By monitoring network traffic you can identify cyber-attacks and network events that will affect the stability of your connection. In this article, we’re going to look at how to monitor router traffic.

If you made it here looking for the best tools for the job, here are the three best tools for monitoring router traffic:

  • SolarWinds NetFlow Traffic Analyzer EDITOR’S CHOICE Perform real-time traffic and network bandwidth monitoring and analysis using flow data that is built into most routers. Download a 30-day free trial.
  • Paessler PRTG Network Monitor Auto-detects and begins monitoring all connected network routers, and offers useful performance data for identifying faults and traffic bottlenecks.
  • ManageEngine NetFlow Analyzer Real-time network monitoring that uses flow data. Able to detect environmental changes and set alerts.

Why do I need to monitor router traffic?

Everyday devices and applications use network traffic to operate and it is important to make sure that network resources are distributed evenly to support all these services.

For example, if you have an application that is eating up a disproportionate amount of available bandwidth, other services will suffer from latency and interruptions. By monitoring router traffic you can identify which application is causing the problem and take steps to return the connection back to normal.

If allowed to go unchecked, bandwidth hogs can take network resources away from other critical network hardware. In other words, regularly monitoring traffic is vital for making sure that network performance stays up to speed.

How to monitor network traffic on your router

When monitoring network traffic you have the choice of monitoring directly through the router or using third-party network monitoring software. In this section, we will look at how you can use a router to monitor your network traffic. Before we begin, it’s important to note that the process will depend on the brand and model of your router. However, there are standard procedures for examining a router regardless of vendor and whether it is a router for a wired or a wireless network:

  • If you want to use your router to monitor network traffic then you first need to find your router’s local IP address. If you haven’t changed the IP address then it’s likely to be 192.168.1.1.

  • On Windows if you don’t know the IP address then open a command prompt and enter the following command:

C:\Users\Comparitech>ipconfig

You will find your IP address listed next to Default Gateway, which will look something like this:

Default Gateway . . . . . . . . . . . . . . . . : 192.168.1.6

  • Now that you have the IP address, open up your web browser and type the IP address into the search bar. Now press Enter.

  • A page will display that asks you to enter your router’s admin username and password. If you haven’t configured a unique username and password you should check the router’s documentation to find the default login credentials. (You can also search online for information on a vendor’s factory settings).

  • Once logged in you will be able to interact with the router’s interface. What performance data you can view at this stage depends on the vendor who produced it. Try to look for a list of devices or a status section (some modern routers have bandwidth monitoring sections).

  • Once you find a section that displays network traffic you can start to look for which devices use the most bandwidth. If you don’t find this information or there isn’t enough detail then you’ll need to use a network monitoring tool instead.

Related post: Wireshark & other top packet sniffers

Capacity planning

Although the quality and bandwidth of the cable in your network is an important factor when examining capacity, traffic monitoring can’t occur directly on the wire. In order to see how much traffic passes down each link, you have to examine the throughput of the routers and switches at each end of the connection.

Information extracted from routers about traffic flows will highlight which links are overloaded and which cables have less traffic. By tracking traffic flows on your network over time, it is possible to see which links are overloaded. This information will enable you to re-organize the network topology to get better value out of your infrastructure.

Capacity planning tools need historical traffic data as input and the best source of this information comes from querying the routers on the network. Many network traffic monitoring tools also include capacity planning utilities so they can collect source information, store, and analyze it in one closed loop.

Wireless networks and wireless routers

The managers of networks that include wireless routers cannot overlook the traffic flow data from those devices. Hybrid networks usually use wireless for the last hop to selected endpoints, so ignoring traffic data from wireless routers would result in an incomplete record of network performance.

Although wireless networks have different operating methods and transmission protocols, the functions of wireless routers are fundamentally the same as those for wired networks – the router has to get a packet of data to the endpoint named as the destination in the packet header.

Just like routers on wired networks, wireless routers measure passing traffic and record metrics about traffic throughput. Network monitoring systems can query wireless routers just as well as standard routers. The premium network monitoring tools include wireless footprint visualizations, which substitute for the network topology maps that they compile for wired networks.

How to monitor network traffic with a packet sniffer (Wireshark)

Monitoring router traffic with a network monitoring tool is the best way to go due to the range of monitoring options you have at your disposal. Wireshark is one of the most popular wifi analyzers or packet sniffers in the world. Many enterprises use this tool to monitor their network traffic.

Wireshark is widely used because it’s free and can reliably monitor network performance. In this section, we’re going to look at how you can use Wireshark to monitor your network.

Before we begin you will need to download and install the program from this link here. During the installation process make sure that you install WinPcap when prompted so you can capture live network traffic.

Now that the program is installed it’s time to start configuring your monitoring settings.

Once you launch Wireshark, under Capture you’ll be shown various types of connections: Bluetooth Network Connection, Ethernet, VirtualBox Host-Only Network, and Wi-Fi.

  • The first thing you need to do is choose which type of network you want to monitor – Wi-Fi is used in this example (use the Shift or Ctrl keys to select multiple networks).
  • Click the Capture button at the top of the screen.
  • Once the drop-down menu displays press Start to start packet capture (or double-click on the network you want to capture data from).
  • To stop capturing click on the red Stop button next to the shark fin in the toolbar.

Reading packet data in Wireshark

Now that you’ve captured packets in Wireshark it is time to inspect them. In Wireshark, the data from captured packets is broken down into three different sections. Each of these sections provides you with different information. These sections are:

  • Packet List – Located under the search bar. Shows the Number, Time, Source Destination, Protocol, and Info of captured protocols. The packet list section will provide you with the main details you need during monitoring.
  • Packet Details – Located under the Packet list pane. Shows the protocols within the selected packet. You can click on the arrow next to packet data to view more information.
  • Packet Bytes – Located at the bottom of the screen below the Packet Details pane. Shows the internal data of the packet in hexadecimal format.

These are the three areas where you need to look when monitoring packet captures. It is important to note that Wireshark uses color-coding to help the user distinguish between captured packet types. To find out what each color denotes which packet click on View > Coloring Rules. You can create new rules by pressing the + button or delete rules with the – button.

Using filters in Wireshark

When capturing data in Wireshark you will need to configure a capture filter to limit the information that you collect. To filter packets on Wireshark click the Filter box beneath the toolbar and enter TCP (or another protocol you want to filter for). The TCP search criteria will ensure that only packets using the TCP protocol are captured. You can also use the Bookmark icon on the left of the entry field to activate other popular filters.

In addition, you can apply filters to filter data that has already been recorded. These are called Display filters.

Three best router traffic monitoring tools and software

While Wireshark is a good tool it doesn’t offer the variety of features or refined user experience that many other proprietary tools do.

Let’s look at the top three alternative tools for monitoring network traffic:

Our methodology for selecting a network traffic monitor

We reviewed the market for network traffic monitoring systems and analyzed the options based on the following criteria:

  • The ability to communicate with switches and routers through protocols such as NetFlow
  • A traffic analysis module to identify bottlenecks
  • A facility to support traffic shaping measures, such as queueing
  • A visual map of the network
  • A system to test device statuses
  • A free trial period or money-back guarantee for assessment
  • A reasonable price that reflects a good deal given the number of utilities in the software package

1. SolarWinds NetFlow Traffic Analyzer (FREE TRIAL)

SolarWinds NetFlow Traffic Analyzer is infrastructure monitoring software that monitors router traffic for a variety of software vendors. The program offers bandwidth and network performance monitoring which can be managed via the performance analysis dashboard. The performance analysis dashboard enables the user to drag and drop performance metrics onto a timeline which shows the general network data trends on the network.

Why do we recommend it?

The SolarWinds NetFlow Traffic Analyzer is able to identify all traffic by source, destination, conversation, and protocol/port number. With these categorizations of traffic, an administrator is able to see where traffic congestion is occurring. Usually, the traffic analyzer queries switches. However, as it labels traffic by IP address, the throughput of the router is also tracked.

Key Features

  • Link load measurements
  • Traffic shaping options
  • Graphical data visualizations
  • Analytical tools
  • WAN management possible

SolarWinds NetFlow Traffic Analyzer uses NetFlow, J-Flow, sFlow, NetStream, IPFIX, and SNMP to monitor your network. For bandwidth usage, the platform can identify bandwidth-hogging applications or devices. All of this information can be viewed through the dashboard. You can view pie charts of Top 10 Applications and NetFlow Sources.

All businesses with a wired network would benefit from using the NetFlow Traffic Analyzer. However, very small businesses with few nodes would probably be better of with a less expensive package – there are even some free rivals on the market.

The software starts at a price of $1,072 (£809). There is also a 30-day free trial version you can download.

Pros:

  • Built for enterprises and large networks, NTA can support massive streams of data across multiple VLAN, subnets, and WANs
  • Intuitive reporting allows for both technical and business-oriented reports to be generated with ease
  • Uses drag and drop functionality to customize the look and feel of the product
  • Supports a wide range of protocols to discover devices and measure traffic patterns
  • Simple bandwidth controls and identity bandwidth hogs and restrict the traffic quickly

Cons:

  • This is a highly detailed enterprise tool, and not designed for home users or small LANs

2. Paessler PRTG Network Monitor

EDITOR’S CHOICE

If you’re looking for a detailed but accessible bandwidth monitoring experience, SolarWinds NetFlow Traffic Analyzer is a powerful tool that is second to none. We particularly like the ability to set alerts on a wide range of network conditions and the customizable network traffic reports.

Start 30-day Free Trial: solarwinds.com/netflow-traffic-analyzer

OS: Windows Server 2012 R2 or later, SQL Server 2012 or later, 64-bit recommended

Paessler PRTG Network Monitor is another network usage monitoring tool that can be used to monitor traffic. PRTG Network Monitor uses SNMP, NetFlow, sFlow, and jFlow to monitor network usage and performance. The tool enables the user to measure the bandwidth consumption of devices in the network to make sure no device is using too many resources.

Paessler PRTG Network Monitor is a strong rival to the entire Orion platform of SolarWinds products. Rather than offering individual module for sale separately, Paessler puts all of its monitoring tools into one bundle. The user buys an allowance of sensors and then decides which of them to turn on. There are many traffic monitoring sensors within the PRTG package.

  • Uses NetFlow, sFlow, J-Flow, and IPFIX
  • Live traffic data
  • Analytical tools
  • Protocol analysis

The SNMP Traffic Sensor comes preconfigured to show traffic data on Traffic in, Traffic out, and Traffic total. These can be expanded to include Errors in and out, Discards in and out, Unicast packets in and out, Non-unicast packets in and out, Multicast packets in and out, Broadcast packets in and out, and Unknown Protocols. You can select between Live Data or Historic Data over a time period of your choice.

Paessler PRTG is a very flexible package While the SolarWinds system is actually a bundle of monitors, such as a NetFlow monitor and a MOS tracker, the PRTG lets the user choose each element rather than an entire category of tools. Any business would benefit from the use of PRTG. Small businesses that only turn on 100 sensors get the package free forever.

Paid versions of PRTG Network Monitor start at $1,750 (£1,321) for 500 sensors and one server installation up to $15,500 (£11,701) for 10,000 sensors. There is a 30-day free trial version.

  • Utilizes SNMP, NetFlow, and offers a variety of other protocols to create the most accurate picture of network traffic

  • All sensors can be customized, even the preconfigured sensors

  • The dashboard is customizable through a series of widgets and feels intuitive out of the box

  • Supports a completely free version for up to 100 sensors, making this a good choice for both small and large networks

  • Pricing is based on sensor utilization, making this a flexible and scalable solution for larger networks as well as budget-conscious organizations

  • PRTG is a feature-rich platform that requires time to fully learn all of the features and option available

3. ManageEngine NetFlow Analyzer

ManageEngine NetFlow Analyzer is a bandwidth usage monitor that analyses network traffic in real-time. The software supports flow data in the form of NetFlow, sFlow, IPFIX, Netstream, jFlow, and AppFlow. All of this information can be viewed from the centralized overview which provides you with a complete view of network usage and performance. For instance, you can view pie charts on the top applications and top protocols within the network.

ManageEngine NetFlow Analyzer is a very similar product to the SolarWinds NetFlow Traffic Analyzer. In fact, the two are almost identical. ManageEngine has created a very pleasing design for its dashboard screens, crowding in a lot of information by mixing tables of data with charts and dials. This tool is able to sample traffic data and thus analyze router activity.

Key Features:

  • NetFlow, sFlow, IPFIX, Netstream, jFlow, and AppFlow
  • Traffic shaping tools
  • Alerts for performance issues

To monitor changes in your environment, ManageEngine NetFlow Analyzer has threshold-based alerting. You can configure your own threshold values to decide what activity will trigger an alert. For example, you can set a threshold for bandwidth utilization and stipulate the number of times that utilization can be exceeded before an alert is sent onward.

ManageEngine NetFlow Analyzer is competitively priced and it provides an attractive service that all types of companies with a network can use. Very small businesses that have only two network devices can use the package for free.

ManageEngine NetFlow Analyzer is available for Windows and Linux and is available in three editions: Free, Professional, and Enterprise. The Free package is limited to monitoring two network interfaces. The Professional edition is suitable for monitoring a single LAN and the Enterprise version will cover multiple sites.

  • Supports both real-time and historical traffic analysis, great for correlating network usage to specific events

  • Alerting is intuitive and can be configured to trigger based on condition or threshold

  • Available for both Windows and Linux

  • Integrates well into the ManageEngine ecosystem

  • ManageEngine was built for enterprise IT usage and is not ideal for non-technical users or home networks

  • Reporting features could be made easier to use

The Professional edition costs $595 (£477) with 10 licenses for interfaces and support for up to 50k flows. The Enterprise version costs $1,295 (£1,039) with licenses for 10 interfaces and support for up to 80k flows per collector.

There is also a 30-day free trial version you can download from this link here.

Monitoring router traffic with a network monitoring tool

Though there are countless ways to monitor router traffic we recommend that you download a network monitoring tool for the best results. Even the best routers can only show you so much information. Using a specialized network usage monitoring solution will provide you with much better visibility.

Tools like Wireshark, SolarWinds NetFlow Traffic Analyzer, PRTG Network Monitor, and ManageEngine NetFlow Analyzer are all ideal for monitoring network traffic in modern enterprises.

Related post: The Best NetFlow Analyzers & Collectors

  • Keep router firmware up-to-date
  • Refer to a wireless heatmap to ensure complete signal coverage on the premises
  • Add repeaters or extra APs in areas that have no signal
  • Inform mobile users of areas of the premises where there is no wifi service
  • Ensure wireless routers have sufficient capacity to meet demand