geffers
Posts: 466
Joined: Sun Jun 24, 2012 6:25 am
Location: UK
Contact: Website

LAN Network Traffic

Sun Jan 22, 2017 10:16 pm

Folks,

I have a R-Pi on my network, I have an ntop server running that I am able to monitor traffic through the Pi.

Is there a way I can monitor traffic on the actual network rather than just the Pi?

Geffers

mfa298
Posts: 1386
Joined: Tue Apr 22, 2014 11:18 am

Re: LAN Network Traffic

Mon Jan 23, 2017 8:10 am

ntop needs to see the traffic to be able to do something with it. This means you need to do one of two things.

Pass all traffic through the Pi. This makes the Pi a SPOF for your network and is likely to also limit the network throughput.

Setup a SPAN port on the network hardware that mirrors all traffic to the Pi. This requires a suitable managed switch and unless your traffic levels are low won't see all the traffic due to the limited speed of the 10/100 interface on the Pi.

In addition, unless this is on a home network and all the users are aware, you potentially end up in a legal minefield of what's allowed and not allowed (i.e. don't do this on a company network until you've read the employee agreements in detail and talked to the legal department).

tl;dr. If you're asking the question then you probably can't do it.

User avatar
RaTTuS
Posts: 10702
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK
Contact: Twitter YouTube

Re: LAN Network Traffic

Mon Jan 23, 2017 8:25 am

ntop will work fine on the rpi as long as the switch you have it plugged into does not filter all the data
however at 100mbps you will find that not all packets will be grabbed [try a usb-3 gig adapter; you may have more goodness]
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

tekim
Posts: 13
Joined: Fri Sep 28, 2012 7:14 pm
Location: U.K.

Re: LAN Network Traffic

Mon Jan 23, 2017 5:05 pm

Greetings,

I think you would need an old ethernet hub not a switch. The whole point of a switch is that all traffic is not available at all connections, only at the interface with the destination mac address. A hub allows all traffic on all sockets and as such forms a single collision domain and is automatically limiting the throughput.

As always I could be totally wrong.

Cheers,

tekim
Posts: 13
Joined: Fri Sep 28, 2012 7:14 pm
Location: U.K.

Re: LAN Network Traffic

Thu Sep 07, 2017 7:57 pm

Greetings,

A solution used in another post uses a RasPi as a router and logs the traffic. I have not tried this here is the url

http://blog.ronenb.com/2016/08/20/netwo ... /#more-146

Cheers,

Return to “General discussion”