Lately Comcast has been complaining to us about our home data use and it has seemed to increase since Christmas without an obvious cause. I checked the router and there was a firetv device that is not ours and blocked it. Working on changing the wireless password now.
All that being said what is a good way to monitor traffic from individual devices? Current network is an orbi mesh system with a number of switches attached. I am open to a small appliance, raspberry pi or I have an unraid server that I run dockers on.
Eero router has this feature as well. I recently purchased this device. The downside is Eero is owned by Amazon. I'm sure they'd like to get their hands on our website usage.
It kind of depends on whether you want to do monitoring to be alerted if something is going wrong or if you want to understand more about how the bits flow around from device to device. If you want to see how it all works, IMO nothing beats Wireshark. When I was a young engineer, what Wireshark does required a dedicated piece of hardware from Network General called a Sniffer at over $10K (US) a copy.
If you want to aggregate information from your network connected devices to make a dashboard you can look at to see status at a glance - there are a ton of solutions - one popular (good) one is Nagios.
Note - in both cases I am talking about and ethernet network (wired or wireless), not Z-Wave, Zigbee, or ClearConnect.
It (fingbox) doesn't really do device level continuous traffic monitoring, but it does have some bandwidth analysis tools, and will let you generate join/unjoin notifications, and allow for blocking of devices.
I think you'd need a device like a firewall or more capable router to do individual device traffic monitoring. Or as @Eric.C.Miller pointed out Wireshark or Nagios, but both IMO have a steepish learning curve.
My Ubiquiti edge router certainly does some traffic monitoring, but that's a whole different kettle of fish.
You can probably put this on a raspberry pi. I've used this inside enterprise environments to do traffic analysis and application mapping.
ntop is a great tool and will do exactly what you want. You can also download an eval of NetMRI from infoblox which lasts for 60 days. You'll only want to use the discovery portion of this:
I really can't speak to the Dream Machine. I have a EdgeRouter Lite, and 3 AP's, plus a Cloud Key V1.
Having said that, in general, I like the Unifi management interface, and I think if I did things over from scratch, I'd probably get a USG of some variant (Ubiquiti - UniFi® Security Gateway) a CloudKey V2 (Ubiquiti | Simplifying IT) and some APs. In other words, I wouldn't hesitate to buy MORE Ubiquiti equipment.
The Dream Machine combines all these capabilities in one unit, but I'm not a big fan of All-In-Ones, although to be fair, it is a lot cheaper than my present configuration.
However, based on my Ubiquiti experience, and a number of reviews I read if you put me on the spot, I'd recommend Ubiquiti products (and the Dream Machine) over any consumer off the shelf router/Wifi solution available today.
I use Ubiquiti Unifi a lot for clients (deploying 1 today and another on Monday with a Dream Machine). The software is mostly great with a very nice web GUI. If you are looking for a decent "out-of-the-box" solution the Dream Machine is a very good mix of form function and cost. If what Unifi thinks is not needed you truly don't need, I would bless the purchase (like my blessing matters lol)
That being said I do find some very silly features totally missing from Unifi and is the reason I personally cannot justify using them in my office.
~~1st is no DHCP reservations. This is silly and almost a deal breaker. This can be done with most any router, but not on the Unifi software. They says just use static IP's, not ideal for me. ~~ Incorrect you can set it see ogiewon post below.
2nd the firewall software is.... sub-optimal, and the major deal breaker for me. Their Geo filtering works, but you cannot override a Geo filter with an "allow" rule on the firewall. Example I block 95% of all traffic outside the US coming into our servers. However I have a few clients in misc. countries due to military deployment. I need to be able to "allow" that traffic via specific IP allow rules to override the Geo filter. It does not work with Unifi, silliness.
Both of these "features" are default in Untangled and most any decent firewall/routers. For a SDN you would think they would offer every configuration other routers/firewalls do, but I feel Unifi focuses more on the VLAN and App/Web GUI than some of the basic firewall/routing.
That's incredibly interesting. I would have thought the exact opposite from them. Does that mean most businesses that use Unifi use a secondary firewall solution?
@SoundersDude Depends on the business. I did a restaurant today, and a day care center next week. Neither need fancy firewall rules and I can deal with static assignments (helps that you can assign them in one web gui, plus I get paid by the hour ).
But yes if I client needs a "real" firewall we usualy go SonicWall, or Barracuda (Untangle for free home).
Can you please clarify this a little? Is this true only for the UDM systems, or also for USG based solutions? I don't have either solution, but I have been keeping an eye on the UniFi hardware...thus my curiosity...
I am pretty sure the USG can reserve an IP based on MAC address on a per client basis - isn't that what this procedure describes?