The router is the highway of your network. Devices in your network are constantly sending traffic back and forth to connect with other devices and access online services. The traffic exchanged between devices tells you a lot about your network.
By monitoring network traffic you can identify cyber-attacks and network events that will affect the stability of your connection. In this article, we’re going to look at how to monitor router traffic.
If you made it here looking for the best tools for the job, here are the three best tools for monitoring router traffic:
- SolarWinds NetFlow Traffic Analyzer EDITOR’S CHOICE Perform real-time traffic and bandwidth monitoring and analysis using flow data that is built into most routers. Download a 30-day free trial.
- Paessler PRTG Network Monitor (FREE TRIAL) Auto-detects and begins monitoring all connected network routers, and offers good performance data for identifying faults and traffic bottlenecks.
- ManageEngine NetFlow Analyzer Real-time network monitoring that uses flow data. Able to detect environmental changes and set alerts.
- 1 Why Do I Need to Monitor Router Traffic?
- 2 Using Your Router to Monitor Traffic
- 3 How to Monitor Network Traffic with a Packet Sniffer (Wireshark)
- 4 Three Best Router Traffic Monitoring Tools and Software
- 5 Monitoring Router Traffic with a Network Monitoring Tool
Why Do I Need to Monitor Router Traffic?
Everyday devices and applications use network traffic to operate and it is important to make sure that network resources are distributed evenly to support all these services.
For example, if you have an application that is eating up a disproportionate amount of bandwidth, other services are going to suffer from latency and interruptions. By monitoring router traffic you can identify which application is causing the problem and take steps to return the connection back to normal.
If allowed to go unchecked, bandwidth hogs can take network resources away from other devices. In other words, regularly monitoring traffic is vital for making sure that network performance stays up to speed.
Using Your Router to Monitor Traffic
When monitoring network traffic you have the choice of monitoring directly through the router or using a third-party network monitoring tool. In this section, we’re going to look at how you can use a router to monitor your network traffic. Before we begin, it’s important to note that the process will depend on the brand and model of your router. That being said there are a number of similarities across vendors:
- If you want to use your router to monitor network traffic then you first need to find your router’s local IP address. If you haven’t changed the IP address then its likely to be 192.168.1.1.
- On Windows if you don’t know the IP address then open a command prompt and enter the following command:
You will find your IP address listed next to Default Gateway, which will look something like this:
Default Gateway . . . . . . . . . . . . . . . . : 192.168.1.6
- Now that you have the IP address, open up your web browser and type the IP address into the search bar. Now press Enter.
- A page will display that asks you to enter your router’s admin username and password. If you haven’t configured a unique username and password you should check the router’s documentation to find the default login credentials. (You can also search online for information on a vendor’s factory settings).
- Once logged in you will be able to interact with the router’s interface. What performance data you can view at this stage depends on the vendor who produced it. Try to look for a list of devices or a status section (some modern routers have bandwidth monitoring sections).
- Once you find a section that displays network traffic you can start to look for which devices use the most bandwidth. If you don’t find this information or there isn’t enough detail then you’ll need to use a network monitoring tool instead.
How to Monitor Network Traffic with a Packet Sniffer (Wireshark)
Monitoring router traffic with a network monitoring tool is the best way to go due to the range of monitoring options you have at your disposal. Wireshark is one of the most popular wifi analyzers or packet sniffers in the world. Many enterprises use this tool to monitor their network traffic.
Wireshark is widely used because it’s free and can reliably monitor network performance. In this section, we’re going to look at how you can use Wireshark to monitor your network.
Before we begin you will need to download and install the program from this link here. During the installation process make sure that you install WinPcap when prompted so you can capture live network traffic.
Now that the program is installed it’s time to start configuring your monitoring settings.
Once you launch Wireshark, under Capture you’ll be shown various types of connections: Bluetooth Network Connection, Ethernet, VirtualBox Host-Only Network, and Wi-Fi.
- The first thing you need to do is choose which type of network you want to monitor – Wi-Fi is used in this example (use the Shift or Ctrl keys to select multiple networks).
- Click the Capture button at the top of the screen.
- Once the drop-down menu displays press Start to start packet capture (or double-click on the network you want to capture data from).
- To stop capturing click on the red Stop button next to the shark fin in the toolbar.
Reading Packet Data in Wireshark
Now that you’ve captured packets in Wireshark it is time to inspect them. In Wireshark, the data from captured packets is broken down into three different sections. Each of these sections provides you with different information. These sections are:
- Packet List – Located under the search bar. Shows the Number, Time, Source Destination, Protocol, and Info of captured protocols. The packet list section will provide you with the main details you need during monitoring.
- Packet Details – Located under the Packet list pane. Shows the protocols within the selected packet. You can click on the arrow next to packet data to view more information.
- Packet Bytes – Located at the bottom of the screen below the Packet Details pane. Shows the internal data of the packet in hexadecimal format.
These are the three areas where you need to look when monitoring packet captures. It is important to note that Wireshark uses color-coding to help the user distinguish between captured packet types. To find out what each color denotes which packet click on View > Coloring Rules. You can create new rules by pressing the + button or delete rules with the – button.
Using Filters in Wireshark
When capturing data in Wireshark you will need to configure a capture filter to limit the information that you collect. To filter packets on Wireshark click the Filter box beneath the toolbar and enter TCP (or another protocol you want to filter for). The TCP search criteria will ensure that only packets using the TCP protocol are captured. You can also use the Bookmark icon on the left of the entry field to activate other popular filters.
In addition, you can apply filters to filter data that has already been recorded. These are called Display filters.
Related: How to conduct a network stability test.
Three Best Router Traffic Monitoring Tools and Software
While Wireshark is a good tool it doesn’t offer the variety of features or refined user experience that many other proprietary tools do. In this section we’re going to look at the top three alternative tools for monitoring network traffic:
SolarWinds NetFlow Traffic Analyzer is an infrastructure monitoring tool that monitors router traffic for a variety of software vendors. The program offers bandwidth and performance monitoring which can be managed via the performance analysis dashboard. The performance analysis dashboard enables the user to drag and drop performance metrics onto a timeline which shows the general network data trends on the network.
SolarWinds NetFlow Traffic Analyzer uses NetFlow, J-Flow, sFlow, NetStream, IPFIX, and SNMP to monitor your network. For bandwidth monitoring, the platform can identify bandwidth-hogging applications or devices. All of this information can be viewed through the dashboard. You can view pie charts of Top 10 Applications and NetFlow Sources.
The software starts at a price of $1,945 (£1,560). There is also a 30-day free trial version you can download.
If you’re looking for a detailed but accessible bandwidth monitoring experience, SolarWinds NetFlow Traffic Analyzer is powerful tool that is second to none. We particularly like the ability to set alerts on a wide range of network conditions and the customizable network traffic reports.
Start 30-day Free Trial: solarwinds.com/netflow-traffic-analyzer
OS: Windows Server 2012 R2 or later, SQL Server 2012 or later, 64-bit recommended
Paessler PRTG Network Monitor is another network monitoring tool that can be used to monitor traffic. PRTG Network Monitor uses SNMP, NetFlow, sFlow, and jFlow to monitor network performance. The tool enables the user to measure the bandwidth consumption of devices in the network to make sure no device is using too many resources.
The SNMP Traffic Sensor comes preconfigured to show traffic data on Traffic in, Traffic out, and Traffic total. These can be expanded to include Errors in and out, Discards in and out, Unicast packets in and out, Non-unicast packets in and out, Multicast packets in and out, Broadcast packets in and out, and Unknown Protocols. You can select between Live Data or Historic Data over a time period of your choice.
PRTG Network Monitor is free for less than 100 sensors. If you want more then you’ll need to purchase an upgrade. Paid versions of PRTG Network Monitor start at $1,600 (£1,283) for 500 sensors and one server installation up to $60,000 (£48,126) for unlimited sensors and five server installations. There is a 30-day free trial version.
3. ManageEngine NetFlow Analyzer
ManageEngine NetFlow Analyzer is a bandwidth monitor that analyses network traffic in real-time. The software supports flow data in the form of NetFlow, sFlow, IPFIX, Netstream, jFlow, and AppFlow. All of this information can be viewed from the dashboard which provides you with a complete view of network performance. For instance, you can view pie charts on the top applications and top protocols within the network.
To monitor changes in your environment, ManageEngine NetFlow Analyzer has threshold-based alerting. You can configure your own threshold values to decide what activity will trigger an alert. For example, you can set a threshold for bandwidth utilization and stipulate the number of times that utilization can be exceeded before an alert is sent onward.
ManageEngine NetFlow Analyzer is available for Windows and Linux and is available as an Essential or Enterprise version. The Essential version costs $595 (£477) with 10 licenses for interfaces and support for up to 50k flows.
The Enterprise version costs $1,295 (£1,039) with licenses for 10 interfaces and support for up to 80k flows per collector. There is also a 30-day free trial version you can download from this link here.
Monitoring Router Traffic with a Network Monitoring Tool
Though there are countless ways to monitor router traffic we recommend that you download a network monitoring tool for the best results. Even the best routers can only show you so much information. Using a specialized network monitoring solution will provide you with much better visibility.
Tools like Wireshark, SolarWinds NetFlow Traffic Analyzer, PRTG Network Monitor, and ManageEngine NetFlow Analyzer are all ideal for monitoring network traffic in modern enterprises.
Related post: The Best NetFlow Analyzers & Collectors