Monitoring your network traffic is crucial for ensuring that your devices (especially IoT ones) aren’t being used as entry points for bad actors. By keeping an eye on what’s happening on your network, you can spot unusual activity before it becomes a serious issue.

Here’s how you can monitor your network traffic:

Step 1: Access Your Router’s Admin Page

1. Connect to your network: Make sure you’re connected to the router you want to monitor.

2. Find the router’s IP address: This is typically something like 192.168.1.1 or 192.168.0.1. You can find it by:

   • Windows: Open a command prompt and type ipconfig, then look for the "Default Gateway."

   • Mac: Go to System Preferences > Network, select your connection, and find the router IP under "Advanced."

3. Log into your router: Open a web browser, type the router IP into the address bar, and log in with your admin credentials. If you haven’t changed them from the default, now would be a good time to do so.

   
   

Step 2: Enable Traffic Monitoring (If Supported by Router)

Many modern routers come with basic network traffic monitoring tools built in.

1. Find the traffic monitoring section: This could be under headings like "Traffic Analyzer," "Bandwidth Control," or "Network Monitoring."

2. Enable traffic logging: Toggle this on to start logging traffic to and from the devices on your network.

3. Check for device activity: Most routers will let you see a list of connected devices and how much data they are sending or receiving. Use this to identify which devices are using the most bandwidth or behaving unusually.

   
   

Step 3: Use Third-Party Network Monitoring Tools

If your router doesn’t support built-in monitoring or you want more detailed insights, there are several third-party tools you can use:

1. Wireshark (Advanced)

• What it does: Wireshark captures and analyzes packets (the small chunks of data that move across the network), giving you extremely detailed information about your network traffic.

• How to use it:

  1. Download and install Wireshark on your computer.

  2. Open the program and select your network interface (Wi-Fi or Ethernet).

  3. Start a capture to see live data packets moving through your network.

  4. Look for unusual traffic, such as unknown devices sending large amounts of data or connections to suspicious IP addresses.

  5. Wireshark is an advanced tool, but it’s extremely powerful for spotting detailed activity.

     
     

2. GlassWire (User-Friendly)

• What it does: GlassWire provides a simpler, more user-friendly interface for monitoring network traffic, showing you graphs and alerts for suspicious activity.

• How to use it:

  1. Download and install GlassWire.

  2. Open the app, and it will automatically start monitoring your network traffic.

  3. You’ll see graphs showing how much data each device is using and alerts if it detects something suspicious (like unusual IP connections).

  4. GlassWire is a good option for people who want a simple, visual way to monitor traffic without the complexity of Wireshark.

     
     

3. OpenWrt and DD-WRT (Advanced)

• What they do: These are open-source router firmware that can replace your router’s default firmware to add advanced monitoring features.

• How to use them:

  1. Install OpenWrt or DD-WRT on your router (check compatibility first!).

  2. Access the advanced traffic monitoring and logging features built into these firmware.

  3. Set up tools like Bandwidth Monitoring and Syslog to capture network traffic and alert you to potential issues.

     
     

Step 4: Set Up Alerts for Suspicious Activity

Whether you’re using your router’s built-in tools or third-party software, setting up alerts is a good way to ensure you’re notified when something strange happens on your network.

1. Threshold alerts: Set up alerts when certain devices exceed a specified bandwidth or make connections to unknown IP addresses.

2. Device alerts: Some tools will notify you when a new, unknown device connects to your network.

3. Unusual connection alerts: Set up alerts for traffic that is being sent to or from countries you don’t normally connect to.

   
   

Step 5: Check for Intrusion Detection

Some routers and third-party tools offer basic Intrusion Detection Systems (IDS) to alert you if they detect malicious or unusual activity on your network.

1. Router with IDS/IPS: Many higher-end routers (like some ASUS or Netgear models) come with built-in IDS (Intrusion Detection Systems) or IPS (Intrusion Prevention Systems). These can block suspicious activity before it affects your network.

2. Third-party IDS: Tools like Snort or Suricata are popular open-source intrusion detection systems you can install on a server or dedicated machine on your network.

   
   

Step 6: Regularly Review Logs

Once you’ve set up monitoring, make it a habit to check your traffic logs regularly. Look for:

• Devices sending or receiving unusually high volumes of data.

• Connections to unknown or suspicious IP addresses.

• Devices connecting at odd times, especially if you’re not using them.

Tips for Better Network Monitoring

• Update Your Router: Keep your router’s firmware up to date. Many manufacturers release security updates that patch vulnerabilities.

• Use Strong Passwords: Make sure your network and router admin passwords are strong. Avoid using default passwords.

• Disable Unused Services: Turn off services like UPnP if you don’t need them, as these can be exploited by attackers.

• Enable Encryption: Make sure you’re using WPA3 (or at least WPA2) for Wi-Fi encryption. WEP is outdated and insecure.

By monitoring your network traffic, you’ll get ahead of any threats before they turn into serious breaches. Keep an eye out, stay secure, and—like Randy says—Trust Nothing, Verify Everything.

Help support the cause of spreading security awareness in a fun and engaging way!

Or leave a comment, suggestion, kudos, whatever! Engagement tells us we are doing something right (or wrong) but we won't know until YOU tell us - and we want to hear from you!