How to monitor your internet activity on your home network

Blog

Get an understanding of your networks issues

By Nicholas Congleton Nicholas Congleton Twitter Writer William Patterson University Nick Congleton has been a tech writer and blogger since 2015. His work has appeared in PCMech, Make Tech Easier, Infosec Institute, and others. lifewire’s editorial guidelines Updated on December 3, 2021

  • Tweet
  • Share
  • Email

Video

3. Integrate Security Into Your Continuous Deployment Process

If you’ve been following our blog for awhile, you’ve likely heard us talk about how to integrate security into DevOps. That’s because, with the speed that companies are building and deploying apps today, security needs to be baked into continuous integration (CI) and continuous deployment (CD) processes so that vulnerabilities are caught before they go into production. This practice supports the inside-out security strategy we advocate above by embedding security into development activities from day one.

In practice, this means leveraging configuration management tools like Chef, Puppet, Ansible, or SaltStack that automate software updates and patches for you, ensuring that nothing is pushed to production without a full security check-up.

As we explained in a recent post, integrating security operations into your existing DevOps workflows means both applying DevOps principles to security and incorporating security into the DevOps process. It has to go both ways in order to be truly effective. Embedding a DevSecOps mindset begins as a cultural shift, and is enabled by communication (people) and automation (machines) such as running vulnerability scans on every build.

# Inspect a resource’s details

Click a resource to learn more information about it. Try it now:

  1. Click getstarted.html. The Headers tab is shown. Use this tab to inspect HTTP headers.

    Figure 14. The Headers tab

    Figure 14. The Headers tab

  2. Click the Preview tab. A basic rendering of the HTML is shown.

    Figure 15. The Preview tab

    Figure 15. The Preview tab

    This tab is helpful when an API returns an error code in HTML and it’s easier to read the rendered HTML than the HTML source code, or when inspecting images.

  3. Click the Response tab. The HTML source code is shown.

    Figure 16. The Response tab

    Figure 16. The Response tab

    Tip When a file is minified, clicking the Format button at the bottom of the Response tab re-formats the file’s contents for readability.

  4. Click the Timing tab. A breakdown of the network activity for this resource is shown.

    Figure 17. The Timing tab

    Figure 17. The Timing tab

  5. Click Close to view the Network Log again.

    Figure 18. The Close button

    Figure 18. The Close button

Nethogs Displays the network bandwidth usage per process

Nethogs is a small ‘net top’ command-line utility that displays the network bandwidth used per process. The intensive processes use the most bandwidth put at the top of the list. This nethogs tool displays the complete report of PID, user, and program path.  To install nethogs utility on Ubuntu / Debian distributions, run the command:

# Open the Network panel

To get the most out of this tutorial, open up the demo and try out the features on the demo page.

  1. Open the Get Started Demo.

    Figure 1. The demo

    Figure 1. The demo

    You might prefer to move the demo to a separate window.

    Figure 2. The demo in one window and this tutorial

    Figure 2. The demo in one window and this tutorial in a different window

  2. Open DevTools by pressing Control+Shift+J or Command+Option+J (Mac). The Console panel opens.

    Figure 3. The Console

    Figure 3. The Console

    You might prefer to dock DevTools to the bottom of your window.

    Figure 4. DevTools docked to the bottom of the win

    Figure 4. DevTools docked to the bottom of the window

  3. Click the Network tab. The Network panel opens.

    Figure 5. DevTools docked to the bottom of the win

    Figure 5. DevTools docked to the bottom of the window

Right now the Network panel is empty. That’s because DevTools only logs network activity while it’s open and no network activity has occurred since you opened DevTools.

Paid or Free Tool?

In my view, if you’re looking for the best LAN monitor on the market, it isn’t going to be free. With the functionalities some of these paid tools offer, they’re more than worth investing in. Don’t make the mistake of assuming free means better.

Back to top

Trafshow Display information about active connections, transfer speed, and protocol of each connection

Trafshow common line tool behaves like the pkstat and netwatch commands. It shows the output in form of a report about all currently active connections, data transfer speed, and protocol of each connection. Using the trafshow utility, you can only monitor the TCP connection within the whole network. Trafshow can filter out connections using a pcap type library. This tool is a part of netdiag.

Install trafshow on Ubuntu / Debian distributions using the command:

Host Lines

By default, each connected host occupies two lines. The top line shows sending traffic to the host, and the bottom line with <= shows downloading traffic from the host.

Two lines per host. => represents uploading to

Two lines per host. => represents uploading to host, and <= represents downloading from host.

A white bar will occupy and appear to highlight a host line in order to provide a visual bar graph that shows network speed when uploading or downloading. In the screenshot above, we see a Linux Mint ISO downloading from the University of Kent in the United Kingdom. Look at all of the Google connections. Firefox was the only browser open and with one tab open at linuxmint.com. This was before the reporting and forging “privacy” settings were disabled in Firefox. The 74.125.137.190 IP address is Google’s home page, which was surprising because I never opened Google directly.

Help

Pressing ‘h’ or ‘?’ (Shift + /) shows the help screen that lists common keyboard commands that affect the display.

iftop help. Press h or ? to access.

iftop help. Press h or ? to access.

If there are too many connections, keys j and k will scroll through the list. Pressing P (Shift + p) will pause the display, and t will toggle through four different display modes: two lines per host, one line per host, received traffic only, and sent traffic only.

iftop showing downloads only. The highlighted port

iftop showing downloads only. The highlighted portion represents the download speed, which shows about 1.8 Mb/s, which is approximately 180 KB/s after accounting for slight overhead. Yes, all of the connections are brief connections to Google.

iftop showing all uploads. Not much was uploading

iftop showing all uploads. Not much was uploading at the time, so little activity appears.

iftop offers filtering. Here, we see iftop filtere

iftop offers filtering. Here, we see iftop filtered to a specific host–the one that matters in this case–and all other hosts are not displayed. The Google connections to are still being made, but they do not appear. This reduces clutter and makes it easier to focus on relevant connections. Partial filtering is also possible, such as displaying all hosts that contain .org, for example. Use the Screen filter l (lowercase L) to achieve this.

Wireshark

Wireshark is an open-source tool for packet filtering. If you don’t know what packet filtering is, it’s a much lower level network management task, so Wireshark can be considered overkill for simply viewing traffic on your network. That said, it can absolutely get the job done. Plus, it’s free and available for Windows, Mac, and Linux.

  1. Open your browser and head to the Wireshark download page, and grab the latest installer for your operating system.

    If you’re on Linux, Wireshark is probably in your distribution’s repositories. Ubuntu and Debian users should install Wireshark with:

  2. Run the Wireshark installer. Everything should be straightforward, and the default options will work in almost every case.

  3. Open up Wireshark

  4. If Wireshark looks confusing at first, don’t worry. You don’t need to know much about it for the basics. Select Edit and Preferences in the top menu to set one option that you’ll need.

  5. A new window will open up. Locate Capture in the left side list and select it.

  6. The body of the window will shift to display the capture options. Make sure that Capture packets in promiscuous mode is checked. Press Ok when it is.

    Using Wireshark in promiscuous mode on a network that you don’t own is not legal. Be sure to only do this on your own network.

  7. Back on the main Wireshark window, there are two icons that you’ll need in the main menu. The blue Shark Fin icon starts the Wireshark capture process that records network activity. The red Square stops the capture. You’ll be able to review and even save the data after the capture. Press the Fin to start.

  8. Let the capture run for a bit. If there’s something that you’ve been having a problem with on your network, try to recreate those circumstances. With any luck, Wireshark will capture the moment the problem occurs, and you’ll be able to take a look at what happened.

  9. After you’re satisfied with the amount of info you collected, press the red Square to stop the capture.

  10. Take a look at the results. In the top section of the window, you’ll see the different packets collected by Wireshark. Each one will have an IP address that sent the packet and one that received it. You’ll also see the network protocol of each. When you select one, you’ll be able to sift through the packet data in the box below. The lowest option on the list generally contains the most “human readable” portion of information. If the packet was encrypted, though, you won’t see much.

  11. Keep looking through. Try to use the timestamps to locate the exact moment that your problem occurred. Hopefully, there will be relevant information available. If you want to know more about Wireshark, check out the complete Wireshark tutorial.

Notification Profiles for instant alerts on network faults

OpManager’s report scheduler lets admins compare devices based on any parameter, and export a copy as a shareable document. Moreover, by setting up custom SNMP MIB variables, OpManager enables performance monitoring to be truly vendor independent. OpManager sends alerts via email or SMS; by running a system command or program; by logging a ticket; by raising a web alarm, SysLog, or Trap; by sending Slack notifications; and more. But so many alerts and notifications can sometimes be unnecessary, which is why OpManager classifies them by severity to help IT admins know when and on which alarm they need to take action, priority-wise.

Attention: Low severity Trouble: Medium severity Critical: High severity Service down: Non-responsive device Rearm: To reset the alerting condition after it has been triggered

Monitoring Network Activity with System Monitor

Monitoring Network Activity with System Monitor

You can use System Monitor to monitor, collect and measure real-time performance data of the local computer or of a remote computer. You can monitor real-time activity by viewing current data, or you can monitor data from a log file.

System Monitor enables you to perform the following tasks to monitor network activity.

  • You can collect real-time performance data on different elements of system performance.

  • You can collect data from the local computer or from a remote network computer.

  • You can collect data from one computer or from multiple computers at the same time.

  • You can define which data should be collected by specifying certain objects and counters.

  • You can create specific monitoring configurations for monitoring data which you can export to, and use on other computers.

  • You can view real-time data, or you can view log files. You create log files by saving the collected data to file.

  • You can view and analyze collected data in a number of formats:

    • Graph view

    • Histogram view

    • Report view

  • You can also create HTML pages to view data

How System Monitor works System Monitor uses objects, counters and instances to monitor the system. An object is a collection of counters which are associated with a system resource or service. As the object executes a function, its associated counters are updated. A counter represents data for a particular component of the system or service. Each object has a set of counters. An instance refers to the incident of multiple performance objects of the identical type on a computer. An object can have one or multiple instances.

The objects most commonly used for monitoring network activity are listed below:

  • Browser object, monitors the Browser service for the domain or the workgroup

  • Cache object, monitors disk cache usage

  • Memory object, monitors physical and virtual memory performance

  • Objects object, monitors the events, processes and threads on the computer as data is collected.

  • Paging File object, monitors page file usage

  • Physical Disk object, monitors the hard disks

  • Process object, monitors the processes running on the computer

  • Processor object, monitors the processors on the system.

  • Server object, monitors items such as bytes, sessions, pool paged usage, and pool non-paged usage.

  • System object, monitors counters associated with system hardware and software

  • Thread object. monitors threads running in the system

You have to be a member of one of the groups listed below to use System Monitor:

  • Administrators group

  • Server Operators group

  • Performance Log Users group

  • Performance Monitor Users group

The Network Interface performance object which you can use to monitor data sent to and from a computer, is automatically added in System Monitor when the TCP/IP protocol is installed. The counters which can be used to isolate network card problems/issues are listed below:

  • Packet Outbound Errors: Shows the number of outbound packets which could not be sent because of errors.

  • Packet Received Errors: Shows the number of received packets which could not be forwarded because they had errors.

  • Packets Outbound Discarded: Shows the number of packets that had no errors, which were discarded.

  • Packets Received Discarded: Shows the number of received packets that had no errors, which were discarded.

How to start System Monitor

  1. Click Start, click Administrative Tools, and then click System Monitor.

  2. If this is the first time that you are accessing System Monitor, you will notice that there are default counters which are tracked:

    • Memory – Pages/Sec

    • PhysicalDisk – Avg. Disk Queue Length

    • Processor – % Processor Time

How to add counters to System Monitor

  1. Open System Monitor.

  2. Click the Add button located on the toolbar.

  3. When the Add Counters dialog box opens, choose one of the following options:

    • To monitor the local computer, click the Local Computer Counters option.

    • To monitor the remote computer, click Select Counters From Computer, and select the computer which you want to utilize.

  4. Choose the performance object from the available list.

  5. To monitor each counter associated with the object which you have selected, click the All Counters option. To monitor only certain counters, click the Select Counters From List option, and select the counters from the available list box.

  6. To track all associated instances, click the All Instances option. To track only certain instances, click the Select Instances From List option, and then choose the instances from the available list box.

  7. Click Add.

Tags