Network Monitoring

non Hubitat question here

Lately Comcast has been complaining to us about our home data use and it has seemed to increase since Christmas without an obvious cause. I checked the router and there was a firetv device that is not ours and blocked it. Working on changing the wireless password now.

All that being said what is a good way to monitor traffic from individual devices? Current network is an orbi mesh system with a number of switches attached. I am open to a small appliance, raspberry pi or I have an unraid server that I run dockers on.

Do you have the xfinity app? We have comcast and anytime a new device connects to our router we get notified. Maybe that would help a little?

1 Like

It's a sad day when Xfinity (comcast) has a better router experience than Netgear :(.
I say this as also an Orbi user.

Eero router has this feature as well. I recently purchased this device. The downside is Eero is owned by Amazon. I'm sure they'd like to get their hands on our website usage.

With the orbi I can definitely block new connections but I would really like to see more data about what is happening on the network.

It kind of depends on whether you want to do monitoring to be alerted if something is going wrong or if you want to understand more about how the bits flow around from device to device. If you want to see how it all works, IMO nothing beats Wireshark. When I was a young engineer, what Wireshark does required a dedicated piece of hardware from Network General called a Sniffer at over $10K (US) a copy.

If you want to aggregate information from your network connected devices to make a dashboard you can look at to see status at a glance - there are a ton of solutions - one popular (good) one is Nagios.

Note - in both cases I am talking about and ethernet network (wired or wireless), not Z-Wave, Zigbee, or ClearConnect.

2 Likes

How do you do this? Specifically be aware of new connections

I have a Fingbox. It automatically blocks internet access for all new devices by ARP spoofing. Works with any router.

2 Likes

Does it do traffic monitoring?

It (fingbox) doesn't really do device level continuous traffic monitoring, but it does have some bandwidth analysis tools, and will let you generate join/unjoin notifications, and allow for blocking of devices.

I think you'd need a device like a firewall or more capable router to do individual device traffic monitoring. Or as @Eric.C.Miller pointed out Wireshark or Nagios, but both IMO have a steepish learning curve.

My Ubiquiti edge router certainly does some traffic monitoring, but that's a whole different kettle of fish.

S.

1 Like

You can probably put this on a raspberry pi. I've used this inside enterprise environments to do traffic analysis and application mapping.

ntop is a great tool and will do exactly what you want. You can also download an eval of NetMRI from infoblox which lasts for 60 days. You'll only want to use the discovery portion of this:

https://info.infoblox.com/resources-evaluations-netmri

I’ll take a look at these. Comcast notifies us that we used another 100gb in the last day which seems suspect.

I’ve toyed with building a Pfsense router box, maybe this will be the final straw.

I had this issue happen to me a couple years ago. My cable company was logging 100’s of gigabytes than my modem was logging.

It was hypothesized that someone was spoofing my WAN IP. I swapped my modem and the issues was resolved.

I'm very tempted by the Ubiquitu Dream machine, would you recommend based on that comment?

I really can't speak to the Dream Machine. I have a EdgeRouter Lite, and 3 AP's, plus a Cloud Key V1.

Having said that, in general, I like the Unifi management interface, and I think if I did things over from scratch, I'd probably get a USG of some variant (Ubiquiti - UniFi® Security Gateway) a CloudKey V2 (Ubiquiti | Simplifying IT) and some APs. In other words, I wouldn't hesitate to buy MORE Ubiquiti equipment.

The Dream Machine combines all these capabilities in one unit, but I'm not a big fan of All-In-Ones, although to be fair, it is a lot cheaper than my present configuration.

However, based on my Ubiquiti experience, and a number of reviews I read if you put me on the spot, I'd recommend Ubiquiti products (and the Dream Machine) over any consumer off the shelf router/Wifi solution available today.

BUT I am definitely biased.

S.

I use Ubiquiti Unifi a lot for clients (deploying 1 today and another on Monday with a Dream Machine). The software is mostly great with a very nice web GUI. If you are looking for a decent "out-of-the-box" solution the Dream Machine is a very good mix of form function and cost. If what Unifi thinks is not needed you truly don't need, I would bless the purchase (like my blessing matters lol)

That being said I do find some very silly features totally missing from Unifi and is the reason I personally cannot justify using them in my office.

~~1st is no DHCP reservations. This is silly and almost a deal breaker. This can be done with most any router, but not on the Unifi software. They says just use static IP's, not ideal for me. ~~ Incorrect you can set it see ogiewon post below.

2nd the firewall software is.... sub-optimal, and the major deal breaker for me. Their Geo filtering works, but you cannot override a Geo filter with an "allow" rule on the firewall. Example I block 95% of all traffic outside the US coming into our servers. However I have a few clients in misc. countries due to military deployment. I need to be able to "allow" that traffic via specific IP allow rules to override the Geo filter. It does not work with Unifi, silliness.

Both of these "features" are default in Untangled and most any decent firewall/routers. For a SDN you would think they would offer every configuration other routers/firewalls do, but I feel Unifi focuses more on the VLAN and App/Web GUI than some of the basic firewall/routing.

I prefer OPNSense to pfSense but both are decent. Also if going the Ubiquiti (?non-DM?) route have you seen packetfence?

https:/packetfence.org

Will give you godlike powers apparently.. this is yet another project I might be fooling around with at some point in the mysterious future.

1 Like

That's incredibly interesting. I would have thought the exact opposite from them. Does that mean most businesses that use Unifi use a secondary firewall solution?

@SoundersDude Depends on the business. I did a restaurant today, and a day care center next week. Neither need fancy firewall rules and I can deal with static assignments (helps that you can assign them in one web gui, plus I get paid by the hour :money_mouth_face:).

But yes if I client needs a "real" firewall we usualy go SonicWall, or Barracuda (Untangle for free home).

Can you please clarify this a little? Is this true only for the UDM systems, or also for USG based solutions? I don't have either solution, but I have been keeping an eye on the UniFi hardware...thus my curiosity...:wink:

I am pretty sure the USG can reserve an IP based on MAC address on a per client basis - isn't that what this procedure describes?

https://help.ubnt.com/hc/en-us/articles/360023759313-UniFi-USG-How-to-Set-a-Static-IP-Reservation-for-a-Client-UniFi-Device