NetFort Advertising

Network monitoring options for a home lab

network switch

We have had a number of queries recently from people who want to setup network monitoring tools on their home lab networks. In most cases people want to track Internet activity or find out what users are doing on their networks so tools that use SNMP as a data source are usually not an option. The other barrier here is costs, most want a free or very cheap solution. So, what are the options? Based on my own experiences you can get a really good monitoring system in place by implementing one or more of the following:

  • Better firewall
  • Managed switch
  • TAP
  • Monitor virtual switches
  • Client software

Upgrade or add a new firewall

Companies like Untangle provide free versions of their software. Typically this is installed on a dedicated server\PC with two network cards. One network card is connected to your Internet connection (ISP router) and the other goes to your LAN. Firewalls like Untangle will include some reporting options so you will see what is happening on your Internet connection.

Pros – Reporting with blocking capabilities.
Cons – You will need a dedicated appliance which will need to be left powered on so be sure to pick a low power one. More advanced options may be chargeable.

Managed Switch

Gigabit Ethernet switches prices have dropped a lot in recent years and there is also huge choice in the second-hand market. Look out for models with SPAN or port mirroring options which will allow you to get a copy of network packets as they pass through the switch. Once you have a SPAN or mirror port setup you can then connect up your favourite packet analysis software.

Pros – Not inline. Get visibility of what is happening on your Internet connection and what is happening on your LAN. You have the flexibility to connect any traffic analyzer to the SPAN|mirror port.
Cons – Managed switches will not include decent traffic analysis options. You need to do this with another tool. Not all packets (error packets) are copied to the SPAN\mirror port.

TAP (Test Access Point)

A TAP is a device which that mirrors the traffic that passes between two network nodes. It is similar to a SPAN or mirror port but will not require the replacement of any switches. In recent years prices have dropped significantly and you can now get a USB powered TAP for less than $150 or a 100Mbs one for $10 . Companies like Garland Technology have more advanced units if you require more features.

Pros – Not inline so wont impact on your network. You get a mirror image of all packets on the network segment that you are monitoring.
Cons – The basic models will only allow you to monitor a single switch port.

Monitoring options on virtual switches.

Many home labs now include a hypervisor of some description. One of the most popular platforms, VMWARE, provide free license options but most other platforms will have license options for home labs. If you do have something like this in place you can enable promiscuous mode which allows you so see what traffic is moving around the virtual switches. The trick is to use VLAN ID 4095, all packets from all the port groups are forwarded to this VLAN.

Once you have the VLAN configured you just need to deploy a network analysis tool as a virtual machine and you then get visibility as to what is happening on your virtual switches. With a bit of cabling you can also link your virtual environment up with your physical network. More info in the video below.

Pros – Everything virtual, no hardware required.
Cons – You will need some sort of hypervisor. Unless you link up to your physical switches you may only see what is happening on the virtual switches.

Client software

Some home labs may only contain one or two systems so one option to consider is to install client software on each system. There are many free options. Wireshark is the most popular but tools like Glasswire can make it easier to understand what is happening.

Pros – Easy to use tools in some cases.
Cons – You will need a client on every system, this may not be possible for wireless devices. Difficult to get 24/7 monitoring in place without leaving all devices switched on.

Finally, contact the vendor if you come across a tool which is perfect for your requirements but the pricing is more geared towards large organizations. They may have options for home labs in return for some feedback or if you blog about your experiences with their products. It may be a long shot but no harm in trying.

If you need more infomation on network monitoring tools, click on the contact button at the top of this page, our support team is standing by to answer your questions.

Darragh Delaney
Follow me on Twitter @darraghdelaney

December 12th 2014