local Raspberry pi. The IP address link will be given in your daily email. Otherwise, you have to find the IP address by going into your router e.g. I can tell you what this is if you need.
3. As a latest addition, the local web view now allows for the situation when the imonitor Raspberry pi is BEHIND an internal router in your network. If you are like me, you may have an internal router, besides your Internet (ADSL/cable modem/satellite) router to provide "privacy."
---> you can login to your router [and your internal router if so] and access the lower layer performance. Some routers present a page without logging in, and require you to login for changes. Depending on how your browser is configured, you can save the login. This is a much more convenient way to access your Internet [and internal?] router.
4. The "last" improvement I want to add is to add a graph of some of the performance variables. I have the source code and will be working on this. Hopefully Phil will help me.
5. I have strived to minimize the actual Internet usage, so that I do not interfere with your Internet bandwidth. The latest measurements show maybe 100-200 bytes/sec average, except for three instances.
-- I take speedtests two times a day, at 3AM and 3PM.
-- I mail the update page at about 1AM each morning
6. I have changed the scripts to allow for different configuration. These configs can easily be changed [with discretion] by root.
---> In this way, you may be able to have a continual measurement of your access to an important Internet resource. e.g. O'Neill -- you could use this to have a continuous gauge of your connectivity to your upstream resource.
-- you may specify a different ping target
-- you may specify a different connect target
-- you may specify a different customer email
-- you may specify a different ping timeout value
-- you may specify a different DNS pull target
-- you may specify a different address for the "real router," meaning the Raspberry pi gateways to an internal router. I do this via custom config.
-- there are other configs relating to mgmt server, email
7. All the processing and scripting to measure network performance is done on the Raspberry pi. There is no tax on your internal networks.
---> you can simply have a web page open on one of your main Computers pointed to the raspberry pi to monitor your Internet.
8. as discussed in the references, there is no attempt to monitor/discover/communicate with your internal network devices. [other than the normal ARPing, multicast background activity].
9. as discussed in the references, the Raspberry pi sits on your internal network, behind your [ADSL/cable modem/satellite] network router. or it can sit behind the internal router behind your Internet router!
As always, there is introductory information at http://johnloop.com/imonitor/imonitor.html --> additional detailed references are noted in this web page.
-> This report created at: Thu Jan 17 00:58:06 CST 2019 Your RPI STANDALONE is currently: OFF -> pi21 Internet IP: 99.120.107.XX Internet ISP [Last two fields]: 99-120-107-XX.lightspeed.XXXXXX.sbcglobal.net. Your RPI monitor: http://192.168.1.70 Internet gateway: http://192.168.1.254 -> Yday 3AM speedtest: Ping: 14.209 ms Download: 7.66 Mbit/s Upload: 1.27 Mbit/s -> Yday 3PM speedtest: Ping: 14.311 ms Download: 7.66 Mbit/s Upload: 1.40 Mbit/s Yday Ping Errors: 0 Yday Good Pings: 1357 via: 12.250.24.50 Yday ping delay avg (ms): 19.52 -> Boot/online stats Last boot time: 2019-01-01 01:17:23 Since boot offline mins: 1 Yesterday offline mins: 0 Since boot online mins: 22990 via: www.google.com Rpi monitor [local network SAFE link -click to access Rpi stats] to: http://192.168.1.70 To access this http site, even tho local, you may need to OK exception on chrome or FFox -> WIFI wifi networks detected at 12AM: [followed by their Encryption key status/signal quality/channel] ESSID:"3515_K5NF" ESSID:"3515_K5NF" ESSID:"3515_K5NF" ESSID:"3515_K5NF" ESSID:"google" ESSID:"google" ESSID:"2WIRE269" ESSID:"copper" ESSID:"ATT3cuD5nV" ESSID:"google" ESSID:"3515_K5NF" ESSID:"Taco Shack EX" ESSID:"MySpectrumWiFi28-2G" ESSID:"" ESSID:"3515_K5NF" ESSID:"UniFi-AC" ESSID:"Unifi-AC-Guest" ESSID:"" ESSID:"" ESSID:"TC8717T67" ESSID:"" ESSID:"l1nternet" ESSID:"3515_K5NF" ESSID:"copper" ESSID:"MotoVAP_M91329SA18VB" Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Encryption key:on Quality=70/70 Signal level=-33 dBm Quality=70/70 Signal level=-30 dBm Quality=46/70 Signal level=-64 dBm Quality=70/70 Signal level=-31 dBm Quality=44/70 Signal level=-66 dBm Quality=37/70 Signal level=-73 dBm Quality=33/70 Signal level=-77 dBm Quality=27/70 Signal level=-83 dBm Quality=20/70 Signal level=-90 dBm Quality=25/70 Signal level=-85 dBm Quality=37/70 Signal level=-73 dBm Quality=31/70 Signal level=-79 dBm Quality=27/70 Signal level=-83 dBm Quality=70/70 Signal level=-30 dBm Quality=35/70 Signal level=-75 dBm Quality=31/70 Signal level=-79 dBm Quality=31/70 Signal level=-79 dBm Quality=48/70 Signal level=-62 dBm Quality=47/70 Signal level=-63 dBm Quality=27/70 Signal level=-83 dBm Quality=37/70 Signal level=-73 dBm Quality=31/70 Signal level=-79 dBm Quality=49/70 Signal level=-61 dBm Quality=36/70 Signal level=-74 dBm Quality=22/70 Signal level=-88 dBm You should understand all networks, esp hidden [no SSID] and unsecured [Encryption key:off] Yesterday wifi ping average delay to router [if wifi is participating] -msec- 0 -> Temperatures [if equipped] Yesterday temp average [if temp sensor present]: 0 -> Internet scan This is a non-intrusive scan of common ports on your Internet connection Be WARY of -Host is up- this means you are discoverable -pingable Be WARY of - XXX/tcp open - ports -you may be vulnerable Be WARY of - XXX/tcp closed - ports -you are discoverable Reference to understand port state: nmap.org/book/man-port-scanning-basics.html Go to www.grc.com/x/ne.dll?bh0bkyd2 for vulnerability scan of your Internet connection -click "Proceed", then "Common Ports" on next page This site is a trustworthy, widely used resource to test Internet vulnerability Starting Nmap 5.51 ( http://nmap.org ) at 2019-01-17 06:16 EST Nmap scan report for 99-120-107-42.lightspeed.rcsntx.sbcglobal.net (99.120.107.42) Host is up (0.0015s latency). Not shown: 999 filtered ports PORT STATE SERVICE VERSION 113/tcp closed auth Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 5.82 seconds -> Network hosts Local hosts on your network [yesterday 3AM]: Name determination can be difficult. Use "nmap -A -T4 -Pn IPaddress" 192.168.254.70 192.168.254.50 192.168.254.108 192.168.254.113 192.168.254.116 192.168.254.117 192.168.254.118 192.168.254.124 192.168.254.132 192.168.254.133 192.168.254.103 192.168.254.131 192.168.254.245 192.168.254.247 192.168.254.254 192.168.254.253 -> Internal Network scan [yesterday 4AM] is here: http://192.168.1.70/localnmap.txt Previous Network scan is here: http://192.168.1.108/previous_localnmap.txt