good network monitor software for the rasberry pi

[xdeathshot20]

So i have 2 spare raspberry pi's lying around.  I believe that they are the 3 b+.  One of them i am going to use as a network firewall.  I wanna use the other one as a network monitor.  I wanna be able to monitor all the traffic going in and out of my network, see what devices are connected (like to see the amount of bandwidth that each device is taking but not necessary).  I see that there are plenty of ways to do this but i wana know which one is the best.  As long as there is a tutorial on how to do it im good to go.  

[Electronics Wizardy]

For the router, Id stay away from the pi, and get something with multiple network ports. Pi only use usb nics, and those just aren't great. Pis just aren't great for network infracture. Id really try to get a cheap desktop with 2+ nics, then run pfsense or untange, or opnsense, or another ngfw on it. That way you get the monitoring and router you want in one package.

 

For network monitoring, how do you want to monitor. You can do a pi hole with dns, you can get a router that supports netflow, and monitor that on the pi, you can have a mirror(but probably don't do that if you see much traffic)

 

 

[xdeathshot20]

well for the firewall i was gonna use archlinux following this article.  https://www.instructables.com/id/Raspberry-Pi-Firewall-and-Intrusion-Detection-Syst/.

 

i used to use pihole but couldnt get it to function properly on my entire network.  Maybe ill try it again and see if i can get it work

[Electronics Wizardy]

1 minute ago, xdeathshot20 said:

well for the firewall i was gonna use archlinux following this article.  https://www.instructables.com/id/Raspberry-Pi-Firewall-and-Intrusion-Detection-Syst/.

 

i used to use pihole but couldnt get it to function properly on my entire network.  Maybe ill try it again and see if i can get it work

Id really stay away from using the pi as a router its just not a good platform for a router, there are much better options for a simmilar price and performance.

 

What do you want this router to do? Do you need multiple subnets? IPS/IDS? Advanced things on the firewall?

 

Whats your current network layout?

[xdeathshot20]

1 minute ago, Electronics Wizardy said:

Id really stay away from using the pi as a router its just not a good platform for a router, there are much better options for a simmilar price and performance.

 

What do you want this router to do? Do you need multiple subnets? IPS/IDS? Advanced things on the firewall?

 

Whats your current network layout?

i dont plan on using it as a router as i already have my linksys velop mesh system taking care of that.  I basically want the firewall to protect all my iot devices from all sorts of things.  I know the odds of something like that happening arent very common but im bored from this quarantine and wana experiment with some things.  As for network layout, one node is plugged into my modem and into a 8 port tp-link gigabit network switch.  The other node is upstairs in my room also plugged into another one of the same switch and that gives me hard wired internet to my consoles and pc.

[Electronics Wizardy]

Just now, xdeathshot20 said:

i dont plan on using it as a router as i already have my linksys velop mesh system taking care of that.  I basically want the firewall to protect all my iot devices from all sorts of things.  I know the odds of something like that happening arent very common but im bored from this quarantine and wana experiment with some things.  As for network layout, one node is plugged into my modem and into a 8 port tp-link gigabit network switch.  The other node is upstairs in my room also plugged into another one of the same switch and that gives me hard wired internet to my consoles and pc.

so do you have a seprate subnet for iot stuff?

 

your router normally has a firewall built in, and with nat, its normallly deny unless there is a rule. Have you tried using the included firewall?

 

THe Iot devices normally talk over some encrypted channel to their home, so you can't really see whats going on there.

 

If you really want to control your network more, Id get a system with pfsense or anouther ngfw, much better, esp for begginers that this guide using iptables on linux.

 

Also that guide is for a router, it has a firewall aswell, but it running nat, and working as a router.

 

 

[xdeathshot20]

9 minutes ago, Electronics Wizardy said:

so do you have a seprate subnet for iot stuff?

 

your router normally has a firewall built in, and with nat, its normallly deny unless there is a rule. Have you tried using the included firewall?

 

THe Iot devices normally talk over some encrypted channel to their home, so you can't really see whats going on there.

 

If you really want to control your network more, Id get a system with pfsense or anouther ngfw, much better, esp for begginers that this guide using iptables on linux.

 

Also that guide is for a router, it has a firewall aswell, but it running nat, and working as a router.

 

 

i personally am not sure for the seperate subnet.  I will def give pihole another try and see if i can get it work this time.  i appreciate all the info.

[LAwLz]

48 minutes ago, xdeathshot20 said:

One of them i am going to use as a network firewall.

Not a good idea.

Firstly you're going to be limited by the 100Mbps Ethernet port, and on top of that you will be limited by the Pi's processor. Not sure how much traffic it will handle, but expect to be throttled down to like 8 megabytes per second.

 

 

For network monitoring, it depends on the firewall you'll use.

What you need is for the firewall to send data to the logging server. What I did recently was to install Elasticsearch (database), Logstash (data collection engine) and Kibana (Web interface) on a server then configured the firewall to send all logs to that server. Depending on what logging settings you got configured on the firewall, you will be able to collect a ton of info about what is happening on your network with that. I struggled a bit to get the logging server working, but you can ask me questions about it if you wanna try it out.

You can find some online demos on it at their website:

https://www.elastic.co/demos