On OS X - Best Way To Monitor if Internet Connection Drops?

[DirtyLarry Veteran]

I am on OS X.

I am wondering what the best, easiest way to monitor if my internet is stable and does not drop.

Unfortunately I do not have direct access to the modems supplied by my ISP.

This is at work, however we have or own direct line in our area.

 

I have found this website, which seems decent, however it only shows the past 20 results or so.

I would love to be able to let it run overnight, come in tomorrow

 

When I check the logs of the router (an Asus RT-N66U), I do see the following, which I have not a clue what it means.

Jun 18 13:00:42 kernel: eth2: received packet with  own address as source address
Jun 18 13:02:59 kernel: eth1: received packet with  own address as source address
Jun 18 13:21:01 kernel: eth2: received packet with  own address as source address
Jun 18 14:02:13 kernel: eth1: received packet with  own address as source address
Jun 18 14:28:44 kernel: eth1: received packet with  own address as source address
Jun 18 14:30:44 kernel: eth1: received packet with  own address as source address
Jun 18 14:35:50 kernel: eth2: received packet with  own address as source address
Jun 18 14:40:43 kernel: eth1: received packet with  own address as source address
Jun 18 14:54:45 kernel: eth2: received packet with  own address as source address
Jun 18 17:00:55 kernel: eth1: received packet with  own address as source address
Jun 18 19:05:08 miniupnpd[430]: Expired NAT-PMP mapping port 23234 UDP removed
Jun 18 19:05:08 miniupnpd[430]: Expired NAT-PMP mapping port 23234 TCP removed
Jun 19 08:36:05 dnsmasq-dhcp[310]: Ignoring domain wks.jnj.com for DHCP host name WJANUSL3BEK8T
Jun 19 09:07:28 kernel: eth2: received packet with  own address as source address
Jun 19 09:16:04 kernel: eth1: received packet with  own address as source address
Jun 19 09:55:38 kernel: eth1: received packet with  own address as source address
Jun 19 10:32:26 kernel: eth1: received packet with  own address as source address
Jun 19 10:33:18 kernel: eth2: received packet with  own address as source address
Jun 19 10:33:36 kernel: eth2: received packet with  own address as source address
Jun 19 10:34:40 kernel: eth1: received packet with  own address as source address
Jun 19 11:10:11 kernel: eth2: received packet with  own address as source address
Jun 19 12:41:07 kernel: eth2: received packet with  own address as source address
Jun 19 12:49:06 kernel: eth2: received packet with  own address as source address
Jun 19 12:55:40 kernel: eth1: received packet with  own address as source address
Jun 19 13:47:08 miniupnpd[430]: Expired NAT-PMP mapping port 23234 UDP removed
Jun 19 13:47:08 miniupnpd[430]: Expired NAT-PMP mapping port 23234 TCP removed

Any help would be appreciated.

I did post a thread a few weeks back about redoing the network here at work, will find out today if I get the go ahead to do that, but we do believe we have a much larger issue where our main line keeps dropping, and Optimum is of course saying it is not.

 

TIA,

DL

 

[sc302 Veteran]

Well you could always ping out.  If you don't like that then you could establish a ping to your outside ip from a monitoring service. 

 

something like this

https://www.pingdom.com/free/

[DirtyLarry Veteran]

Well you could always ping out.  If you don't like that then you could establish a ping to your outside ip from a monitoring service. 

 

something like this

https://www.pingdom.com/free/

How would one ping out but keep a log of it? Is there a simple enough Terminal command I can use to do so?

Ideally I would love to be able to set it up on a laptop, let it run overnight, then come back the next morning and see if and when the connection dropped.

[sc302 Veteran]

I don't have an osx box but an ping that never terminates that sends its output to a text file would be all you need. Not sure how you would time stamp it though.

[zhangm Supervisor]

I don't have an OS X box that I can ssh into so that I can write and check a script, but you can make a cronjob that invokes the date and ping commands periodically and append it to a log file using command >> /file/path.

 

Something like the following as a cronjob. Here, the ping tries once immediately after the date is printed:

date >> ~/Desktop/pinglog.txt && ping -c1 google.com >> ~/Desktop/pinglog.txt

[+BudMan MVC]

Jun 18 13:00:42 kernel: eth2: received packet with own address as source address
Jun 18 13:02:59 kernel: eth1: received packet with own address as source address

 

This is happening on both your wan and lan interfaces?  Are you running wireless repeaters, something that repeats traffic?  Where is the router connected in your network?  You have a switching loop maybe?  You clearly should not be seeing those..  Telling you its seeing a packet inbound that has its mac address..  Can you draw up your network and where this is placed.

 

Jun 18 19:05:08 miniupnpd[430]: Expired NAT-PMP mapping port 23234 UDP removed
Jun 18 19:05:08 miniupnpd[430]: Expired NAT-PMP mapping port 23234 TCP removed

 

These are telling you it removed its port forward - since you have UPnP enabled, also known as NAT-PMP..  This is business network - why and the hell would UPnP/NAT-PMP be enabled?? 

http://en.wikipedia.org/wiki/Universal_Plug_and_Play

http://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol

 

That port is not a registered port, if I had to guess its someone running P2P software on your network - again not something that should be running a work network.  That is your router telling you it removed the forward..  The log is useless because it doesn't tell you to where it was mapped too which would be actual useful info..

[DirtyLarry Veteran]

BudMan.
This is not an official business network. It is the same exact network I outlined in this thread which has been established as being all wrong. I am currently waiting on the go ahead to get the $3500 to redo it properly. As such it is still exactly as I shared in that thread.

Additionally this was my own personal router from home, an Asus NR66TU, that I had set up just to see if one of our Linksys was not working properly, so that is why UPnP was enabled, everything was at the default settings (which is pretty much for a home network) as I had literally just did a Factory Reset on the router. Only thing that was changed was I assigned it a Static IP as shown in the diagrams on that other thread.

 

At the time I copy and pasted those logs there were only 4 clients total connected.
My boss's phone, my phone, my iPad, and my laptop. So I can say with the utmost of certainty no one was running any P2P software whatsoever. Could it have been another app on my laptop?

 

To be honest you guys are losing me. I have no idea what a cronjob is and as I have admitted with that other thread, I do not know all that much about Networking but am willing to learn (if possible).

 

The reason for wanting to monitor our internet connection and the point of this thread as I am fairly certain our ISP is not being truthful with the reliability of the line they are providing. We are constantly dropping, whether it is with the Linksys E4200v2's, my Asus Router, or my laptop plugged directly into the modem they provide itself, the connection just randomly drops, and frequently at that.

 

It is a unique condition as the ISP over 15 years ago had this one line from approximately a half a mile away on the local highway run into our building directly to originally provide TV signal to a VP's conference room. I am not making that up. They refuse to do any work on the line as we are the sole customer in the building so to speak, and we are only paying them $220 a month, which is actually going to drop to $110 soon when I redo everything. So it is an older line with a ton of noise and feedback, they will admit that much, and they have installed a bunch of taps and feeders within our building along the line itself in order to try and control all of the feedback, and it is pretty clear they are all having a detrimental affect on the stability of the line. However when I try and confront them about it, they pretty much take the stance of go ahead and prove it, so that is what I am trying to achieve here. Maybe that clears some stuff up. Maybe not.

 

[HawkMan]

Is there no software similar to ping plotter for osx that allows monitoring of the connection combined with trace so you can see when and where the connection drops.

 

Ping plotter is nearly a must have tool for network monitoring of unstable connections. And when the ISP says it you, you can show the plots and that everything works fine until their systems take over :)

[+BudMan MVC]

You could always just run smokeping on whatever machine you have.  http://oss.oetiker.ch/smokeping/

 

This great tool for monitoring your network connection.

 

examples

 

really bad connection

 

much better connection

 

This will show you if loosing any pings, what the response time is, etc... You can set it up to ping as many different IPs as you want and have graphs off all of them..  Run it in a VM if won't run on whatever os your using.

 

As to UPnP or NAT-PMP being on by default --- bad bad idea!!!  Bad Router Maker!!!  That should be OFF by default..

 

As to dropping -- well if you have a freaking switching loop.. It would be amazing if anything works ;)  From your diagram you posted I don't see one - but someone plugged in an extra cable where not suppose to be, etc.  That you don't have shown on your diagram.

 

Do you know how to run a virtual machine?  If so could pop out a ovf for you running somkeping.. And then just put in the hosts you want to monitor.

[nabz0r Veteran]

If you have loop in the network, why not shut all the ports and enable the ones you want with "port security with sticky MAC address" enabled and you can change the default too if you want to. This way even if someone plugs something you'll know about it and this is for Cisco switches, I haven't seen your diagram and I don't know if you have a Cisco switch or not but I am sure other brands might have similar thing. Just a hint :)

[DirtyLarry Veteran]

As to dropping -- well if you have a freaking switching loop.. It would be amazing if anything works ;)  From your diagram you posted I don't see one - but someone plugged in an extra cable where not suppose to be, etc.  That you don't have shown on your diagram.

 

Do you know how to run a virtual machine?  If so could pop out a ovf for you running somkeping.. And then just put in the hosts you want to monitor.

Thank for smokeping. Will check it out.

 

Can you elaborate on "freaking switching loop" please? 

And when you say someone plugged in an extra cable, you do mean with something connected on the other end right? Or could it be a cable plugged into a switch with nothing on the other end? Would that cause an issue? There is only one extra cable plugged in that I know of,  We leave a cable with nothing plugged in on the other end into the switch sometimes for people who go in and out of a certain room. I never knew that to cause trouble but if it could, then yeah we could have find the culprit.

 

And it has been a while since I ran a virtual machine, so yep thing I could probably do so again.

The network from my previous thread is 95% WiFi though and almost always used for iPads.

[+BudMan MVC]

So plug in something to it.. So you can ping your AP and your internet gateway, etc..  Running smokeping

 

So I setup a quick vm - so if need be I can export it for you already running

 

So see here its pinging my isp gateway for last few hours.

 

 

I also set it up to ping the some hosts I have out on the net.. My box in NL, my vps boxes on westcoast and east coast of us for testing speeds, etc.

 

 

So you notice the spike in the graph..  That is where I filled up my download pipe grabbing a copy of raspbian -- so since my pipe was full for a bit, pings that happened during that period would be much slower than normal.  So you see the time increase.

 

You should really set this up for monitoring your isp connection and even connections to your different AP, etc.  This should show you when there is an issue with on, its offline - something is eating up the network bandwidth, etc..  So for example here is to my wireless controller and my AP and other devices on my wireless segment.

 

I set this up in a few minutes this morning - it really is not hard to get something like this running.

 

As to "Switching loop"  More than one path without stp running. Which you don't have any smart switches from what I saw..  So unlikely stp is running (spanning tree protocol) -- used to protect against switching loop.

 

http://en.wikipedia.org/wiki/Switching_loop

 

Here is an example of some problems you can have with a switching loop

 

No if the cable is not connected at the other end its not a loop.

 

So in the picture above computer 1 sends a broadcast or multicast looking for something..  Do you know what a broadcast or multicast packet is?  That is when computer wants to talk to anyone or bunch of people at the same time (multicast), not a specific IP address.  This could be an arp looking for the mac address of IP it wants to talk too, could be dhcp discover asking dhcp server for an IP..  Could be broadcasting for a computer name, lots of reasons for broadcast traffic.

 

So computer 1 sends broadcast, switch  A says oh broadcast packet - I send that out every port!!  So sends out broadcast to both B and C switches..  B switch sees broadcast and sends it out to C switch as well.  C switch can say oh broadcast coming from B switch - send it to A switch..  This is the same broadcast the A switch sent out..  Now computer 2 gets two copies of the same broadcast.  This can cause a problem with what they call a "broadcast storm"  The network is so busy sending resending broadcasts that normal traffic doesn't work.

 

Now smartswitch or managed switches can look for switching loops and block 1 of the paths.  Which now this allows you to maintain 2 physical paths for redundancy sake - say one of the wires breaks or switch fails, etc.

 

So in your log the router was saying hey I saw a packet on my interface that said it came from me..  That should not be possible unless for some reason the physical network that eth0 is connected to is same network eth1 is connected too.  You had your router in AP mode?  Did you have its wan interface connected and lan port connected at the same time to the same switch or switches that had a connection between them?

[PGHammer]

I am on OS X.

I am wondering what the best, easiest way to monitor if my internet is stable and does not drop.

Unfortunately I do not have direct access to the modems supplied by my ISP.

This is at work, however we have or own direct line in our area.

 

I have found this website, which seems decent, however it only shows the past 20 results or so.

I would love to be able to let it run overnight, come in tomorrow

 

When I check the logs of the router (an Asus RT-N66U), I do see the following, which I have not a clue what it means.

Jun 18 13:00:42 kernel: eth2: received packet with  own address as source address
Jun 18 13:02:59 kernel: eth1: received packet with  own address as source address
Jun 18 13:21:01 kernel: eth2: received packet with  own address as source address
Jun 18 14:02:13 kernel: eth1: received packet with  own address as source address
Jun 18 14:28:44 kernel: eth1: received packet with  own address as source address
Jun 18 14:30:44 kernel: eth1: received packet with  own address as source address
Jun 18 14:35:50 kernel: eth2: received packet with  own address as source address
Jun 18 14:40:43 kernel: eth1: received packet with  own address as source address
Jun 18 14:54:45 kernel: eth2: received packet with  own address as source address
Jun 18 17:00:55 kernel: eth1: received packet with  own address as source address
Jun 18 19:05:08 miniupnpd[430]: Expired NAT-PMP mapping port 23234 UDP removed
Jun 18 19:05:08 miniupnpd[430]: Expired NAT-PMP mapping port 23234 TCP removed
Jun 19 08:36:05 dnsmasq-dhcp[310]: Ignoring domain wks.jnj.com for DHCP host name WJANUSL3BEK8T
Jun 19 09:07:28 kernel: eth2: received packet with  own address as source address
Jun 19 09:16:04 kernel: eth1: received packet with  own address as source address
Jun 19 09:55:38 kernel: eth1: received packet with  own address as source address
Jun 19 10:32:26 kernel: eth1: received packet with  own address as source address
Jun 19 10:33:18 kernel: eth2: received packet with  own address as source address
Jun 19 10:33:36 kernel: eth2: received packet with  own address as source address
Jun 19 10:34:40 kernel: eth1: received packet with  own address as source address
Jun 19 11:10:11 kernel: eth2: received packet with  own address as source address
Jun 19 12:41:07 kernel: eth2: received packet with  own address as source address
Jun 19 12:49:06 kernel: eth2: received packet with  own address as source address
Jun 19 12:55:40 kernel: eth1: received packet with  own address as source address
Jun 19 13:47:08 miniupnpd[430]: Expired NAT-PMP mapping port 23234 UDP removed
Jun 19 13:47:08 miniupnpd[430]: Expired NAT-PMP mapping port 23234 TCP removed

Any help would be appreciated.

I did post a thread a few weeks back about redoing the network here at work, will find out today if I get the go ahead to do that, but we do believe we have a much larger issue where our main line keeps dropping, and Optimum is of course saying it is not.

 

TIA,

DL

The better tools (not just for OS X, but for any OS/distribution) are those that are designed to monitor the connection for activity - unfortunately, all too many of those are manufacturer-specific (I'm referring to GUI-based "watchdog" utilities, including Apple's own AirDrop - which can't be used for wired Ethernet, for example).  It's not just an OS X problem - it's an all-OSes problem; at least Windows has started to step up with basic watchdog-type monitoring for wireless connections - however, you still have to do third-party for similar tools for wired connections.

[+BudMan MVC]

 

"(I'm referring to GUI-based "watchdog" utilities, including Apple's own AirDrop - which can't be used for wired Ethernet, for example)"

 

 

 

What?  watchdog util like airdrop??  Airdrop is not a watchdog util.. :huh: