The router is the highway of your network. Devices in your network are constantly sending traffic back and forth to connect with other devices and access online services. The traffic exchanged between devices tells you a lot about your network.
By monitoring network traffic you can identify cyber-attacks and network events that will affect the stability of your connection. In this article, we’re going to look at how to monitor router traffic.
If you made it here looking for the best tools for the job, here are the three best tools for monitoring router traffic:
- SolarWinds NetFlow Traffic Analyzer EDITOR’S CHOICE Perform real-time traffic and network bandwidth monitoring and analysis using flow data that is built into most routers. Download a 30-day free trial.
- Paessler PRTG Network Monitor (FREE TRIAL) Auto-detects and begins monitoring all connected network routers, and offers useful performance data for identifying faults and traffic bottlenecks.
- ManageEngine NetFlow Analyzer Real-time network monitoring that uses flow data. Able to detect environmental changes and set alerts.
Why Do I Need to Monitor Router Traffic?
Everyday devices and applications use network traffic to operate and it is important to make sure that network resources are distributed evenly to support all these services.
For example, if you have an application that is eating up a disproportionate amount of available bandwidth, other services will suffer from latency and interruptions. By monitoring router traffic you can identify which application is causing the problem and take steps to return the connection back to normal.
If allowed to go unchecked, bandwidth hogs can take network resources away from other critical network hardware. In other words, regularly monitoring traffic is vital for making sure that network performance stays up to speed.
Using Your Router to Monitor Traffic
When monitoring network traffic you have the choice of monitoring directly through the router or using third-party network monitoring software. In this section, we will look at how you can use a router to monitor your network traffic. Before we begin, it’s important to note that the process will depend on the brand and model of your router. However, there are standard procedures for examining a router regardless of vendor and whether it is a router for a wired or a wireless network:
- If you want to use your router to monitor network traffic then you first need to find your router’s local IP address. If you haven’t changed the IP address then it’s likely to be 192.168.1.1.
- On Windows if you don’t know the IP address then open a command prompt and enter the following command:
You will find your IP address listed next to Default Gateway, which will look something like this:
Default Gateway . . . . . . . . . . . . . . . . : 192.168.1.6
- Now that you have the IP address, open up your web browser and type the IP address into the search bar. Now press Enter.
- A page will display that asks you to enter your router’s admin username and password. If you haven’t configured a unique username and password you should check the router’s documentation to find the default login credentials. (You can also search online for information on a vendor’s factory settings).
- Once logged in you will be able to interact with the router’s interface. What performance data you can view at this stage depends on the vendor who produced it. Try to look for a list of devices or a status section (some modern routers have bandwidth monitoring sections).
- Once you find a section that displays network traffic you can start to look for which devices use the most bandwidth. If you don’t find this information or there isn’t enough detail then you’ll need to use a network monitoring tool instead.
Related post: Wireshark & other top packet sniffers
Although the quality and bandwidth of the cable in your network is an important factor when examining capacity, traffic monitoring can’t occur directly on the wire. In order to see how much traffic passes down each link, you have to examine the throughput of the routers and switches at each end of the connection.
Information extracted from routers about traffic flows will highlight which links are overloaded and which cables have less traffic. By tracking traffic flows on your network over time, it is possible to see which links are overloaded. This information will enable you to re-organize the network topology to get better value out of your infrastructure.
Capacity planning tools need historical traffic data as input and the best source of this information comes from querying the routers on the network. Many network traffic monitoring tools also include capacity planning utilities so they can collect source information, store, and analyze it in one closed loop.
Wireless Networks and Wireless Routers
The managers of networks that include wireless routers cannot overlook the traffic flow data from those devices. Hybrid networks usually use wireless for the last hop to selected endpoints, so ignoring traffic data from wireless routers would result in an incomplete record of network performance.
Although wireless networks have different operating methods and transmission protocols, the functions of wireless routers are fundamentally the same as those for wired networks – the router has to get a packet of data to the endpoint named as the destination in the packet header.
Just like routers on wired networks, wireless routers measure passing traffic and record metrics about traffic throughput. Network monitoring systems can query wireless routers just as well as standard routers. The premium network monitoring tools include wireless footprint visualizations, which substitute for the network topology maps that they compile for wired networks.
How to Monitor Network Traffic with a Packet Sniffer (Wireshark)
Monitoring router traffic with a network monitoring tool is the best way to go due to the range of monitoring options you have at your disposal. Wireshark is one of the most popular wifi analyzers or packet sniffers in the world. Many enterprises use this tool to monitor their network traffic.
Wireshark is widely used because it’s free and can reliably monitor network performance. In this section, we’re going to look at how you can use Wireshark to monitor your network.
Before we begin you will need to download and install the program from this link here. During the installation process make sure that you install WinPcap when prompted so you can capture live network traffic.
Now that the program is installed it’s time to start configuring your monitoring settings.
Once you launch Wireshark, under Capture you’ll be shown various types of connections: Bluetooth Network Connection, Ethernet, VirtualBox Host-Only Network, and Wi-Fi.
- The first thing you need to do is choose which type of network you want to monitor – Wi-Fi is used in this example (use the Shift or Ctrl keys to select multiple networks).
- Click the Capture button at the top of the screen.
- Once the drop-down menu displays press Start to start packet capture (or double-click on the network you want to capture data from).
- To stop capturing click on the red Stop button next to the shark fin in the toolbar.
Reading Packet Data in Wireshark
Now that you’ve captured packets in Wireshark it is time to inspect them. In Wireshark, the data from captured packets is broken down into three different sections. Each of these sections provides you with different information. These sections are:
- Packet List – Located under the search bar. Shows the Number, Time, Source Destination, Protocol, and Info of captured protocols. The packet list section will provide you with the main details you need during monitoring.
- Packet Details – Located under the Packet list pane. Shows the protocols within the selected packet. You can click on the arrow next to packet data to view more information.
- Packet Bytes – Located at the bottom of the screen below the Packet Details pane. Shows the internal data of the packet in hexadecimal format.
These are the three areas where you need to look when monitoring packet captures. It is important to note that Wireshark uses color-coding to help the user distinguish between captured packet types. To find out what each color denotes which packet click on View > Coloring Rules. You can create new rules by pressing the + button or delete rules with the – button.
Using Filters in Wireshark
When capturing data in Wireshark you will need to configure a capture filter to limit the information that you collect. To filter packets on Wireshark click the Filter box beneath the toolbar and enter TCP (or another protocol you want to filter for). The TCP search criteria will ensure that only packets using the TCP protocol are captured. You can also use the Bookmark icon on the left of the entry field to activate other popular filters.
In addition, you can apply filters to filter data that has already been recorded. These are called Display filters.
Related: How to conduct a network stability test.
Three Best Router Traffic Monitoring Tools and Software
While Wireshark is a good tool it doesn’t offer the variety of features or refined user experience that many other proprietary tools do. In this section we’re going to look at the top three alternative tools for monitoring network traffic:
SolarWinds NetFlow Traffic Analyzer is infrastructure monitoring software that monitors router traffic for a variety of software vendors. The program offers bandwidth and network performance monitoring which can be managed via the performance analysis dashboard. The performance analysis dashboard enables the user to drag and drop performance metrics onto a timeline which shows the general network data trends on the network.
SolarWinds NetFlow Traffic Analyzer uses NetFlow, J-Flow, sFlow, NetStream, IPFIX, and SNMP to monitor your network. For bandwidth usage, the platform can identify bandwidth-hogging applications or devices. All of this information can be viewed through the dashboard. You can view pie charts of Top 10 Applications and NetFlow Sources.
The software starts at a price of $1,945 (£1,560). There is also a 30-day free trial version you can download.
If you’re looking for a detailed but accessible bandwidth monitoring experience, SolarWinds NetFlow Traffic Analyzer is a powerful tool that is second to none. We particularly like the ability to set alerts on a wide range of network conditions and the customizable network traffic reports.
Start 30-day Free Trial: solarwinds.com/netflow-traffic-analyzer
OS: Windows Server 2012 R2 or later, SQL Server 2012 or later, 64-bit recommended
Paessler PRTG Network Monitor is another network usage monitoring tool that can be used to monitor traffic. PRTG Network Monitor uses SNMP, NetFlow, sFlow, and jFlow to monitor network usage and performance. The tool enables the user to measure the bandwidth consumption of devices in the network to make sure no device is using too many resources.
The SNMP Traffic Sensor comes preconfigured to show traffic data on Traffic in, Traffic out, and Traffic total. These can be expanded to include Errors in and out, Discards in and out, Unicast packets in and out, Non-unicast packets in and out, Multicast packets in and out, Broadcast packets in and out, and Unknown Protocols. You can select between Live Data or Historic Data over a time period of your choice.
PRTG Network Monitor is free for less than 100 sensors. If you want more then you’ll need to purchase an upgrade. Paid versions of PRTG Network Monitor start at $1,600 (£1,283) for 500 sensors and one server installation up to $60,000 (£48,126) for unlimited sensors and five server installations. There is a 30-day free trial version.
3. ManageEngine NetFlow Analyzer
ManageEngine NetFlow Analyzer is a bandwidth usage monitor that analyses network traffic in real-time. The software supports flow data in the form of NetFlow, sFlow, IPFIX, Netstream, jFlow, and AppFlow. All of this information can be viewed from the centralized overview which provides you with a complete view of network usage and performance. For instance, you can view pie charts on the top applications and top protocols within the network.
To monitor changes in your environment, ManageEngine NetFlow Analyzer has threshold-based alerting. You can configure your own threshold values to decide what activity will trigger an alert. For example, you can set a threshold for bandwidth utilization and stipulate the number of times that utilization can be exceeded before an alert is sent onward.
ManageEngine NetFlow Analyzer is available for Windows and Linux and is available as an Essential or Enterprise version. The Essential version costs $595 (£477) with 10 licenses for interfaces and support for up to 50k flows.
The Enterprise version costs $1,295 (£1,039) with licenses for 10 interfaces and support for up to 80k flows per collector. There is also a 30-day free trial version you can download from this link here.
Monitoring Router Traffic with a Network Monitoring Tool
Though there are countless ways to monitor router traffic we recommend that you download a network monitoring tool for the best results. Even the best routers can only show you so much information. Using a specialized network usage monitoring solution will provide you with much better visibility.
Tools like Wireshark, SolarWinds NetFlow Traffic Analyzer, PRTG Network Monitor, and ManageEngine NetFlow Analyzer are all ideal for monitoring network traffic in modern enterprises.
Monitor Router Traffic FAQs
Can router monitoring help prevent network failures?
It is easier to ensure constant network uptime if you have continuous network monitoring. Conditions on routers can deteriorate very quickly and a daily check on network devices isn’t enough to get sufficient warnings about potential points of failure. Network monitoring tools that use performance thresholds will alert technicians when statuses indicate that a problem is evolving, giving time to head off network failure.
How can I monitor network speed?
There are many different measures of network speed. You can monitor speed on a link or speed on a route from one point of a network to another node (end-to-end). NetFlow monitoring systems cover transfer speeds as one of the metrics that they report on. Automated monitoring tools can give constant and comprehensive information about data rates all across the network. However, Ping is a useful tool for monitoring the roundtrip time from one point on a network to another if you want to perform your speed tests manually.
How can I stop connectivity drop-offs in my network?
Dropped connections are much more likely with wifi networks than with wired networks. With wired networks ensure that all routers and switches are functioning correctly and not overloaded. With wireless networks:
- Keep router firmware up-to-date
- Refer to a wireless heatmap to ensure complete signal coverage on the premises
- Add repeaters or extra APs in areas that have no signal
- Inform mobile users of areas of the premises where there is no wifi service
- Ensure wireless routers have sufficient capacity to meet demand
Related post: The Best NetFlow Analyzers & Collectors